DETAILED ACTION
This communication is responsive to the application # 16/248,824 filed on January 16, 2019. Claims 1-20 are pending and are directed toward NETWORK POLICY MIGRATION TO A PUBLIC CLOUD.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.


 Claims 1-20 are rejected under 35 U.S.C. 102(a)(2) as being unpatentable over Raman et al. (US 2020/0366645, priority at least Feb. 19, 2018), hereinafter referred to as Raman.
claim 1, Raman teaches a method of migrating a firewall policy between a first virtual data center and a second virtual data center (In some embodiments, a GVM can migrate from a first host to a second host in a multi-host environment. For such environments, the SVMI APis also allow the firewall SVM to specify the firewall engine's behavior to prepare for such a GVM migration. Raman, [0008]), comprising:
generating a static firewall from a firewall document at a first firewall server in the first virtual data center, the firewall document defining polices applied to groups of objects in the first virtual data center (For instance, the SVMI APis include a set of one or more APis that allows a firewall SVM on the GVM's first host or second host to obtain the set of entries in the firewall engine's connection state data store that relate to the migrating GVM. Raman, [0008]), the static firewall including firewall rule tuples (The firewall engine in some embodiments receives a set of attributes ( called tuples) for a packet that is received for or sent by a GVM. Raman, [0003]);
sending the static firewall from the first firewall server to a second firewall server in the second virtual data center (Through this API set, the SVM on the first host can receive, update, and supply connection state information. The firewall engine of the first host can then send directly or indirectly (through a VM migrator executing on the host) the supplied connection state information to the firewall engine of the second host. Raman, [0008]);
migrating a plurality of virtual machines (VMs) from the first virtual data center to the second virtual data center (GVM1…GVMX, Raman, Figure 11); and
importing the firewall document from the first firewall server to the second firewall server by mapping the policies of the first firewall to groups of objects in an inventory of the second virtual data center (receive and possibly update connection state information from the firewall engine on the second host. Accordingly, this API set relieves the firewall SVMs on the first and second hosts from having to have a separate mechanism to synchronize their firewall states. Raman, [0008]).
As per claim 2, Raman teaches the method of claim 1, wherein the step of generating the static firewall comprises exporting the firewall document into a machine-readable format (Raman, [0098]).
As per claim 3, Raman teaches the method of claim 2, wherein the step of sending the static firewall comprises exporting the static firewall into a machine-readable format (Raman, [0086]).
As per claim 4, Raman teaches the method of claim 1, further comprising: receiving a change to the firewall document; and modifying the static firewall by adding, editing, or removing one or more firewall rule tuples in response to the change (Raman, [0089], Figure 3, [0065]).
As per claim 5, Raman teaches the method of claim 1, further comprising: obtaining migration information at the first firewall server from the second firewall server; wherein the policies of the first firewall are mapped to the groups of objects in the inventory of the second virtual data center based on the migration information (Raman, [0094], [0102]).
As per claim 6, Raman teaches the method of claim 1, further comprising: receiving a manual mapping from an administrator; and adding the manual mapping when importing the firewall document from the first firewall server to the second firewall server (Raman, [0010]).
As per claim 7, Raman teaches the method of claim 1, further comprising: replacing the static firewall with the imported firewall document at the second firewall server (Raman, [0100], [0101]).
Claims 8-20 have limitations similar to those treated in the above rejection, and are met by the references as discussed above, and are rejected for the same reasons of anticipation as used above.
Claims 1-20 are rejected under 35 U.S.C. 102(a)(1) as being unpatentable over Litvin et al. (US 2009/0249438, Pub. Date: Oct. 1, 2009), hereinafter referred to as Litvin.
As per claim 8, Litvin teaches a non-transitory computer readable medium comprising instructions, which when executed in a computer system, causes the computer system to carry out a method of migrating a firewall policy between a first virtual data center and a second virtual data center (Litvin, Claim 18), comprising:
generating a static firewall from a firewall document at a first firewall server in the first virtual data center, the firewall document defining polices applied to groups of objects in the first virtual data center (The firewall policies and connection tables for all virtual machines on a given host node are implemented by a firewall for that host node (the firewall of a host node is sometimes referred to herein as a "virtual network firewall"). The virtual network firewall allows packets of data to pass to or from a particular virtual machine only if those packets are permissible according to the policies applicable to that particular virtual machine. For example, a virtual network firewall might allow all packets from one particular computer address (i.e., an IP address) and deny all packets from another particular IP address. Litvin, [0013]), the static firewall including firewall rule tuples (Litvin, [0043]);
sending the static firewall from the first firewall server to a second firewall server in the second virtual data center (As described above, when a virtual machine is moved to a new node, the firewall of the new node retrieves a copy of the connection table data relating to that virtual machine from the firewall of the previous node. Litvin, [0147]);
Litvin, Claim 10, Figure 19); and
importing the firewall document from the first firewall server to the second firewall server by mapping the policies of the first firewall to groups of objects in an inventory of the second virtual data center (In stage 2, the virtual machine 1914 has been moved to host node 1940, the policies 1920 have been moved the policy table for host node 1940, and the data tuples 1921 have been moved to the connection table for host node 1940. Litvin, [0166]).
As per claim 9, Litvin teaches the non-transitory computer readable medium of claim 8, wherein the step of generating the static firewall comprises exporting the firewall document into a machine-readable format (Litvin, Figure 12A).
As per claim 10, Litvin teaches the non-transitory computer readable medium of claim 9, wherein the step of sending the static firewall comprises exporting the static firewall into a machine-readable format (Litvin, Figure 12A).
As per claim 11, Litvin teaches the non-transitory computer readable medium of claim 8, further comprising: receiving a change to the firewall document; and modifying the static firewall by adding, editing, or removing one or more firewall rule tuples in response to the change (Litvin, [0020],[0021]).
As per claim 12, Litvin teaches the non-transitory computer readable medium of claim 8, further comprising: obtaining migration information at the first firewall server from the second firewall server (Litvin, [0017]);
wherein the policies of the first firewall are mapped to the groups of objects in the inventory of the second virtual data center based on the migration information (Litvin, [0023]).
claim 13, Litvin teaches the non-transitory computer readable medium of claim 8, further comprising: receiving a manual mapping from an administrator; and adding the manual mapping when importing the firewall document from the first firewall server to the second firewall server (Litvin, [0233]).
As per claim 14, Litvin teaches the non-transitory computer readable medium of claim 8, further comprising: replacing the static firewall with the imported firewall document at the second firewall server (Litvin, [0054], [0055]).
Claims 1-7 and 15-20 have limitations similar to those treated in the above rejection, and are met by the references as discussed above, and are rejected for the same reasons of anticipation as used above.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).

The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-20 are provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of copending Application No. 16/248,828 (reference application). Although the claims at issue are not identical, they are not patentably distinct from each other because all elements of claims 21-40 of the instant application correspond to elements of claims 1-20 of the reference application.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to OLEG KORSAK whose telephone number is (571)270-1938.  The examiner can normally be reached on 5:00 AM- 4:00 PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on (571) 272-4006.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/OLEG KORSAK/
Primary Examiner, Art Unit 2492