DETAILED ACTION
This Office Action is in response to the amendment filed on December 28, 2020.

Notice of Pre-AIA  
The present application is being examined under the pre-AIA  first to invent provisions. 

Response to Amendment
The amendment filed on 12/28/2020 has been entered and fully considered.

Drawings
The drawings were received on 02/24/2021.  These drawings are acceptable.

Terminal Disclaimer
The terminal disclaimer filed on 02/11/2021 disclaiming the terminal portion of any patent granted on this application which would extend beyond the expiration date of 10,476,843 has been reviewed and is accepted.  The terminal disclaimer has been recorded.

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in an electronic communication with Kevin K. Jones (Registration Number 56,809) on February 17, 2021.

Please replace the claims as follows:

1.	(Currently Amended)  A method for implementing a distributed firewall on a host running a plurality of endpoints and a firewall manager, wherein each endpoint of the plurality of endpoints is associated with a virtual machine (VM) that has a plurality of attributes and an Internet protocol (IP) address associated therewith, the method comprising: 
	identifying an update to an attribute of the plurality of attributes;
identifying a policy rule comprising the updated attribute to transform into one or more firewall rules; 
matching an attribute in a source machine dependent condition of the identified policy rule to the updated attribute;
generating a source machine identifier of a set of firewall rules for each virtual machine that satisfies the attribute of the source machine dependent condition of the identified policy rule; and
            using the endpoint identifier and the source machine identifier to transform the identified policy rule to one or more new firewall rules.

	2.	(Currently Amended) The method of claim 1, wherein the updated attribute is software that the VM executes.

3.	(Currently Amended) The method of claim 1, 
wherein the updated attribute is one of the following: 


matching an attribute in a destination machine dependent condition of the identified policy rule to the updated attribute;
generating a destination machine identifier of the set of firewall rules for each virtual machine that satisfies the attribute of the destination machine dependent condition of the identified policy rule; and
            using the endpoint identifier, the source machine identifier, and the destination machine identifier to transform the identified policy rule to one or more new firewall rules.

9. (Currently Amended)	One or more computer-readable media having computer-executable instructions for implementing a distributed firewall on a host running a plurality of endpoints, wherein an endpoint of the plurality of endpoints is associated with a virtual machine (VM) that has a plurality of attributes and an Internet protocol (IP) address associated therewith, the computer-executable instructions causing one or more processors to perform operations comprising:
identifying an update to an attribute of the plurality of attributes;
identifying a policy rule comprising the updated attribute to transform into one or more firewall rules;
matching an attribute in a source machine dependent condition of the identified policy rule to the updated attribute;
generating a source machine identifier of a set of firewall rules for each virtual machine that satisfies the attribute of the source machine dependent condition of the identified policy rule; and
using the endpoint identifier and the source machine identifier to transform the identified policy rule to one or more new firewall rules.

wherein the updated attribute software that the VM executes.

11.	(Currently Amended) The one or more computer-readable media of claim 10, wherein the updated attribute is one of the following: 

13.	(Previously Presented)  The one or more computer-readable media of claim 9, wherein the computer-executable instructions further cause the one or more processors to perform operations comprising:
matching an attribute in a destination machine dependent condition of the identified policy rule to the updated attribute;
generating a destination machine identifier of the set of firewall rules for each virtual machine that satisfies the attribute of the destination machine dependent condition of the identified policy rule; and
 using the endpoint identifier, the source machine identifier, and the destination machine identifier to transform the identified policy rule to one or more new firewall rules.

17.	(Currently Amended) A computer system, wherein system software for the computer system is programmed to execute a method for implementing a distributed firewall, the computer system comprising:
	a memory storing policy rules;
virtual machine (VM) that has a plurality of attributes and an Internet protocol (IP) address associated therewith; 
a firewall manager running on the host, the firewall manager configured to: 
identify an update to an attribute of the plurality of attributes;
identify a policy rule comprising the updated attribute to transform into one or more firewall rules;
match an attribute in a source machine dependent condition of the identified policy rule to the updated attribute;
generate a source machine identifier of a set of firewall rules for each virtual machine that satisfies the attribute of the source machine dependent condition of the identified policy rule; and
use the endpoint identifier and the source machine identifier to transform the identified policy rule to one or more new firewall rules.

18.	(Currently Amended) The computer system of claim 17, wherein the updated attribute is one of the following: a software that the VM executes, a location of the VM, or a network property of the VM.

19.	(Currently Amended) The computer system of claim 18, wherein the network property of the machine is the IP address associated with the VM.

20.	(Currently Amended) The computer system of claim 17, wherein the firewall manager is further configured to:

generate a destination machine identifier of the set of firewall rules for each virtual machine that satisfies the attribute of the destination machine dependent condition of the identified policy rule; and
 use the endpoint identifier, the source machine identifier, and the destination machine identifier to transform the identified policy rule to one or more new firewall rules.


Allowable Subject Matter
Claims 1-20 are allowed.
The following is a statement of reasons for the indication of allowable subject matter:  In interpreting the currently amended claims, in light of the specification as well arguments presented in the responses to the Office actions, the Examiner finds the claimed invention to be patentably distinct from the prior art of record.

Litvin, U.S. Pub. Number 2009/0249472 A1, teaches moving firewall policies and connection data that pertain to individual virtual machines from one host node to another. When a virtual machine is moved to a new host node, the firewall policies and connection data pertaining to that virtual machine are moved to the firewall of the new host node. And using firewall coordinators to allow users of various levels of authority to provide different layers of firewall policies for a virtual machine to determine whether access will be granted or denied for a particular packet or whether the decision to grant access or deny access will be delegated to a lower level set of firewall policies.



Newly cited reference, Wilkinson, U.S. Pat. Number 7,966,659 B1, teaches collecting information from one or more security devices distributed in the network. The collected information is converted or applied to a system context or view, which may include transforming the information into machine understandable language. A system context allows a user and/or entity to view a representation of an entire network or a subset of the network. Rules and/or policies are created for use with a security device or firewall utilizing the system context. 

Newly cited reference, Ben-Itzhak, U.S. Pub. Number 2005/0038881 A1, teaches updating of a security policy within a computerized system protected by at least one security package. Using a security policy creation module to define how a set of logical rules may govern whether a specific attribute will be applied and effect a new, updated policy, or not.

Although, the combination of all the references above discloses a methods and systems to modify, update and create new firewall policy associating with a virtual machine within host nodes and transform information into firewall rule. What is missing from the prior art is a teaching, motivation, or suggestion to identifying an update to an attribute of the plurality of attributes; identifying a policy rule comprising the updated attribute to transform into one or more firewall rules; matching an attribute in a 
	Thus the prior art, when taken individually or in combination, does not fairly teach or suggest the limitations as a whole set forth in claims 1, 9, and 17, and thus these claims are considered allowable. The dependent claims which further limit claims 1, 9, and 17 are also allowed by virtue of their dependency.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”
Any inquiry concerning this communication or earlier communications from the examiner should be directed to VU V TRAN whose telephone number is (571)270-1708.  The examiner can normally be reached on M-F, 8 AM- 4 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 571-272-3972.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available 
/VU V TRAN/Examiner, Art Unit 2491                                                                                                                                                                                                        

/ALEXANDER LAGOR/Primary Examiner, Art Unit 2491