CPC H04L 63/0263 (2013.01) [H04L 63/0218 (2013.01); H04L 63/0236 (2013.01); H04L 63/20 (2013.01)] | 20 Claims |
1. A method comprising:
at one or more computing devices, implementing, for a given zone, an application and a firewall engine in an observation mode by:
implementing predefined firewall rules that define one or more of allowed network traffic and denied network traffic for the application;
maintaining a log of network traffic events that meet or do not meet the predefined firewall rules, the log including source network identifiers and destination network identifiers for the network traffic events;
grouping the network traffic events into groups based on the source network identifiers and the destination network identifiers;
generating new firewall rules based on the groups; and
accepting or denying respective new firewall rules; and,
after the observation mode is implemented, switching, at the one or more computing devices, the application and the firewall engine to a maintain mode by:
stopping implementing the predefined firewall rules; and
implementing accepted new firewall rules for the application.
|