| CPC H04L 63/20 (2013.01) [H04L 41/0894 (2022.05); H04L 41/12 (2013.01); H04L 61/256 (2013.01); H04L 63/0209 (2013.01); H04L 63/0263 (2013.01)] | 20 Claims |
|
1. A computer-implemented method for configuring a network security device, the method comprising:
receiving, by a network security system, a connectivity policy for a network environment including a plurality of network addresses, the connectivity policy corresponding to a first network address and a second network address within a network environment;
generating a universal representation of the connectivity policy using a network topology mapping of the network environment, the network topology mapping including a set of possible zone paths for the network environment that connect the first network address and the second network address, wherein the set of possible zone paths includes:
an active zone path allowing communication between the first network address and the second network address; and
an alternate zone path allowing communication between the first network address and the second network address responsive to the active zone path becoming unavailable;
identifying, using the network topology mapping, a security device in the network environment on a network zone path between the first network address and the second network address, the security device configured to implement connectivity policies using a native syntax;
generating, based on the universal representation, a native representation of the connectivity policy in the native syntax; and
configuring the security device to allow communication between the first network address and the second network address using the generated native representation.
|