CPC H04L 63/0263 (2013.01) [H04L 12/4641 (2013.01); H04L 45/02 (2013.01); H04L 45/745 (2013.01); H04L 63/0218 (2013.01); H04L 63/0236 (2013.01); H04L 63/0272 (2013.01); H04L 63/20 (2013.01)] | 20 Claims |
1. A computer-implemented method comprising:
receiving zone definition information mapping the plurality of network segments into one or more zones, and one or more zone-based firewall (ZFW) policies to apply to traffic between a source zone and a destination zone specified by each ZFW policy;
evaluating a first ZFW policy to determine one or more first edge network devices that can reach one or more first network segments mapped to a first source zone specified by the first ZFW policy, one or more second edge network devices that can reach one or more second network segments mapped to a first destination zone specified by the first ZFW policy, and first routing information between the one or more first network segments, the one or more first edge network devices, the one or more second edge network devices, and the one or more second network segments; and
transmitting the first routing information to the one or more first edge network devices and the one or more second edge network devices.
|