Network management systems implement policies by configuring managed devices in the network, such as routers, switches, gateways, and firewalls, with instructions appropriate to carry out a desired policy. One general application for a network management system is implementation of a security policy on firewalls and other security devices. A policy server may be used in conjunction with other components to configure security devices on the network with security policies. CISCO SECURE POLICY MANAGER (CSPM), manufactured by CISCO SYSTEMS, INC., San Jose, Calif., is a commercially available product for implementing security policies using a policy server.
Network management systems are increasingly required to manage larger networks that have numerous firewalls, virtual private networks, and other security devices. To implement security policies properly, an administrator must configure all such devices properly. Consequently, security management can become a difficult task on large networks. A centralized management scheme is often employed for large networks because such systems are efficient, and retain all security information and configurations in one location. In addition, centralized management schemes reduce the possibility of inconsistent or incompatible configurations for different security devices.
With centralized management schemes, security policy configurations are typically deployed from a management site to many security devices using telnet or file transfer protocol, in clear packet traffic or via encrypted tunnel (e.g. IPSec). The use of centralized management stations in this manner requires firewalls and other security devices to always be open. This use of a centralized management station is typically referred to as a permit management property.
Often, networks use a string of security devices in series. The management host maintains all channels between the security devices open for any new set of configurations that it generates.
When address translation mechanisms are used in centralized management schemes, the order in which security devices become configured determines whether deployment of a set of configurations to multiple security devices will be successfully implemented. Even if the new configurations for the security policy satisfy the permit management property, some management channels may be blocked in the middle of deployment because some security devices have been configured while others have not. When a mixture of new and old configurations result, the management channels that are blocked during the transition can prevent some firewalls from receiving their new configurations. Consequently, the entire network goes into a partially configured state with unpredictable security behavior.
Furthermore, because some management channels are blocked, it becomes more difficult to roll-back security devices to their original state. This can lead to security leaks or service disruptions for an extended period of time.
Based on the foregoing, there is a need for determining the order in which a new set of configurations for security devices on a network can be deployed so that newly deployed configurations do not block other configurations that are being deployed when implementing a new security policy.
The approaches described in this section could be pursued, but are not necessarily approaches that have been previously conceived or pursued. Therefore, unless otherwise indicated herein, the approaches described in this section are not prior art to the claims in this application and are not admitted to be prior art by inclusion in this section.