| 发明名称 | Method and apparatus for distributing firewall rules | ||
| 摘要 | Some embodiments of the invention provide a novel method for specifying firewall rules. In some embodiments, the method provides the ability to specify for a particular firewall rule, a set of network nodes (also called a set of enforcement points below) at which the particular firewall should be enforced. To provide this ability, the method of some embodiments adds an extra tuple (referred to below as the AppliedTo tuple) to a firewall rule. This added AppliedTo tuple lists the set of enforcement points at which the firewall rule has to be applied (i.e., enforced). | ||
| 申请公布号 | US9215213(B2) | 申请公布日期 | 2015.12.15 |
| 申请号 | US201414231683 | 申请日期 | 2014.03.31 |
| 申请人 | NICIRA, INC. | 发明人 | Bansal Kaushal;Masurekar Uday;Srinivasan Aravind;Shah Shadab;Maskalik Serge |
| 分类号 | H04L12/24;H04L29/06;G06F21/85 | 主分类号 | H04L12/24 |
| 代理机构 | Adeli LLP | 代理人 | Adeli LLP |
| 主权项 | 1. A method of distributing firewall rules, the method comprising: specifying a firewall rule and an enforcement node identifier that identifies a set of enforcement nodes at which the firewall rule should be enforced by a set of enforcement devices; distributing the specified firewall rule to each enforcing device in the set of enforcement devices, wherein at least a first enforcement device in the set enforces the firewall rule for at least a group of two enforcement nodes; modifying the set of enforcement devices by adding a particular enforcement node to the group of enforcement nodes; and in response to the modification, communicating with the first enforcement device to add the particular enforcement node to the group of enforcement nodes. | ||
| 地址 | Palo Alto CA US | ||