| 主权项 |
1. A system comprising:
a plurality of network devices, including a management device, a managed firewall device and a locator server with which the management device registers and updates its current IP address; wherein the management device is manufactured by a particular manufacturer, wherein the management device is programmed to remotely monitor or manage, via a network-enabled management interface, one or more network devices within a private Internet Protocol (IP) network that are manufactured by the particular manufacturer; wherein, during a manufacturing or distribution process of each of the plurality of network devices, a digital certificate/private key pair and a unique identifier of the network device are stored therein, wherein the unique identifier is authenticated by the digital certificate which is signed by the particular manufacturer, thereby providing a Public Key Infrastructure (PKI)-authenticated unique identifier within each of the plurality of network devices; wherein, prior to installation within the private IP network, the managed firewall device is configured to trust the management device by storing the unique identifier of the management device within the managed firewall device; wherein, responsive to being installed within the private IP network, the managed firewall device initiates establishment of an encrypted management tunnel with the management device by retrieving the current IP address of the management device from the location server and sending a message to the management device; wherein, prior to allowing the management device to use the encrypted management tunnel to perform management functionality in relation to the managed firewall device, credentials of the management device are verified by the managed firewall device by comparing the PKI-authenticated unique identifier of the management device to the unique identifier of the management device to the unique identifier of the management device stored within the managed firewall device. |
