With the growing popularity of the Internet and networks in general, there is a trend towards centralized network services, and centralized network service providers. To be profitable, however, network service providers need to constantly maintain and if possible enlarge their customer base and their profits. Since leased line services are coming under increased competition, profit margins have been decreasing for their providers. Thus, an increasing number of providers are trying to attract small and medium sized businesses by providing centralized network management system. Network providers are offering VPNs to interconnect various customer sites that are geographically dispersed. VPNs are of great interest to both provider and to their customers because they offer privacy and cost efficiency through network infrastructure sharing.
Today, a VPN virtually implementing, e.g., a company network on an IP (Internet Protocol) network is attracting increasing attention. Particularly, a MPLS-VPN using MPLS easily provides a VPN solution for supporting private addresses while securing customer data. The customer data is generally secured using firewalls so that a secure access is provided to legitimate remote users by allowing only known traffic across the firewall. Further, the firewalls ensure the VPN sites are secured when the Internet or Extranet access to VPN site is enabled.
Existing firewall provisioning systems allow an operator of a service provider to configure the sites so that one site can talk to a second site and not to a third site. The service provider may be an ILEC (Incumbent Local Exchange Carrier), a CLEC (Competitive Local Exchange Carrier), an ICX (Incoming Exchange), an ISP (Internet Service Provider), and/or the like. In order to operate properly it is desirable that the provisioning system be aware of the rules governing the communication between different sites of a VPN and allow configuration of the VPN based on those rules.
However, current firewall provisioning systems require the knowledge of various vendor specific routing policies and firewall configurations or they are customized implementations. Also, firewall provisioning systems require customizing firewall policies based on vendor specific requirements. Further, such topology constrained firewall may have to be provisioned between one or more sites in a large MPLS-VPN service network and this can be very cumbersome and time consuming. Furthermore, managing these firewalls during a security breach or other such situations can be a nightmare to network and system administrators.