The present invention relates to a remote management of network devices.
Firewall is a set of components forming a gateway in between two or more networks. Logically a firewall is a gateway which operates at the same time as a connector and a separator between the networks in a sense that the firewall keeps track of the traffic that passes through it from one network to another and restricts connections and packages that are defined as unwanted by the administrator of the system. Physically a firewall is a machine with appropriate software to do the tasks assigned to it. It can be a router, a personal computer (PC), or whatever that can be used for such purposes. Although firewalls are mostly used to connect Local Area Networks (LANs), i.e. internal networks to the Internet and to control from malicious attackers or undesired traffic in general, they may also be used to separate and connect different segments of internal network for security purposes. The advantages of having a firewall are numerous. It secures the network and can be used as a tool for monitoring the traffic especially from outside to inside of the network that is guarded by a firewall. Because all traffic intended to the internal network must pass through the firewall, most of the network security actions and policies can be concentrated in this particular point. This is of course a cost and administrative advantage.
However, the firewall cannot keep an effective security by itself. The firewall needs to be carefully installed and configured, and the security policy needs to be evaluated and updated regularly. The contemporary development towards very complicated networks that need to have multiple interfaces with the Internet for VPN (Virtual Private Network), the remote access, the e-business, the cache servers, etc. has increased the demands for administrative skills. With multi-international companies you have to have the ability to control multiple firewalls by the same administrator. You also need to have an ability to have flexible possibilities regarding security policies: at the same time there might be a need for corporate-wide security policy but some specific sites might also need some particularly “tailored rules”.
Because the human factor plays a key role in failures of firewalls and security policies, it is important for a firewall and a system of firewalls to be easily administrable. Administrators should also be restricted to the level of their expertise so they would not do unintentionally something harmful. Only professional and authorized people should have access according to their skills to the firewalls or systems of firewalls. The firewalls are often managed by a remote management system using a network connection and secured (encrypted) communication. The firewall communicates with the management system, sending performance statistics, status information, and log data, while receiving policy updates and configuration changes.
Whenever the configuration, e.g. settings or software, of a network device are changed, there is always a risk that the connectivity is lost between a remote management system and the device. The reason for this may be e.g. a rule preventing a management connection to a firewall. In most cases it is a human error that creates such situation. Whenever the device is managed using a network connection, this means that it is not possible to fix a problem using a network connection.
Therefore, to fix a problem that prevents connecting the management system to a network device, there is a need to have another way of managing the device. Conventionally, the most common approach has been a console connection. Usually this means that the administrator must himself go to the managed device in order to fix the problem. However, sometimes the visit at the device site is not a realistic way to act at all. This is due to the fact that the network device to be managed can be in another building, another country or even in another continent. In such situation, it is typical that some or else must fix the problem locally, mostly according to instruction given by the administrator using a phone or a fax. Even this approach requires the availability of a suitable person near the device to be managed, i.e. a person who is trusted to have administrator rights and skilled enough to manage the device.
Therefore, there are some prior art approaches trying to minimize the skills needed from a person at a remote location. First one is a back-up modem link, i.e. the network device can be accessed by making a modem call to a given telephone number. However, for security reasons, the back-up modem link is not typically enabled all the time. The operator at the remote site has instructions how to enable the link, e.g. connecting a cable, turning on the power, etc.
A second one is an arrangement where a new configuration is first saved in a volatile memory (e.g. RAM) in a device and the current configuration (i.e. the configuration currently in use) is maintained in the permanent non-volatile memory in the device. Then the new configuration is started to be used in the device. If the new configuration is faulty, it is possible to return to the current configuration by rebooting the device. In this case the operator at the remote site needs to just reboot the device. Anyway the availability of a suitable person near the device is needed, since the device cannot be rebooted remotely. Another problem with this approach is that it is up to the administrator to decide to save a new configuration as a current configuration. The administrator may change the configuration many times without changing the current configuration. In that case, it is possible that after a reboot the device returns to a very old configuration that does not correspond to the current situation. Another possibility is that the administrator saves a new configuration as a current configuration without proper knowledge of whether the new configuration works correctly or not. In that case, rebooting the device does not fix the problem of a non-working configuration.
It is evident that a miss-configuration, which prevents even fixing the mistake, can lead to long periods of time during which the network is not available at all. This applies to all network devices, which are remotely managed, not only to the firewalls. However, the firewalls are more likely to have such problems, primarily because the firewalls are the only access points to a network and designed to prevent a traffic not allowed by the administrator. For example, a mistake with IP addressing, routing, anti-spoofing, network address translation, VPN definition, rules or with link speed or mode of a network card may create the described situation.