Managing multiple network security devices from a manager device

Abstract

The present invention is directed to a facility for using a security policy manager device to remotely manage multiple network security devices (NSDs). The manager device can also use one or more intermediate supervisor devices to assist in the management. Security for the communication of information between various devices can be provided in a variety of ways. The system allows the manager device to create a consistent security policy for the multiple NSDs by distributing a copy of a security policy template to each of the NSDs and by then configuring each copy of the template with NSD-specific information. For example, the manager device can distribute the template to multiple NSDs by sending a single copy of the template to a supervisor device associated with the NSDs and by then having the supervisor device update each of the NSDs with a copy of the template. Other information useful for implementing security policies can also be distributed to the NSDs in a similar manner. The system also allows a manager device to retrieve, analyze and display all of the network security information gathered by the various NSDs while implementing security policies. Each NSD can forward its network security information to a supervisor device currently associated with the NSD, and the manager device can retrieve network security information of interest from the one or more supervisor devices which store portions of the information and then aggregate the retrieved information in an appropriate manner.