1. Field of the Invention
The embodiments of the invention relate to a method and apparatus for applying firewall rules and actions on a per-user basis. Specifically, embodiments of the invention related to a method and apparatus for identifying a user and a user role for packets or frames being processed by a network element.
2. Background
Private networks such as local area network (LANS) or virtual LANs (VLANs) often utilize a switch or set or switches to route data traffic between the devices on the private network and between devices on the network and remote devices accessible through a wide area network (WAN) such as the Internet or similar networks. The switches and devices may communicate over a wired communication line or over wireless communication channels. The switches are responsible for routing data and enforcing network wide rune.
The private network and the devices on the network are vulnerable to attack by malicious hackers and similar threats. Hackers and similar threats seek to gain access to computers on the private network to gain access to their resources or utilize them for their own purposes. It is difficult to maintain and secure the network at each of the devices on the network as they may have different platforms requiring different types of security programs. Instead of or in addition to security protection installed at each of the devices of the network, a switch on the network that provides the link to the WAN may include a firewall. A firewall is a program that is executed by the switch that filters incoming data to block malicious data traffic and implements similar policies on the network.
The firewall implements its filter and protection as a set of policies that govern which traffic is allowed to enter the private network from the WAN. These firewall policies are applied globally to all incoming traffic to protect the private network. For example, a firewall policy may restrict data traffic to a set of defined ports. All devices on the private network that wish to receive data from or send traffic to devices on the WAN must utilize these ports or the data traffic will be blocked by the firewall.