US 12,015,591 B2
Reuse of groups in security policy
Kavya Kambi Ravi, Santa Clara, CA (US); Radha Popuri, Santa Clara, CA (US); Sunitha Krishna, Palo Alto, CA (US); Margaret Petrus, San Jose, CA (US); and Yiwei Zhang, San Jose, CA (US)
Assigned to VMware LLC, Palo Alto, CA (US)
Filed by VMware LLC, Palo Alto, CA (US)
Filed on Dec. 6, 2021, as Appl. No. 17/543,254.
Prior Publication US 2023/0179571 A1, Jun. 8, 2023
Int. Cl. H04L 9/40 (2022.01)
CPC H04L 63/0263 (2013.01) [H04L 63/20 (2013.01)] 18 Claims
OG exemplary drawing
 
1. A method for modifying a firewall rule of a security policy implemented in a network, the method comprising:
identifying a set of compute machines to be added to a match condition for the firewall rule, wherein the match condition is expressed using one or more groups of compute machines;
selecting a set of groups for the identified set of compute machines from a plurality of existing groups of compute machines based on a user-specified threshold indicating tolerance for inclusion of compute machines that are not in the identified set of compute machines in the selected groups; and
using the selected set of groups for the match condition of the firewall rule;
wherein the user-specified threshold balances use of existing groups against inclusion in the match condition of compute machines that are not in the identified set of compute machines.