摘要 |
Implementations of the present disclosure involve a system and/or method for modeling a firewall function and operation such that software based analysis and other formal analysis methods may be used with the model. In one embodiment, the system and/or method includes modeling the function of a firewall as a set of links, ingress/egress interfaces, interface switches and behaviors chained together into a spanning graph. The spanning graph may then be used in conjunction with data structures, such as a Firewall Policy Diagram, to illustrate pathways through a network for a communication packet. This system and/or method allows for the understanding of a firewall policy such that the policy can be replicated among various firewalls in the network at issue. |
主权项 |
1. A method for modeling behavior of a networking device, the method comprising:
obtaining a plurality of behavior rules, the plurality of behavior rules defining the processing of a communication packet by the networking device, the communication packet comprising at least one predicate value; collecting the plurality of behavior rules into at least one behavior group; creating, utilizing a processing device, a spanning graph of a policy of the networking device comprising representations of one or more ingress ports to the networking device, representations of one or more egress ports from the networking device, and representations of the at least one behavior group, the spanning graph configured to display a communication pathway comprising at least one of the one or more ingress ports, the at least one behavior group, and at least one egress port of the networking device; and providing the spanning graph to a user of the networking device. |