Method and machine for centralized configuration of firewall in TCP/IP internet protocol data system, system description specification is separated from access control policy in form of access rule between origin and destination resources

摘要

The method has: (a) a description stage for each resource (7) of the data system (3), via a graphical and data collector interface (8);a description stage, via the graphical and data collector interface, for an access control rule, between a origin resource and a destination resource, allowing definition of an access control policy between the two resources;the two stages are realized in an independent manner The firewall (2) configuration device, for a data system (3) includes a central configuration machine (5) having (a) a graphical interface (8) describing the system and access control policy to the resources (7); (b) a compilation motor (9) which translates the collected data from the interface (8) in access control rules; (c) a teleloading and synchronizing module (10) designed to ensure transfer, of the rules created by the motor (9), to the appropriate firewall. The module (10) communicates with the group of firewalls, at the instant which the new transferred rule files are taken into account and applied.