Dismiss
InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

Design for a Simple Network Management Protocol Subagent for Internet Firewalls

IP.com Disclosure Number: IPCOM000118514D
Original Publication Date: 1997-Mar-01
Included in the Prior Art Database: 2005-Apr-01
Document File: 6 page(s) / 224K

Publishing Venue

IBM

Related People

Shrader, TJL: AUTHOR

Abstract

Disclosed is a design for a Simple Network Management Protocol (SNMP) subagent for internet firewalls which will generate traps when critical events occur, as well as allow the administrator to retrieve status information through get operations. The burdens on internet administrators have been rapidly growing, both in volume and in complexity. Chief among them is the need to retrieve the current status of their internet firewall processes and intercept problems that may occur on the firewall. This disclosure can be applied to any internet firewall product.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 24% of the total text.

Design for a Simple Network Management Protocol Subagent for Internet
Firewalls

      Disclosed is a design for a Simple Network Management Protocol
(SNMP) subagent for internet firewalls which will generate traps when
critical events occur, as well as allow the administrator to retrieve
status information through get operations.  The burdens on internet
administrators have been rapidly growing, both in volume and in
complexity.  Chief among them is the need to retrieve the current
status of their internet firewall processes and intercept problems
that may occur on the firewall.  This disclosure can be applied to
any internet firewall product.

      Internet firewall products allow administrators to create a
physical barrier between an internal, secure network and the
external, unsecure network of the internet.  Besides the physical
connections on the firewall machine, the firewall provides a number
of functions to help administrators control the flow of information
out of and into the secure network.  These functions include telnet
and ftp proxy servers, SOCKS servers, specialized domain name
services, secure Internet Protocol (IP) tunneling across the internet
between secure networks, and the implementation of filter rules to
decide which IP packets should be permitted or denied into or out of
the secure network.

      The SNMP subagent described in this disclosure monitors
critical and information log records written by the internet firewall
and the status of firewall-related servers.  Monitoring takes the
form of responses to get operations by the SNMP agent or by the
generation of  traps due to syslog records written by firewall
monitoring thresholds set by the administrator.

      The subagent will also respond to a limited number of set
operations which only change the execution or configuration
characteristics of the internet firewall SNMP subagent.  Due to
security, the subagent will not allow set operations to modify the
configuration of the firewall.

Architecture

      The architecture of the subagent takes advantage of version 1
of the SNMP specifications, and it is extendible to future versions
of SNMP too.  The subagent is designed to run on multiple platforms,
including AIX* and NT**.

The subagent utilizes four threads which perform the following
operations:
  1.  Listens for get or set operations from the SNMP agent.
  2.  Monitors critical log records (sends back traps for
       firewall log records written to the syslog after the
       last monitoring interval).
  3.  Monitors information log records (sends back traps for
       firewall log records written to the syslog after the last
       monitoring interval).
  4.  Monitors the status of internet firewall servers (sends
       back traps if the status of a firewall server changed since
       the last monitoring interval).

Configuration

      The administrator can configure the SNMP sub...