JP2000216780A - Network management system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a network management system where each network unit can be used normally, without contradictions in setting the contents of a plurality of network equipment among the equipment. SOLUTION: The system is provided with a management server, provided with a policy information definition means and a setting information generating means to each network unit on the basis of policy information, and the system conducts setting information generating processing to each network equipment, setting information distribution processing to each network equipment, setting information install processing to each network equipment, setting validating processing, collection processing of setting information to each network equipment, and arrangement/matching property check processing of collected information. When a firewall exists between the management server and the network units, mutual authentication between the management server and each firewall and data encryption are conducted, a data relay program to the firewall is located to cause distribution of the setting information to be relayed.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

[0001] 1. Field of the Invention [0002] The present invention relates to a network management system, and more particularly, to a network management system capable of collectively remotely setting service applications in which a plurality of network devices operate cooperatively. .

[0002]

2. Description of the Related Art Conventionally, as a technique for supporting operation management of devices distributed on a network, there is Japanese Patent Application Laid-Open No. 9-69083 "Distributed operation management method and fault management method". This has a function of linking a network management mechanism that manages a computer connected to a network as a network device and a system management mechanism that manages jobs in the computer to enable centralized management. .

Another technique for providing management of firewall tunneling is disclosed in Japanese Patent Application Laid-Open No. 10-200530.
There are "management methods and systems". This has a function of graphically displaying the status of a tunnel created between a plurality of networks.

[0004] Data Communications Magazine
Vol.27, No.8, `` Getting to the Root of Policy
According to "Management," there is an increasing movement to set access policies for a group of distributed servers using a directory service.

[0005]

With the development of the Internet, various network devices and service software running on them have been developed, and their setting items have become more complicated. In particular, recently, service software in which a plurality of network devices operate in cooperation has increased. Such service software requires not only consistency in the setting contents of a single unit, but also consistency of setting items between network devices.

As such a setting item, for example, there is a setting of tunneling in a router. Tunneling is a technique in which a packet created by a transmission source is stored in another packet and transferred in a partial section of a communication path, and is realized by a pair of tunneling devices. For example, as shown in FIG.
To perform tunneling between Router A and Router B on the route when sending a packet to Host B, (1) Router A receives a packet from Host A and is addressed to Host B in Network B. Is stored in the packet of router A with the source address of router A, and the destination address is stored in the packet of router B. (2) In router B, the source address stored in the packet received from router A Is the host A, and the destination address is to take the packet of the host B and execute the process of sending it to the network B.

Further, the host B sends a packet for notifying that the packet has been received from the host A to the host.
To return it to A, (3) Router B
The packet received for the host A in the network A received from the router A is stored in the packet of the router B with the source address of the router A and the destination address in the packet of the router A, and the packet is transmitted to the router A. The source address stored in the packet received from Router B is Host B
Then, the destination address takes the packet of host A and executes the process of sending it to network A.

[0008] To realize such processing, the router A sends a packet addressed to the network B to the router
Knows what to send to B. ・ Router B sends packets destined for network A to router
It is assumed that it is necessary to send to A, and it is necessary to make sure that the settings of both routers do not conflict, that is, that there is no inconsistency in the settings of both routers.

Another similar setting item is a multi-stage firewall access control setting. The firewall determines whether access is possible according to the combination of the source address and the destination address. For example, as shown in FIG. 22, the host A of the subnetwork A1 has a packet filtering firewall FW-A1 installed at the entrance and exit of the subnetwork A1, and a packet filtering firewall FW installed at the entrance and exit of the network A. When accessing an Internet server via -A, the following access control will be performed.

(1) In the firewall FW-A1,
The source address is Host A and the destination address permits Internet communication. (2) Access in two firewalls where the source address is Host A and the destination address permits Internet communication in Firewall FW-A. If the control settings are inconsistent, Host A may not be able to communicate with the Internet or may be able to communicate with unexpected addresses.

The prior art is as follows: (1) In a single computer,
A function for centrally managing a network job by associating a network management mechanism with a computer job (Japanese Patent Laid-Open No. 9-69083), and (2) a function for graphically displaying already created tunnels
10-200530). In addition, there is a movement to set an access policy of a distributed server using a directory service. However, all of these technologies focus on how to efficiently manage and distribute the configuration files that are distributed and stored in the computer, and have a function to maintain consistency in the contents of the configuration files. Did not provide.

Accordingly, the present invention provides a first function for creating and setting the settings of each network device without inconsistency, that is, maintaining consistency, with respect to the network devices, and Check the consistency of the contents set in, and if there is an inconsistency for any reason, such as failure to use the first function, provide the second function to notify the user (the person who set up the equipment) of it. An object of the present invention is to provide a network management system for enabling normal use of a network. Further, in the second function, when there is an inconsistency, resetting using the first function is prompted.

[0013]

In order to solve the above-mentioned problems, the present invention provides a management server, wherein the management server defines policy information as meta-level information, A means for creating device setting information; a process of deriving and generating setting information of each network device from a policy created by a network administrator in the management server; A process of distributing the setting information to the network devices and a process of installing the setting information in each network device and validating the settings are performed. The meta-level information means information that is a source for deriving or creating the setting information.

[0014] Further, a process for collecting setting information of each network device in the network management server and a process for organizing the collected information and checking the consistency are performed.

For a network device that cannot directly distribute setting information from the management server due to a firewall or the like, a data relay program is arranged from the management server to a firewall on the communication path of the network device, Relay the distribution of Further, a mutual authentication process and a data encryption process are performed between the data transfer program of the management server and the data relay program on each firewall.

Further, in a firewall integrated management system applied to a network in which a firewall is provided between management units of the network, a management server for setting management information in the firewall is provided. A manager program for setting management information to the firewall of the system is provided.

Further, the manager program specifies a firewall for transmitting setting information from a client address of a client receiving the service and a server address of a server providing the service.

Further, the manager program generates setting information in accordance with the information input by the administrator, and transmits the setting information to each firewall.

[0019]

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS A first embodiment of the present invention will be described with reference to FIGS. FIG. 3 is a diagram showing, as an example of an environment in which the network management system according to the present invention operates, a case where a tunneling setting is particularly performed in a router.

301 is the Internet, 302 to 304
Are the organization networks, and 305 through 307 are the Internet networks 3 through 304, respectively.
The router that connects to 01, 308 is the organization network 302
A local network 309 is a management server installed in the local network 308.

In this embodiment, as an example of the tunneling setting, the organization network 302 and the organization network 302 are used.
A case will be described in which a tunnel between 303 and a tunnel between the organization network 302 and the organization network 304 are created.

FIG. 4 is a diagram showing the configuration of the management server 309 used by the network management system of the present invention. 401 is a CPU, 402 is a network interface, 403 is a disk, 404 is memory, 405 and
406 is a file stored on disk 403, and 40
5 is a policy file, 406 is a configuration file, 407
To 410 are programs located on the memory 404, 407 is the operating system, and 408 is
File editing program, 409 is a setting file creation program, 410 is a data transfer program, 411
Is an input / output device, which comprises input means such as a keyboard and a mouse, and display means such as a CRT and a liquid crystal. The setting files 406 exist for the number of routers. The file editing program 408 creates a policy file 405, and the setting file creating program 409 takes the policy file 405 as input,
To create a configuration file 406 for each router, the data transfer program 410
305 to 305 are used to transfer the configuration file 406 to the router 307. The administrator creates the setting file 406 using the input / output device of the management server 309. Alternatively, the management server 309 may be remotely located from a management terminal.
May be accessed.

FIG. 5 is a diagram showing the contents of the policy file 405 used by the network management system of the present invention. The policy file 405 includes a component device information section 501 and a policy section 502. The component device information section 501 is a set of entries including two fields that specify a network name and a router name that executes a tunneling process for communication with the network. In the case of the present embodiment, the network name is described in the first field, and the router name is described in the second field, separated by ":". In the network of this embodiment, the specific contents of the component device information set in the component device information section 501 for realizing the example of FIG. 3 are as follows.

Network 302: Router 305 Network 303: Router 306 Network 304: Router 307 The first entry of this component information section 501 is:
"Tunneling for communication to the network 302 is performed by the router 305."

The policy section 502 is a set of entries composed of two fields for specifying network names at both ends of the tunnel. In the case of the present embodiment, the network names at both ends of the tunnel are described in the first and second fields of each entry, separated by ":". In the network of this embodiment,
The specific contents of the policy set in the policy section 502 for realizing the example of FIG. 3 are as follows.

Network 302: Network 303 Network 302: Network 304 The first entry in this policy section 502 means that “the network 302 and the network 303 are connected by a tunnel”.

FIG. 6 shows a configuration file 406 corresponding to each router used by the network management system of the present invention.
FIG. The configuration file 406 includes a tunnel configuration information section 601. The tunnel setting information section 601 is a set of entries composed of two fields for specifying a destination network name for executing a tunnel process and a router name for executing a tunneling process for communication with the network.
In the case of the present embodiment, the destination network name is described in the first field, and the router name is described in the second field, separated by ":".

In the network of this embodiment, the specific contents of the tunnel setting information set in the tunnel setting information section 502 are as follows.

Tunnel setting information for router 305 Network 303: Router 306 Network 304: Tunnel setting information for router 307 / router 306 Network 302: Tunnel setting information for router 305 / router 307 Network 302: Router 305 The network management system generates and distributes the configuration file 406 to each router shown in FIG. 6 from the policy file 405 shown in FIG. 5, and conversely, the configuration file 406 collected from each router to the policy file 405, and has a second function of checking if there is any inconsistency in the settings.

FIG. 7 is a flowchart showing processing for creating a setting file 406 for each router from the policy file 405. With this processing, the first function for preventing inconsistency and inconsistency in creation of the setting contents and the setting for each network device is realized.

Step 701 opens the policy file 405 and creates a list of component device information sections and a list of policy sections. Step 702 checks whether there is still an entry in the list of component device information sections created in step 701. Steps 703 to 713 are steps to be performed when an entry still exists.Step 703 is to retrieve one entry from the list of the component information section.Step 704 is to perform a router from the second field of the entry obtained in step 702. Step 705 to obtain the name is a configuration file 4 for the router from which the name was obtained.
Step 706 to open 06 is to get the network name from the first field of the entry obtained in step 702, and step 707 is to go to step 7 from the list in the policy section.
Step 708 of picking up an entry having a field that matches the network name obtained in 06 and creating a list is performed in Step 708, which checks whether there is still an entry in the list of the policy section created in Step 701.Steps 709 to 712 are not performed. Step 709 to be executed when an entry exists.Step 709 retrieves one entry from the list created in Step 707.Step 710 is a field of the entry obtained in Step 709 and does not match the network name obtained in Step 706. Step 711 of obtaining the network name, which is the content of the other field, is to obtain an entry having the first field that matches the network name obtained in step 710 from the list in the component information section. Step through the retrieved entries
Step 713 of writing to the file opened in step 705 is a process executed when there are no more entries in the list of policy sections created in step 701, and step 714 of closing the file opened in step 705 is created in step 701. This step is executed when there are no more entries in the list of configured device information sections, and is a step of closing the policy file 405.

By executing the above flow, a setting file 406 for each router can be generated. Further, the first function of the present invention can be realized by transferring the setup file 406 for each router to each router and setting it up.

FIG. 8 shows a configuration file 406 of each router.
9 is a flowchart showing a process of checking the consistency after collecting the data. This processing implements a second function of confirming that there is no inconsistency in the contents already set in each device, that is, checking the consistency.

Step 801 is to prepare a component device information buffer for storing entries of the component device information section 501 described with reference to FIG. 5 and a policy information buffer for storing entries of the policy section 502, respectively.
2 is a step for confirming whether there is still an unprocessed one in the configuration file 406 of each router.
08 is a process to be executed when there is an unprocessed setting file 406, 803 is a step of opening the setting file 406, and 804 is a step of opening the opened setting file 406.
Steps 805 to 807 to check if there are any unprocessed entries in the tunnel setting information section in the process.
The step of reading one unprocessed entry, 806 writes the entry read in step 805 to the component information buffer, and the step 807 sets the first field of the entry read in step 805 to the name of the router currently being processed. Step 808 is a step to be executed when there is no unprocessed entry. Step 808 is to close the setting file 406 opened in Step 803. Sorting the fields by key, 810, a different second field for the same second field
Checking the contents of the component device information buffer for the presence of an entry having one field, displaying and reporting the result using the input / output device 411, 811 Replacing the router name described in the second field with the network name by using the contents of the information buffer; 812, sorting the field order of each entry of the policy information buffer; and 813, the policy information buffer. Steps to sort entries, 814
Is a step of checking whether two identical entries exist in the policy information buffer, and displaying and reporting the result using the input / output device 411.

By executing the flow described above and executing the checks in steps 810 and 814,
A second function of checking the consistency of each setting file 406 and displaying and reporting the result using the input / output device 411 can be realized.

A second embodiment of the present invention will be described with reference to FIGS. FIG. 9 is a diagram showing, as an example of an environment to which the network management system of the present invention is applied, a case in which access control settings are made particularly in a packet filtering type firewall.

Packet filtering is, for example, as described in "Firewall Internet Related Technology" by Takagi et al.
It performs packet filtering based on the P address, destination IP address, and the like.

Reference numeral 901 denotes the Internet; 902, an organization network; 903, a subnetwork within the organization network 902; 904, another subnetwork within the organization network 902; and 905, an entrance and exit of the organization network 902. 906 is a packet filtering firewall installed at the entrance of the sub-network 903, 907 is a sub-network 904
908 is a packet filtering firewall installed at the entrance and exit of the management server.

In the present embodiment, as an example of the access control setting, the transmission source address is
All hosts in the network allow the destination address to be all hosts on the Internet, and the source address is all hosts in subnetwork 904 and the destination address is all hosts in subnetwork 903. A description will be given of a case in which communication as a host is permitted.

FIG. 10 is a diagram showing the contents of the policy file 405 of each firewall used in this embodiment. Policy file 4 used in this embodiment
05 is composed of a component information section 1001 and a policy section 1002. The component device information section 1001 is a set of entries including a firewall name, a network name outside the firewall, and an inner network name protected by the firewall. In the case of this embodiment, the firewall name is entered in the first field,
Describe the outer network name in the second field and the inner network name in the third field. In the network according to the present embodiment, the specific contents of the component device information set in the component device information section 1001 for realizing the example of FIG. 9 are as follows.

Firewall 905: organization network 902: Internet 901 Firewall 906: subnetwork 903:
Organization network 902 firewall 907: subnetwork 904:
Organization Network 902 The first entry in this component information section 1001 states that "Firewall 905
From the Internet to the Internet. "

The first field of the policy section 1002 describes the source address, and the second field describes the destination address. In the network of this embodiment,
The specific contents of the policy set in the policy section 1002 for realizing the example of FIG. 9 are as follows.

Subnetwork 903: Internet 901 Subnetwork 904: Subnetwork 903 The first entry in this policy section 1002 is
This means that a host whose source is the subnetwork 903 can communicate with a host of the Internet 901 as a destination.

FIG. 11 is a diagram showing the contents of each firewall setting file 406 used in this embodiment. The configuration file 406 includes an access control information section 1101. Access control information section 1
Reference numeral 101 denotes a set of entries including two fields for specifying a source address and a destination address. In the case of the present embodiment, the source address is described in the first field, and the destination address is described in the second field, separated by ":".

In the network of this embodiment, the specific contents of the access control information set in the access control information section 1101 are as follows.

Access control information subnetwork 903 for firewall 905: Access control information subnetwork 903 for Internet 901 and firewall 906: Internet 901 subnetwork 904: Access control information subnetwork 904 for subnetwork 903 and firewall 907: Subnetwork 903 FIG. 12 is a flowchart showing processing for creating a setting file 406 for each firewall from the policy file 405.

Step 1201 is to open the policy file 405 and create a list of the component device information section 1001 and a list of the policy section 1002.
Check if there are still entries in the list of policy sections created in step 1201, 12
Steps 03 to 1206 are executed when an entry still exists, 1203 is a step for extracting one entry from the policy section list, and 1204 is a step 1203 for selecting from the list of constituent device information sections.
Step 1205 of retrieving entries related to the entry retrieved in Step 1205 is to open the firewall configuration file 406 described in the first field of each entry retrieved in Step 1204, and read out the policy section retrieved in Step 1203. The step of writing an entry, 1206, is a step of closing each setting file 406 opened in step 1205.

By executing the above flow, a setting file 406 for each firewall can be generated. Further, the first function of the present invention can be realized by transferring the setup file 406 for each firewall to each firewall and setting it up.

FIG. 13 is a flowchart showing a process of checking the consistency after collecting the firewall setting files 406.

Reference numeral 1301 denotes a step of preparing a policy information buffer for storing the policy section 1002 described with reference to FIG. 10, and reference numeral 1302 denotes a step of confirming whether there is any unprocessed configuration file 406 in each firewall. , 1303 to 1304 are processing to be executed when there is an unprocessed setting file 406. 1303 is a step of opening the setting file 406. 1304 is an entry of the access control information section in the opened setting file 406. This is the step of writing to the policy information buffer.

Step 1305 is a step of deleting a duplicate entry in the policy information buffer.

Each entry in the policy information buffer created by the above flow represents a set of a source and a destination to which communication is permitted. Therefore, by checking this information, a second function of confirming the consistency of each setting file 406 and displaying and reporting the result using the input / output device 411 can be realized.

A third embodiment of the present invention will be described with reference to FIGS. FIG. 14 is a diagram showing, as an example of an environment in which the network management system of the present invention operates, a case in which access control is set particularly in an application gateway type firewall.

1401 is the Internet, 1402 is the organization network, 1403 is a subnetwork within the organization network 1402, 1404 is the organization network 140
1405 is an application gateway firewall installed at the entrance of the organization network 1402, 1406 is an application gateway firewall installed at the entrance of the subnetwork 1403, 1407
Is an application gateway firewall installed at the entrance and exit of the subnetwork 1404, 1
408 is the management server, 1409 is the Internet 1401
1410 is an application gateway firewall installed at the entrance and exit of the remote network 1409.
Is the client computer used by user A on the Internet 1401, 1412 is the client computer used by user B on the organization network 1402, and 1413 is
The server computer 1414 in the sub-network 1403 is
This is a server computer in the sub-network 1404.

In this embodiment, as an example of the access control setting, (1) the user A on the Internet 1401
Is connected to the subnetwork by the client computer 1411.
The server computer 1413 in 1403 is permitted to use the telnet protocol, and (2) User B is connected to the client computer on the remote network 1409.
By 1412, server computers in the subnetwork 1404
The case where use of the ftp protocol is permitted for 1414 is explained.

FIG. 15 is a diagram showing the contents of the policy file 405 of each firewall used in this embodiment.

The policy file 405 used in this embodiment
Is composed of a component information section 1501 and a user policy section 1502. The component information section 1501 is a set of entries composed of three fields that specify the network name outside the firewall, the firewall name, and the network name inside the firewall. In the case of this embodiment, the outer network name and the
Write the firewall name in the 2nd field and the inside network name in the 3rd field. In the network according to the present embodiment, the specific contents of the component device information set in the device configuration section 1501 for realizing the example of FIG. 14 are as follows.

Internet 1401: Firewall
1405: Organization network 1402 Internet 1401: Firewall 1410: Remote network 1409 Organization network 1402: Firewall 1406: Subnetwork 1403 Organization network 1402: Firewall 1
407: Subnetwork 1404 The user policy section 1502 is an entry consisting of four fields that specify the user name, the allowed network name as the source, the allowed network name as the destination, and the allowed protocol name. , An entry is created for each network user who performs access control in this system. In the case of this embodiment, the user name is in the first field, the source network name is in the second field,
Describe the destination network name in the third field and the protocol name in the fourth field. Here, the designation of the network name of the transmission source and the transmission destination can be performed for each host name. In addition, the designation of the protocol name can also describe a plurality of protocols collectively. In the network of this embodiment, the specific contents of the user policy set in the user policy section 1502 for realizing the example of FIG. 14 are as follows, and this content is input from the input / output device 411.

User A: Internet 1401:
Subnetwork 1403: telnet User B: Remote network 1409: Subnetwork 1404: ftp FIG. 16 is a diagram showing the contents of each firewall setting file 406 used in this embodiment. The configuration file 406 contains the access control information section 1601
And a user credential section 1602. The access control information section 1601 is a set of entries composed of three fields for specifying a source address, a destination address, and a permitted protocol. In the case of this embodiment, the source address and the
Describe the destination address in two fields and the protocol in the third field, separated by ":". The address is
It can be specified in host units or network units. In this embodiment, the access control information section
The specific contents of the user policy set in 1601 are as follows.

Setting file of firewall 1405 Internet 1401: Firewall 1406:
Telnet / Firewall 1406 configuration file Firewall 1405: Subnetwork 1403
: Configuration file of telnet / firewall 1407 Organization network 1402: Subnetwork 1404
: ftp / firewall 1410 configuration file remote network 1409: firewall 14
05: ftp user authentication information section 1602 is a set of entries including three fields for specifying authentication information such as a user name, a password of the user, an encryption key, and the like, and a protocol name permitted to the user. In the case of the present embodiment,
Write the user name in one field, the authentication information in the second field, and the protocol name in the third field, separated by ":". In the network of this embodiment, the specific contents of the user authentication information set in the user information section 1602 are as follows.

User authentication information for firewall 1405 User A: (password character string): telnet User B: (password character string): ftp User authentication information for firewall 1406 User A: (password character string): telnet User authentication information for firewall 1407 User B: (Password character string): ftp User authentication information for firewall 1410 User B: (Password character string): ftp Figure 17 shows the path used to create the configuration file in this embodiment. FIG. 9 is a diagram showing the contents of an information list 1701. The path information list is a list of a variable number of cells storing network names or firewall names, and is created by a user (device setting person) at the time of installation of each network device. In this list, as shown in FIG. 17, the names of the networks intervening from the source network to the destination network and the names of the firewalls separating the networks are stored in order.

From the route information list 1701, each firewall on the route can specify the range of the source and destination for relaying. For the focused firewall, the network that is the previous element and the firewall that is the previous element are the transmission source, and the network that is the next element and the firewall that is the second element are the transmission destination. Becomes

In the case of a firewall adjacent to the transmission source, there is no firewall that is the element two before. In the case of a firewall that is adjacent to the destination, there is no firewall that is the second element behind.

FIG. 18 is a flowchart showing a process of creating a setting file 406 for each firewall from the policy file 405.

Step 1801 is to open the policy file 405 and create a list of the component device information section 1501 and the user policy section 1502.
Steps 1803 to 1809 to check if there are still entries in the list of user policy sections created in step 1801 are the steps to be performed if entries still exist. The extracting step 1804 has a list of the component device information section 1501, identifies a firewall present on the communication path indicated by the entry extracted in step 1803, and specifies a path information list 1701 from the source to the destination of the entry.
Step 1805 for creating the route information list is the route information list 17 created in step 1804.
Configuration file for firewall included in 01
Steps 1806 to 1809 for opening 406 respectively are steps for creating the configuration files 406 of all the firewalls included in the routing information list 1701 created in step 1805.
Step 1807 to check if it still exists in 1701 is the routing information list created in step 1805.
Step 1808 is to pick up the firewall from 01, and 1808 uses the route information list 1701 to identify the network and firewall adjacent to the firewall picked up in Step 1807.Step 1809 is to pick up the information in Step 1807 from the information specified in Step 1808. Step 1809 for creating an entry for the access control information section 1601 of the firewall configuration file 406 that has been made is a step for creating an entry for the user policy section 1602 of the firewall configuration file 406 that has been picked up in Step 1807 from the information identified in Step 1808. 1810 is the route information list 170 created in step 1804.
Configuration file 4 for the firewall included in 1
06 is a step of closing each.

By executing the above flow, a setting file 406 for each firewall can be generated. Further, the first function of the present invention can be realized by transferring the setup file 406 for each firewall to each firewall and setting it up.

FIG. 19 is a flowchart showing a process of collecting the setting files 406 of the respective firewalls and then checking their consistency.

Step 1901 prepares a policy information buffer for storing the user policy section 1502 described in FIG. 15. Step 1902 executes the setting file 405 of each firewall.
Steps 1903 to 1905 are executed when there is an unprocessed configuration file 406.Step 1903 is to open the configuration file 406. Configuration file 4 opened in step 1903
06, the connection relationship of the firewall is identified from the access control information section 1601. For each entry of the access control information section 1601, the first field of the entry, the firewall name set by the setting file 406, and the 2 Step 1905 for creating a record with each field as an element and recording it in the policy information buffer is the setting file opened in step 1903.
In the process of checking the user registration status from the user information section 1602 of the user information section 1602, the first field of the entry, the firewall name set by the configuration file 406, and the third field of the entry are entered for each entry of the user information section 1602. Step 1906 of creating a record as an element and recording it in the policy information buffer is performed in step 1906. This is a step of reconstructing the user policy section 1502 of the policy file 405 from the record recorded in the policy information buffer in the above step.

By executing the above flow and checking the created policy file, each setting file 4
The second function of checking the consistency of 06 can be realized.

FIG. 20 shows a firewall 1405 and a firewall 1410 which are network devices on a communication path for distributing setting information from the management server to the firewall 1410 in the configuration of FIG.
FIG. 3 is a diagram showing the configuration of FIG. 2001 is the CPU 2002 is the network interface, 2003 is the disk, 200
4 is a memory, 2005 to 2007 are programs located on the memory, 2005 is an operating system, 2006 is an agent program, 2007
Is a data relay program, 2008 is a relay path information table used by the data relay program 2007 to specify a relay destination, and 2009 is an input / output device such as a keyboard and a mouse.

The management server is a firewall on the route
By sending the setting information 406 to the target firewall 1410 via the data relay program 2007 of 1405, it becomes possible to make settings for the firewall 1410 as well. Firewall 1410
Uses the agent program 2006 to install the received setting file 406. At this time, in order to prevent falsification and leakage of the setting information, the data transfer program 410 on the management server 1408 and the data relay program 2007 on the firewall 1405 on the route are used.
, Mutual authentication and data encryption may be performed. The data transfer program on the management server 309
Mutual authentication and data encryption may be performed between 410 and the data relay program 2007 on the target firewall 1410.

Hereinafter, a fourth embodiment which is a more specific version of the third embodiment will be described.

[Network Configuration of Firewall Integrated Management System] First, the network configuration of the firewall integrated management system according to the present embodiment will be described with reference to FIG. FIG. 21 is a network configuration diagram of the firewall overall management system according to the present embodiment. In the present embodiment, TCP (Transmission Control Protocol) / I, which is a de facto standard for the Internet as a protocol, is used.
Description will be made assuming that P (Internet Protocol) is used.

The domains 12a to 12e are units in which the network is managed, and one domain is managed according to the same policy. Each domain is connected to the Internet 11, which is an open network accessible by an unspecified number of users. Further, between each domain and an external network, firewalls 14a to 14d, which are devices for performing access control for preventing unauthorized intrusion from the outside, are provided.

The domain 2 is connected to a management server 13 and a management terminal 15. The management server 13 is a server that provides a function of managing a firewall. The management terminal 15 is a terminal provided for an administrator to perform firewall management work. Conventionally, management of a firewall is performed from a terminal connected to the same domain as the firewall. However, in the present invention, the management server 13 and the management terminal 15 manage the firewall connected to another domain. The feature is that information can be set.

In this embodiment, the management terminal 15 for providing a user interface for management work is prepared. However, the management work may be performed from a management server due to the configuration of the network.

Each of the domains 12a to 12d uses a so-called VPN (Virtual Network) which is used as a virtual private network using the open Internet.
Private Network). At that time, it can be said that a firewall is an essential facility for security.

[Hardware Configuration of Firewall Integrated Management System] Next, each hardware configuration of the firewall integrated management system according to the present embodiment will be described with reference to FIGS. 22 to 24. First, the hardware configuration of the management server 13 of the present embodiment will be described with reference to FIG. The management server 13 includes a processor 21, a fixed disk 22, a memory 27, an input / output control unit 211, and a network control unit 213. The processor 21 is a unit that performs control between hardware in a computer and processing of a program.
The fixed disk 22 is a large-capacity auxiliary storage device that stores programs and tables. Memory 27
Is a device for loading a program or storing temporary data, and is usually composed of a semiconductor element. The input / output control unit 211 controls an externally stored input / output device, for example, a display and a keyboard 212.
The network control unit 213 is a part that controls a line with another computer.

The fixed disk 22 stores programs and various tables for realizing the firewall integrated management system of the present invention. The manager program 23 is a management program that operates on the management server, and has a function of generating control information for setting in a firewall based on information input from an administrator and transmitting the control information to the firewall. The authentication / encryption communication module 22a is called from the manager program 23,
Responsible for authentication and encrypted communication. The firewall configuration information table 24 is a table describing a connection relationship between a firewall and a domain. The user information table 25 is a table for storing various user information, and is composed of network use form information and use route information for each user. Relay route table 26
Is a table describing a destination address and a relay destination address which is the next connection destination address, and stores the address of a firewall that relays the connection when setting information is transmitted to the firewall.

The contents and functions of the table appearing here will be described later in detail. On the other hand, the memory 27
Is a device for loading and storing a program from a fixed disk as described above and for holding temporary data, and is used by being logically divided into areas.
The manager program area 28 is an area for storing the manager program 23, the authentication / encryption communication module area 29 is an area where the authentication / encryption communication module is loaded, the firewall setting information table area 21.
Reference numeral 5 denotes an area for storing a firewall setting information table 215 which is dynamically generated when setting firewall management information. A transit firewall table area 214 is an area for storing a transit firewall table and a relay route table area 210.
Is an area for storing a relay route table area.
The firewall setting information table 215 and the via firewall table area 214 will also be described later.

Next, the hardware configuration of the firewalls 14a to 14d of this embodiment will be described with reference to FIG. Each of the firewalls 14a to 14d includes a processor 31, a fixed disk 32, a memory 36, and a network control unit 313. Each function is the same as that of the management server 13. Firewall 1
The fixed disks 32 of 4a to 14d also have the management server 13
As in the case of (1), a program for realizing the firewall integrated management system of the present invention and various tables are stored. The agent program 33 is a program that acts as an agent (agent) of the manager program on the firewall, receives the firewall setting information transmitted from the manager program, and sets the information in each table of the firewall. The relay path table 35 is stored in the management server 1
3 is a table in which a destination address and a relay destination address which is the next connection destination address are described,
Stores the address of the firewall that relays the connection when sending configuration information to the firewall.

The relay program 34 is a program for relaying a connection when a packet having firewall setting information is transmitted to a firewall to be set, based on the relay route table 35. To the next firewall. Authentication / encryption communication module 3
3a is called from the agent program 33,
Responsible for authentication and encrypted communication. The user registration table 312 is a table for storing user registration information and performing authentication when a user receives a service. The access control table 313 is a table for storing various types of information required when a user receives a service. The routing control table 314 is a table for storing routing information of a packet when a user receives a service.

The memory 36 of each of the firewalls 14a to 14d has an agent program area 37.
, A relay program area 38, a relay path table area 39, and an authentication / encryption communication module area 310 to store data. The agent program area 37 is an area for storing the agent program 33, the relay program area 38 is an area for storing the relay program 34, the relay route table area 3
Reference numeral 9 denotes an area for storing a relay path table, and an authentication / encryption communication module area 310 is an area in which the authentication / encryption communication module is loaded.

Next, referring to FIG. 24, the management terminal of this embodiment will be described.
15 hardware configurations will be described. Management terminal 15
Is a processor 41, a fixed disk 42, and a memory 4
5, input / output control unit 46, display keyboard 47
And a network control unit 48. The functions of the management terminal 15 are the same as those of the management server 13. The fixed disk 42 on the management terminal 15 stores a user interface program 43,
When executed, it is loaded into a user interface program in memory. The user interface program is a program that provides a network administrator with a user interface for controlling a firewall.

[Firewall Setting Process of Firewall Integrated Management System] Next, a process of setting a firewall in the firewall integrated management system according to the present invention will be described with reference to FIGS. FIG. 25 is a diagram schematically illustrating a process of setting a firewall by the firewall integrated management system according to the present invention. In the example shown in FIG. 25, FIG.
Under the system configuration shown in FIG. 7, it is assumed that the firewall is set so that only the authenticated user 197 can access the server 199 from the client.

When the management server 13 performs such a firewall setting process, the following processes are performed in order. This will be described separately in terms of FIG. (1) Processing 191 for specifying a setting target firewall (2) Processing 1 for generating setting information for each firewall
92 (3) Process 193 of transmitting setting information for each firewall to each firewall (4) Process 194 of receiving setting information by each firewall and setting it 194 (5) Process 195 of firewall relaying connection 195 (1) Setting Process 19 for specifying target firewall
One.

The process 191 for specifying a setting target firewall, which is a specific example of the third embodiment, will be described with reference to FIGS. 26 to 30. FIG. 26 is a diagram showing an input screen 51 on the management terminal 15 when the administrator inputs setting information. The input screen 51 is displayed on an output device of the display keyboard 47. The information set by the administrator corresponds to the user policy set in the user policy section 1502 illustrated in FIG. FIG. 27 is a diagram showing the firewall configuration information table 24 on the management server 13. This table contains the component device information section illustrated in FIG.
This corresponds to the component device information set in 1501. Figure
FIG. 28 is a flowchart showing processing for specifying a firewall set by the manager program 23. This flowchart is based on the setting file described in FIG.
This is equivalent to a part of a flowchart showing a process of creating 406.

FIG. 29 is a diagram showing the contents of the transit domain list 216 for each state. FIG. 30 is a diagram showing the via firewall table 214 on the management server 13.
In order to function effectively as a firewall to defend the network, the firewall that needs to be set in view of the network form is specified, and the use form of the user who receives the service is assumed for the firewall. It is necessary to set. For this purpose, the administrator first inputs necessary setting information from the management terminal 15 shown in FIG.

User identifier (global user name) 52
Is a unique and globally accepted name for the entire network to receive the service. The client address 53 is an address of a client used by the user, and the server address 54 is an address of a server to which the user receives service. This address is an address for uniquely identifying a computer or a network, and is described in DNS (Domain Name Syst
It must be described in a domain format based on em) and must be an address that can be used throughout the network.

In the service name 55, a service name used by the user is input. The example shown in FIG. 25 is a case where a user whose global user name is “abc” performs a firewall setting on the premise of a service of accessing “domain 3” from “domain 1” by “telnet”. . When the input from the management terminal 15 is completed, the user interface program 43 on the management terminal 15 transmits the information input on the input screen 51 to the management server 13. Then, the manager program 23 on the management server 13 acquires the transmitted input information. In order to specify the firewall to be set, the manager program 23 of the management server 15 needs to suppress the form of the network. For this purpose, the connection configuration between the domain and the firewall is described in the firewall configuration information table 24 shown in FIG.

The firewall configuration information table 24
27, a domain name field 61 indicating a domain and a firewall name field 62 indicating a firewall connected to the domain, as shown in FIG.
And an adjacent domain name field 63 indicating a domain adjacent to the domain described in the domain name field 61 across the firewall. In the case of the network environment shown in FIG. 21 and adopted in the present embodiment, the domain 2 (12b) has the firewall 1 (14
a) and the firewall 2 (14b) are connected. The domain 1 (12a) is adjacent to the firewall 1 (14a) side, and the Internet (11) is adjacent to the firewall 2 (14b) side. At this time, each field of the firewall configuration information table 24 has entries 64a, 64
The contents shown in b, 64c and 64f are registered.

Next, a processing procedure in which the manager program 23 specifies a firewall to be set will be described with reference to FIGS. 28 and 29. In this process, the manager program 23 executes the client address 5 used by the user.
3, a firewall to be set is determined by using the server address 54 and the firewall configuration information table 24 to specify a firewall to pass through.

The domain format address has a format in which the host name and the domain name to which the client belongs are combined. Therefore, as shown in FIG. 27A, the manager program 23 first obtains the domain name (client domain name) to which the client belongs by removing the host name from the client address 53 given in the domain format. . For example, if the domain format is
When “www.xyz.co.jp”, www is the host name, and the client domain name is xyz.co.jp. Then, the obtained client domain name is added to the head of the transit domain list 216 (S71).

The transit domain list 216 is a list for storing the domain names that pass between the client and the server. How the transit domain list 216 is specifically used will be described later in detail with reference to FIG. Next, the process A (S74) is executed for the client domain name (S72). Process A is a recursive call procedure, and is a process of acquiring the transit domain list 216. Therefore, when exiting from this processing, the transit domain list 216 from the client to the server is completed. Lastly, a list of firewalls to be passed through (routed firewall list) is obtained by obtaining the names of the firewalls between the continuous domain names in the routed domain list 216 and the firewall configuration information table (S7).
3). This transit firewall list is stored as an entry in the transit firewall table 214 shown in FIG.

The via firewall table 214 is
This is a table for storing the result of the process of specifying the setting target firewall, and includes a client address field 81, a server address field 82, and a via firewall list field 83.
The client address field 81 and the server address field 82 are fields for storing a client address and a server address, respectively. The via firewall list field 83 is, as described above,
As a result of the process of specifying the setting target firewall, the client address 53 to the server address 54
Contains a list of firewalls on the path to In other words, a series of firewalls described in the via firewall list field 83 are the firewalls to be set by the manager program 23 when the client performs the service from the server.

Next, the process A (S74) will be described. The argument given to this process A is a domain name,
It is a firewall configuration information table 24 and a via domain list 216. The process A is a recursive call procedure (Recursive Call). First, the manager program 53 searches for an entry in which the given domain name matches the domain name field 61 of the firewall configuration information table 24. Then, the adjacent domain name field 6 of the matched entry
A list is created from the domain names described in S3 (S7)
5). This is called an adjacent domain name list.

If there is no element in the adjacent domain name list (S76), the process exits from the process A. If there is an element in the adjacent domain name list (S76), one domain name is selected from the list. If the selected domain name is already used in the transit domain list 216, another domain name is selected from the adjacent domain name list (S7).
7). If not used in the via domain name list,
It is added to the via domain name list (S78). And
It is checked whether the domain name just added is equal to the domain name to which the server belongs (server domain name) (S79).
If the added domain name is equal to the domain name to which the server belongs (server domain name) (S79), the transit domain list 216 is stored in another area (S710). The domain list saved at this point becomes the transit domain list 216 that is the answer to this process.

Then, the last added domain name in the transit domain list 216 is deleted. This is a procedure that is needed to undo and process the transit domain search because the procedure uses a recursive call.

Then, the process returns to the process of examining the adjacent domain list (S76). If the added domain name is not equal to the server domain name (S79), the process A is recursively called using the added domain name as an argument (S71).
2). When the process exits from the process A, the last added domain name in the transit domain list 216 is deleted (S713). This is also a process that is necessary when the process A is a recursive call and exits from the process, because the search with the domain name added last is completed. In the process A, since a recursive call is used, even when there are a plurality of routes from the client to the server, the search can be performed for all the routes, and all the possible routes can be found. .

Here, a process for specifying a firewall to be set when a client belonging to “domain 1” accesses a server belonging to “domain 3” will be specifically described with reference to FIG. First, “domain 1” is added to the head of the via domain list 216 (S71, FIG.
9 (a)). Next, as an argument for passing “domain 1” to the process A, the process A (S
74) is started (S72). First, as an entry in which “domain 1” and the domain name field 61 match, 6
5a is detected, and “domain 2” described in the adjacent domain name field 63 is added to the adjacent domain list (S75).

Next, "domain 2" is selected from the adjacent domain list (S76). Since "domain 2" is not in the transit domain list 216 (S77), "domain 2"
Is added to the via domain list 216 (S78, FIG. 29).
(B)). Since "domain 2" is not equal to the server domain name "domain 3" (S79), "domain 2"
The processing A (S74) for acquiring the transit domain list 216 is started with the argument as an argument (S712). Next, the process A (S74) is called with "domain 2" as an argument,
From the entries 64b and 64c, "domain 2" and "domain 1" are obtained as the adjacent domain list. "Domain 1" is already via domain list 21
6 and is omitted from the candidates (S77).
Therefore, at this stage, the transit domain list 216 shown in FIG. 29C is obtained.

Next, the process A (S74) is called with the domain name "Internet" as an argument. With the “Internet” as a key, the obtained adjacent domains are “domain 2”, “domain 3”, and “domain 4” from the entries 64f, 64g, and 64h, respectively.
Since “domain 2” already exists in the transit domain list 216, it is omitted from the candidates, and becomes equal to the server domain name when “domain 3” is added to the transit domain list 216 (S79). Is stored as an answer (S710). Thereafter, the added domain “domain 3” is deleted (S711). And
Returning to the state of FIG. 29 (3), the search is continued. Finally, the transit domain list 21 in the state of FIG.
6 is the answer to this process, and “domain 1”, “domain 2”, “internet”, and “domain 3” can be obtained.

[0103]

According to the present invention, for a plurality of network devices, setting contents related to each device can be created without inconsistency, and it is checked whether inconsistency has occurred in already created setting information. Will be able to do it.

[Brief description of the drawings]

FIG. 1 is a diagram illustrating the principle of tunneling.

FIG. 2 is a diagram illustrating a multi-stage firewall environment.

FIG. 3 is an overall configuration diagram in one embodiment of the present invention.

FIG. 4 is a configuration diagram of a management server.

FIG. 5 is a diagram showing the contents of a policy file according to the first embodiment.

FIG. 6 is a diagram showing contents of a setting file in the first embodiment.

FIG. 7 is a flowchart illustrating processing for creating a setting file according to the first embodiment.

FIG. 8 is a flowchart illustrating a process of checking the consistency of a setting file according to the first embodiment.

FIG. 9 is an overall configuration diagram in a second embodiment.

FIG. 10 is a diagram showing the contents of a policy file according to the second embodiment.

FIG. 11 is a diagram showing the contents of a setting file according to the second embodiment.

FIG. 12 is a flowchart illustrating processing for creating a setting file according to the second embodiment.

FIG. 13 is a flowchart illustrating processing for checking the consistency of a setting file according to the second embodiment.

FIG. 14 is a setting file check flow according to the third embodiment.

FIG. 15 is an overall configuration according to a third embodiment.

FIG. 16 is a diagram showing the contents of a policy file according to the third embodiment.

FIG. 17 is a diagram showing the contents of a setting file according to the third embodiment.

FIG. 18 is a flowchart illustrating processing for creating a setting file according to the third embodiment.

FIG. 19 is a flowchart illustrating processing for checking consistency of a setting file according to the third embodiment.

FIG. 20 is a diagram showing a configuration of a network device on a communication path for distributing setting information from the management server to the firewall.

FIG. 21 is a network configuration diagram of a firewall general management system according to a fourth embodiment.

FIG. 22 is a hardware configuration diagram of a management server 13 according to a fourth embodiment.

FIG. 23 shows a firewall 14 in the fourth embodiment.
The hardware block diagram of a-14d.

FIG. 24 is a hardware configuration diagram of a management terminal 15 according to the fourth embodiment.

FIG. 25 is a diagram schematically illustrating a process of setting a firewall by the firewall integrated management system according to the fourth embodiment.

FIG. 26 is a diagram showing an input screen 51 on the management terminal 15 when a manager inputs setting information in the fourth embodiment.

FIG. 27 is a diagram showing a firewall configuration information table 24 on the management server 13 according to the fourth embodiment.

FIG. 28 shows a manager program 2 in the fourth embodiment.
3 is a flowchart showing processing for specifying a firewall set by 3;

FIG. 29: Via domain list 2 in the fourth embodiment
The figure which showed the content of 16 for every state.

FIG. 30 is a diagram showing a transit firewall table 214 on the management server 13 in the fourth embodiment.

[Explanation of symbols]

301 ... Internet, 302 ... Organization Network, 303
... organization network, 304 ... organization network, 305 ...
Router, 306 ... Router, 307 ... Router, 308 ... Local Network, 309 ... Management Server, 401 ... CPU, 402 ...
Network interface, 403 ... disk, 404 ...
Memory, 405: Policy file, 406: Setting file, 407: Operating system, 408: File editing program, 409: Setting file creation program,
410: data transfer program; 411: input / output device. 501
… Component device information section, 502… Policy section, 601… Tunnel setting information section, 901… Internet, 902… Organization network, 903… Subnetwork, 904… Subnetwork, 905… Firewall, 906… Firewall, 907… Firewall, 908 ... Management server, 1001 ... Component information section, 1002 ... Policy section, 1101 ... Access control information section, 1401 ... Internet, 1402 ... Organization network, 1403 ... Subnetwork, 1404 ... Subnetwork, 1405 ... Firewall, 1406 ... Firewall, 1407… Firewall, 1408… Management server, 1409… Remote network, 1410… Firewall, 1411… Client computer, 1412… Client computer, 1413… Server computer, 1414… Server computer, 1501… Forming device information section, 1502 ... user policy section, 1601 ... access control information section, 1602 ... user authentication information section, 1701 ... route information list, 2001 ... CPU, 2002 ... network interface, 2003 ... disk, 2004 ... memory, 2005
... Operating system, 2006 ... Agent program, 2007 ... Data relay program, 2008 ... Relay path information table, 2009 ... I / O device.

 ──────────────────────────────────────────────────続 き Continued on the front page (72) Inventor Masatoshi Terada 1099 Ozenji Temple, Aso-ku, Kawasaki City, Kanagawa Prefecture Inside Hitachi, Ltd.System Development Laboratory (72) Inventor Yoshinori Watanabe 1099, Ozenji Temple, Aso-ku, Kawasaki City, Kanagawa Prefecture (72) Inventor Takaaki Ogino 5030 Totsuka-cho, Totsuka-ku, Yokohama-shi, Kanagawa Prefecture F-term (reference) 5B089 GA11 GA31 GB02 GB03 HA10 JA35 JB15 KA12 KA13 KB04 KB13 KC30 KC58 KH30 5J104 AA07 KA02 NA21 NA30 PA07 5K030 GA11 GA15 HA08 HC01 HC14 HD03 JA10 KA04 KA05 LD19 LD20 MC07 9A001 BB02 BB03 BB04 CC03 CC07 DD10 EE03 JJ18 JJ25 JJ27 KK37 KK56 LL03 LL09

Claims (9)

[Claims] 1. A network management system, comprising: a plurality of network devices operating in cooperation with each other; and a management server managing the plurality of network devices, wherein the management server is configured to mutually set the network devices to be set. A means for creating related setting information with consistency of the setting information; and a means for confirming consistency of mutually related setting information set in the plurality of network devices. A network management system, characterized in that: 2. The network management system according to claim 1, wherein the management server derives the mutually related setting information from meta-level setting information, and is set in the plurality of network devices. A means for collecting setting information that is related to each other. 3. The network management system according to claim 1, wherein said mutually related setting information is tunneling setting information. 4. The network management system according to claim 1, wherein said network device is a firewall, and said setting information is setting information relating to access control performed by said firewall. system. 5. The network management system according to claim 1, wherein the network device is a server, and the setting information is an access right setting policy of the server. 6. The network management system according to claim 1, wherein the network device is a computer that executes a network application for exchanging data periodically, and wherein the setting information is setting information related to the network application. A network management system, characterized in that: 7. The network management system according to claim 1, further comprising a firewall between the management server and the network device, wherein the management server relays setting information to the firewall. A network management system comprising: means for distributing means; and the distributed relay means includes means for setting the setting information to the network device. 8. The network management system according to claim 7, wherein the management server and the relay unit include a mutual authentication unit and a data encryption unit. 9. A firewall integrated management system applied to a network in which a firewall is provided between management units of the network, wherein a management server for setting management information in the firewall is provided, and the management server is provided with a firewall interposed. A firewall general management system, comprising a manager program for setting management information to a firewall.