ALLOWABILITY NOTICE

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 09/10/2020 has been acknowledged and considered by the examiner.

Allowable Subject Matter 
	Claims 1-20 are allowed.  

Reasons for Allowance
The following is an examiner’s statement of reasons for allowance:  None of the closest prior art of record (Varadhan et al. U.S. 8,316,435 B1, Chang et al. U.S. 2013/0019277 A1 and Kirby et al. U.S. 9,369,431 B1), solely or in combination, fairly teach or suggest claims 1, 13 and 17, in particular, a method, system and non-transitory computer readable storage medium for evaluating, by a network controller, a first ZFW policy to determine one or more first edge network devices that can reach one or more first network segments mapped to a first source zone specified by the first ZFW policy, one or more second edge network devices that can reach one or more second network segments mapped to a first destination zone specified by the first ZFW policy, and first routing information, from a master route table, between the one or more first network segments, the one or more first edge network devices, the one or more second edge network devices, and the one or more second network segments, in combination with the other limitations recited in the claims. 
In regards to the closest prior art, Varadhan discloses a routing engine primarily responsible for maintaining a routing information base (RIB) to reflect current network topology and other network entities (see Varadhan; column 9 lines 12-15).  A firewall that provides zone-based firewall services that allow zone-based security policies to be defined and applied for different network interfaces (see Varadhan; column 6 lines 31-39). Using syntax, such as from-zone and to-zone to define the security policies.  In other words, defining specified zones for the policies to apply (see Varadhan; column 7 lines 36-67).
Chang discloses security zone based policies, wherein each zone policy has a set of one or more matching criteria or conditions (see Chang; paragraph 0030).  A zone rule is a firewall rule-like construct that allows the zone manager to specify a set of conditions that can be used to associate incoming traffic to a set of security zones (see Chang; paragraph 0031).  When a firewall sees incoming network traffic, it first runs the traffic through all the zone rules in order to correlate the traffic with one or more zones, thereby associating or creating a zone membership in the one or more zones. Later, the zone membership associated with the traffic is used as criteria for enforcing the rule associated with a particular zone. An advantage of a zone rule approach is that the policy does not have to be updated when any VM or network attributes are changed (see Chang; paragraph 0032).
Kirby discloses a security device controller provides reporting and analytics information. For example, the security device controller can generate reports on the configured and/or managed security devices in a network (e.g., how many rules are in common across a group of 
However, Varadhan, Chang and Kirby, alone or in combination, does not teach or suggest the limitations discussed above in regards to the independent claims 1, 13 and 17.  For example, Varadhan, Chang and Kirby fail to disclose a network controller that evaluates a single zone based firewall policy to determine a first and second edge network device that can reach specified zones, e.g. source and destination, of a network and mapped to corresponding network segments using routing information from a master route table, as well as, in combination with the other limitations in the claims as arranged by the applicant.
The dependent claims 2-12, 14-16 and 18-20 further limit the independent claims and are considered allowable on the same basis as the independent claims, as well as, for the further limitations set forth.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
Mao et al. (U.S. 2003/0065944 A1) discloses a firewall engine operable to inspect and filter inter-zone packets using a zone specific policy prior to routing.
Kayashima et al. (U.S. 7,143,151 B1) discloses a single domain being managed by a unified policy.
Bryson et al. (U.S. 2010/0100616 A1) discloses controlling traffic in security zones.
Koponen et al. (U.S. 2013/0142203 A1) discloses multi-domain interconnect.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to ADAM A COONEY whose telephone number is (571)270-5653.  The examiner can normally be reached on M-F 7:30am-5:00pm (every other Fri off).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Rupal Dharia can be reached on 571-272-3880.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished 




/A.A.C/Examiner, Art Unit 2443                                                                                                                                                                                                        08/12/2021

/RUPAL DHARIA/Supervisory Patent Examiner, Art Unit 2443