CLOUD-BASED SECURITY POLICY CONFIGURATION

摘要

Systems and methods for configuring security policies based on security parameters stored in a public or private cloud infrastructure are provided. According to one embodiment, security parameters associated with a first network appliance of an enterprise, physically located at a first site, are shared by the first network appliance with multiple network appliances of the enterprise by logging into an shared enterprise cloud account. The shared parameters are retrieved by a second network appliance of the enterprise, physically located at a second site, by logging into the shared enterprise cloud account. A VPN client configuration is automatically created by the second network appliance that controls a VPN connection between the first and second network appliances based on the shared parameters. The VPN connection is dynamically established based on the shared parameters when the VPN client configuration permits network traffic to be exchanged between the first and second network appliances.

主权项

1. A method comprising:
sharing, by a first network appliance of an enterprise, a plurality of security parameters associated with the first network appliance with a plurality of network appliances of the enterprise by logging into an shared enterprise cloud account, wherein the first network appliance is physically located at a first site of the enterprise; retrieving, by a second network appliance of the plurality of network appliances, the plurality of shared security parameters by logging into the shared enterprise cloud account, wherein the second network appliance is physically located at a second site of the enterprise; automatically creating, by the second network appliance, a Virtual Private Network (VPN) client configuration that controls a VPN connection between the first network appliance and the second network appliance based at least in part on the plurality of shared security parameters; and when the VPN client configuration permits network traffic to be exchanged between the first network appliance and the second network appliance, dynamically establishing the VPN connection between the first network appliance and the second network appliance based at least in part on the plurality of shared security parameters.