The invention relates, in general, to communications via gateways or routers, and more particularly, to a method and an apparatus for configuring a router of a local-area network (LAN), such as a corporate network or Intranet, in a communication network with a wide-area-network (WAN) connected or linked via the router, such as the worldwide web WWW or Internet.
In a communication network, the router serves as an interface between a plurality of networks, such as a plurality of local-area networks, or one global network and one local-area network, and via the router all the local communication subscribers or users of a particular network are able to communicate simultaneously with another network, such as the Internet or an Intranet, via a communication connection, such as an ISDN connection (Integrated Services Digital Network). A firewall or a firewall-router combination is also considered to be a router. In other words, the router is a piece of switching equipment in the communication network, for transmitting data from one communication subscriber to another external communication subscriber or user on the basis of a protocol, such as the Internet protocol, associated with the data transmitted or forwarded.
Typically, one router can connect various communication networks or computer networks to one another, such as the local-area network and the external computer network of a business. Moreover, the router may be configured such that firewall functions are fulfilled. The firewall functions can be fulfilled if a packet filter is realized via the router. This packet filter typically forwards only data or data sets of a predetermined type, predetermined addresses of origin and/or destination, predetermined ports of origin and/or destination, and/or possibly data with predetermined flags, depending on a configuration that has been predetermined or set.
Before the user can access certain computer programs of a local-area computer network from a computer or device of an external computer network, the router needs to be configured in a suitable way. Typically, this router configuration is done manually by an administrator, who is usually also responsible for problem-free operation of the local-area network. Before the administrator configures the router in this suitable way, the user as a rule can make a request to gain access to the desired computer program. The administrator thereupon checks whether the user even has the right to access the computer program the user has requested, and then performs a technical risk analysis, with the aid of which possible risks to security should at least be limited. Based on the technical risk analysis, the administrator could for instance be assured that the user has access only to the computer program he requested, or is prevented from gaining unauthorized access to that requested computer program and/or other computer programs or to a communication subscriber or computer of the local computer network. On the basis of the technical risk analysis, an administrator for instance determines suitable packet or port filters, or a suitable host routing. Next, the administrator configures the router in the suitable way that enables the user to access the requested computer program.
However, the above described process may be relatively time-consuming, and as a rule may only be performed by a specialist, such as the administrator.
From German Patent Disclosure DE 101 46 397 A1, a method for configuring a firewall or a router is known in which a first computer or a first computer network is connected to a second computer network via the firewall or the router, and the router or the firewall is configured such that communication between a computer in the second computer network and the first computer, or a predetermined computer of the first computer network, is made possible once a predetermined request form is filled out, which is automatically translated into a code suitable for the configuration of the firewall or the router. As such, a deadline is agreed upon with a central station or communication center for when the configuration will be performed, online, from the central station. A disadvantage of this method is that coordination is more difficult given the need to agree on a deadline with the central station and the time differences involved in worldwide use, so that potentially several visits on site by technicians or administrators are required.