 Electric motor including unitary brush card bushing holder |
| Referring now to FIGS. 2-7, there is depicted a motor 10 which is ideally suited for driving a fan ... |
|
| Electric motor brush assembly |
| In accordance with one aspect of the present invention, an electric motor brush assembly is ... |
|
| Methods and apparatus for managing multiple user systems |
| The techniques of the present invention relate to allocating resources and managing multiple ... |
|
| Image search apparatus and method |
| The present invention has been made in consideration of the above problems, and has as its object ... |
|
| Multi-tier debugging |
| To overcome the limitations in the prior art described above, and to overcome other limitations ... |
|
| Multiple user software debugging system |
| Multiple User Computing Environment--FIG. 1 FIG. 1 illustrates a block diagram example of a ... |
|
| Management of network distributed agents in a distributed computing environment |
| OF THE PREFERRED EMBODIMENT OF THE PRESENT INVENTION Reference now being made to FIG. 1, a ... |
|
| Methods, systems and computer program products for remote control of a processing system |
| It is, therefore, one object of the present invention to provide a computer system that can control ... |
|
| Processes and apparatuses for managing network devices |
| Accordingly, it is an object of the present invention to obviate the above-described problems and ... |
|
| Data storage with host-initiated synchronization and fail-over of remote mirror |
| The present invention enables efficient remote data mirroring and "fail-over" capabilities in a ... |
|
|
Generalized network security policy templates for implementing similar network security policies across multiple networks
| Details |
Inventors: Bonn, David Wayne; Marvais, Nick Takaski;
Assignee: WatchGuard Technologies, Inc. (Seattle, WA)
Primary Examiner: Hua; Ly V.
Assistant Examiner:
Attorney, Agent or Firm: Perkins Coie LLP
The present invention is directed to a facility for adapting a network security policy model for use in a particular network. The facility retrieves the network security policy model, which comprises network security rules each specified with respect to one or more aliases. Each alias represents a role in a network for one or more network elements. The facility receives, for each alias included in the network security policy model, a list of one or more network elements in the network serving the role represented by the alias. The facility replaces each alias in the network security policy model with the received list of network security devices specified for the alias to produce a network security policy adapted for use in a network. |
|
DETAILED DESCRIPTION The present invention provides a software facility for implementing similar network security policies across multiple networks ("the facility").
Each network is a collection of network elements, including a network security device that protects the network by implementing a network security policy (hereinafter simply "policy") within the network.
While Firebox II network security devices provided by WatchGuard Technologies, Inc.
, of Seattle, Wash.
are suggested for use with the facility, the facility preferably also operates with other network security devices available from other sources.
The policy implemented in a particular network comprises a set of rules for managing network traffic.
These rules are specified in terms of specific network elements, such as user workstations, servers, routers, and printers, that perform certain functions, or "roles.
" For example, a rule in a network security policy for a particular network may specify that all email traffic must flow through a network element having a particular network address that is specifically configured as a mail host.
In a sense, these rules establish trust relationships between specific network elements, or groups thereof.
The facility preferably provides a user interface for constructing one or 25 more network security policy templates (hereinafter simply "templates") that can each be used to generate similar policies for any number of specific networks.
A template contains rules expressed in terms of "aliases," rather than in terms of specific network elements.
For example, a template may include a rule specifying that all email traffic must flow through a "MailHost" alias that is not associated with a particular network address.
To generate a policy for a particular network from a template, the facility uses a profile of the network that maps the aliases occurring in the template to specific network elements within the network.
For example, the network profile for a particular network maps the "MailHost" alias to a particular network element of the network having a particular network address
|
|
File Sharing 
