Method of configuring of firewall in TCP/IP Internet system, having access control policy agents so as to control an interior domain from an exterior domain, using an access control rule between origin and destination resources.

摘要

The method regroups the system objects by protection domain (5,6). Each firewall (1) assures the protection of an interior domain (5) with respect to an exterior domain (6).A access control rule is applied to the particular fire wall so as to control access between an origin resource (4) and destination resource uniquely if both resources belong to the same domain (5,6). Network or sub-networks for firewalls (10) to which the zones (8) are connected are associated with an interior or exterior domain. Network (10) interface inputs and outputs are determined for the traffic during processing and the attachment of the network interfaces to an interior or exterior domain is determined. A unique rule is applied if the two interfaces are attached to the same interior domain (5) which corresponds to the resources belonging to the same protection domain. The method comprises a group of objects (3) for which the access control policy is identical and applies the rule between each of the resources of an origin group and a destination group. The rule has a local range or a global range and it is applied to concerned resources uniquely if the resources belong to the same protection domain when the range of the rule is local and is applied to all the concerned resources when the range of the rule is global.