DETAILED ACTION
This communication is responsive to the application # 16/286,190 filed on February 26, 2019. Claims 1-18 are pending and are directed toward AUTOMATIC CONFIGURATION OF PERIMETER FIREWALLS BASED ON SECURITY GROUP INFORMATION OF SDN VIRTUAL FIREWALLS.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.


 Claims 1-18 are rejected under 35 U.S.C. 102(a)(1) as being unpatentable over Bansal et al. (US 2017/0005986, Pub. Date: Jan. 5, 2017) from IDS, hereinafter referred to as Bansal.
As per claim 1, Bansal teaches a method comprising: accessing, with a security management system of a data center (Some embodiments provide a central firewall management system that can be used to manage different firewall devices from a single management interface, Bansal, [0004]), a centralized network controller for a software defined network within the data center (FIG. 2 illustrates one example of the different firewalls that the network controller set of some embodiments can configure. Bansal, [0013]) to obtain security group information for a virtual firewall of the software defined network, wherein the security group information specifies a cluster of virtual machines of the software defined network that is protected by the virtual firewall that provides network security for traffic flowing between applications executing on the cluster of virtual machines (For instance, an AppliedTo firewall rule can be limited (by the AppliedTo tuple) to a security group that is specified in terms of a particular compute cluster and a particular logical network that connects a particular tenant's VMs that execute on the cluster's hosts. Security groups can be specified by users (e.g., network administrators) in some embodiments. Bansal, [0102]); and
automatically configuring, with the security management system (Conjunctively, or alternatively, security groups can be specified by automated process in some embodiments. As shown by entry 1040, a wildcard value can also specify an AppliedTo tuple. The wildcard value in some embodiments signifies all possible values for the Applied To tuple (e.g., all VNICs). Bansal, [0102]), a perimeter firewall positioned on the edge of the data center with one or more security policies based on the security group information from the virtual firewall of the software defined network, wherein the perimeter firewall provides network security for traffic flowing between the software defined network and devices external to the data center (As shown in FIG. 5, the AppliedTo window 500 also includes controls 550 and 555 to specify that the rule should be applied to all perimeter firewall devices and on all clusters that implement the distributed firewall. As mentioned above, a distributed firewall for a logical network is implemented by the port-level firewall engines on several hosts that execute the VMs of the logical network. Bansal, [0067]).
As per claim 2, Bansal teaches the method of claim 1, wherein the security management system is provided by a first entity, wherein the centralized network controller is provided by a second entity, wherein the centralized network controller configures the security group information in a syntax that conforms to requirements of the virtual firewall, and wherein automatically configuring the perimeter firewall comprises automatically constructing, by the security management system of the first entity, the one or more security policies using address group information translated from the security group information (Bansal, [0099]), wherein the security management system configures the address group information in a syntax that conforms to the requirements of the perimeter firewall (Bansal, [0091]).
As per claim 3, Bansal teaches the method of claim 2, wherein accessing the centralized network controller of the software defined network comprises: receiving, by the security management system of the first entity and from the centralized network controller of the second entity, dynamic membership criteria associated with the cluster of virtual machines; and mapping, by the security management system, the dynamic membership criteria associated with the cluster of virtual machines to the address group information (Bansal, [0154]).
As per claim 4, Bansal teaches the method of claim 3, wherein the dynamic membership criteria comprises at least one of a security tag, a VM name, and a logical switch name (Bansal, [0071]).
As per claim 5, Bansal teaches the method of claim 2, further comprising; in response to a change in the security group information, updating, by the security management system, the Bansal, Figure 16).
As per claim 6, Bansal teaches the method of claim 1, wherein the virtual firewall is a distributed firewall implemented across a plurality of servers of the data center (Bansal, [0067]).
Claims 7-18 have limitations similar to those treated in the above rejection, and are met by the references as discussed above, and are rejected for the same reasons of anticipation as used above.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to OLEG KORSAK whose telephone number is (571)270-1938.  The examiner can normally be reached on Monday-Friday 7:30am - 5:00pm EST.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on (571)272-4006.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


Primary Examiner, Art Unit 2492