DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

This Office Action is in response to Application filed on August 11, 2020 in which claims 1-15 are presented for examination.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on November 18, 2020 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1, 3-6, 8-11 and 13-15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Saavedra et al. US Patent No. 10,785,190 in view of SHI et al. US Publication No. 2018/0324144.

Regarding claim 1, Saavedra et al. disclose “a system for autonomous firewall rule management, for use with a cloud computing environment or other type of network environment, comprising: a computer or other electronic device including a processor, and having a firewall rule management automation framework operating thereon and adapted to automatically: determine firewalls that can receive network traffic from a given source subnet or destination subnet; configure the firewalls with required firewall rules; monitor the firewall rules through collection of metrics snapshots and rule hit counts” by providing a unified firewall manager (See Col. 2, lines 10-27 describing a network system for distributed firewall management for client sites. The system has a plurality of firewalls corresponding to a plurality of client site network components, each firewall integrated with a client site network component to provide rules, security controls, or policy controls for the respective client site network component, each client site network component implemented at a respective client site. The system has a centralized firewall network controller configured to manage the rules, security controls, or policy controls for the plurality of firewalls as a single control pane so as to provide a managed firewall network that incorporates connections of the plurality of client site network components, the single control pane implementing a template based firewall policy and rule management with asset alias capacity to manage a plurality of assets across the plurality of client site network components). It is noted, however, Saavedra et al. did not specifically detail the aspects of “purge underused or potentially obsolete firewall rules” as recited in the instant claim 1. On the other hand, SHI et al. achieved the aforementioned claimed features by providing a system For Supporting Dynamic Firewall Configuration For Internet Access, Has Network Appliance Removing Firewall Rules Previously Added Such That Traffic From Devices In Protected Network Is Routed Over Tunnel When Tunnel Is Established (See AHI et al. Abstract; Figure 3, Component 312 describing removing the firewall rules). It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to have incorporated the purging mechanism of SHI et al. into the firewall rule manager of Saavedra et al. because that would have enhanced the versatility of Saavedra et al. by allowing it to configure firewall rules of a VPN gateway of a protected network so that users of devices in the protected network can access Internet securely via a captive network.

As per claims 3-4, Saavedra et al. disclose “wherein the firewall rule management automation framework comprises a rule applier adapted to use device-independent playbooks to apply a rule configuration to one or more different types of firewalls as dictated by the rule generator” (as a service rule structures or rule processing wherein the CPE-CE 124a also may be integrated with a firewall 127a that applies rules and/or security and policy controls to traffic so as to protect one or more nearby assets); “wherein the firewall rule management automation framework comprises a metrics monitor that periodically polls firewalls configured with each rule and determines a hit count, to create a snapshot and populate a metrics database” (describing The SCN Portal can be provided for accessing and configuring a cloud network controller 140 for ease of deployment and management of the VWAN. The SCN Portal can provide the following exemplary features: OE, Install and Configuration, Monitoring & Management Plugs Into Existing Monitoring System Centralized Firewall, WiFi, & VWAN Control Consistent Monitoring, Reporting & Management for all sites regardless of local carrier or connection type). 

As per claim 5, SHI et al. disclose “wherein the firewall rule management automation framework comprise a rule purger that scans the metrics database and checks if any of the rules identified therein are obsolete, and if so then removes that rule from the firewall using the rule applier” by providing a system For Supporting Dynamic Firewall Configuration For Internet Access, Has Network Appliance Removing Firewall Rules Previously Added Such That Traffic From Devices In Protected Network Is Routed Over Tunnel When Tunnel Is Established (See AHI et al. Abstract; Figure 3, Component 312 describing removing the firewall rules).

Regarding claim 6, Saavedra et al. disclose “a method for autonomous firewall rule management, for use with a cloud computing environment or other type of network environment, comprising: automatically determining firewalls that can receive network traffic from a given source subnet or destination subnet; automatically configuring the firewalls with required firewall rules; monitoring the firewall rules through collection of metrics snapshots and rule hit counts” by providing a unified firewall manager (See Col. 2, lines 10-27 describing a network system for distributed firewall management for client sites. The system has a plurality of firewalls corresponding to a plurality of client site network components, each firewall integrated with a client site network component to provide rules, security controls, or policy controls for the respective client site network component, each client site network component implemented at a respective client site. The system has a centralized firewall network controller configured to manage the rules, security controls, or policy controls for the plurality of firewalls as a single control pane so as to provide a managed firewall network that incorporates connections of the plurality of client site network components, the single control pane implementing a template based firewall policy and rule management with asset alias capacity to manage a plurality of assets across the plurality of client site network components). It is noted, however, Saavedra et al. did not specifically detail the aspects of “purging underused or potentially obsolete firewall rules” as recited in the instant claim 6. On the other hand, SHI et al. achieved the aforementioned claimed features by providing a system For Supporting Dynamic Firewall Configuration For Internet Access, Has Network Appliance Removing Firewall Rules Previously Added Such That Traffic From Devices In Protected Network Is Routed Over Tunnel When Tunnel Is Established (See AHI et al. Abstract; Figure 3, Component 312 describing removing the firewall rules). It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to have incorporated the purging mechanism of SHI et al. into the firewall rule manager of Saavedra et al. because that would have enhanced the versatility of Saavedra et al. by allowing it to configure firewall rules of a VPN gateway of a protected network so that users of devices in the protected network can access Internet securely via a captive network.

As per claims 8-9, Saavedra et al. disclose “wherein the firewall rule management automation framework comprises a rule applier adapted to use device-independent playbooks to apply a rule configuration to one or more different types of firewalls as dictated by the rule generator” (as a service rule structures or rule processing wherein the CPE-CE 124a also may be integrated with a firewall 127a that applies rules and/or security and policy controls to traffic so as to protect one or more nearby assets); “wherein the firewall rule management automation framework comprises a metrics monitor that periodically polls firewalls configured with each rule and determines a hit count, to create a snapshot and populate a metrics database” (describing The SCN Portal can be provided for accessing and configuring a cloud network controller 140 for ease of deployment and management of the VWAN. The SCN Portal can provide the following exemplary features: OE, Install and Configuration, Monitoring & Management Plugs Into Existing Monitoring System Centralized Firewall, WiFi, & VWAN Control Consistent Monitoring, Reporting & Management for all sites regardless of local carrier or connection type). 

As per claim 10, SHI et al. disclose “wherein the firewall rule management automation framework comprise a rule purger that scans the metrics database and checks if any of the rules identified therein are obsolete, and if so then removes that rule from the firewall using the rule applier” by providing a system For Supporting Dynamic Firewall Configuration For Internet Access, Has Network Appliance Removing Firewall Rules Previously Added Such That Traffic From Devices In Protected Network Is Routed Over Tunnel When Tunnel Is Established (See AHI et al. Abstract; Figure 3, Component 312 describing removing the firewall rules).

Regarding claim 11, Saavedra et al. disclose “a non-transitory computer readable storage medium, including instructions stored thereon which when read and executed by at least one of a computer or other electronic device causes the at least one of a computer or other electronic device to perform a method comprising: automatically determining firewalls that can receive network traffic from a given source subnet or destination subnet; automatically configuring the firewalls with required firewall rules; monitoring the firewall rules through collection of metrics snapshots and rule hit counts” by providing a unified firewall manager (See Col. 2, lines 10-27 describing a network system for distributed firewall management for client sites. The system has a plurality of firewalls corresponding to a plurality of client site network components, each firewall integrated with a client site network component to provide rules, security controls, or policy controls for the respective client site network component, each client site network component implemented at a respective client site. The system has a centralized firewall network controller configured to manage the rules, security controls, or policy controls for the plurality of firewalls as a single control pane so as to provide a managed firewall network that incorporates connections of the plurality of client site network components, the single control pane implementing a template based firewall policy and rule management with asset alias capacity to manage a plurality of assets across the plurality of client site network components). It is noted, however, Saavedra et al. did not specifically detail the aspects of “purging underused or potentially obsolete firewall rules” as recited in the instant claim 11. On the other hand, SHI et al. achieved the aforementioned claimed features by providing a system For Supporting Dynamic Firewall Configuration For Internet Access, Has Network Appliance Removing Firewall Rules Previously Added Such That Traffic From Devices In Protected Network Is Routed Over Tunnel When Tunnel Is Established (See AHI et al. Abstract; Figure 3, Component 312 describing removing the firewall rules). It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to have incorporated the purging mechanism of SHI et al. into the firewall rule manager of Saavedra et al. because that would have enhanced the versatility of Saavedra et al. by allowing it to configure firewall rules of a VPN gateway of a protected network so that users of devices in the protected network can access Internet securely via a captive network.

As per claims 13-14, Saavedra et al. disclose “wherein the firewall rule management automation framework comprises a rule applier adapted to use device-independent playbooks to apply a rule configuration to one or more different types of firewalls as dictated by the rule generator” (as a service rule structures or rule processing wherein the CPE-CE 124a also may be integrated with a firewall 127a that applies rules and/or security and policy controls to traffic so as to protect one or more nearby assets); “wherein the firewall rule management automation framework comprises a metrics monitor that periodically polls firewalls configured with each rule and determines a hit count, to create a snapshot and populate a metrics database” (describing The SCN Portal can be provided for accessing and configuring a cloud network controller 140 for ease of deployment and management of the VWAN. The SCN Portal can provide the following exemplary features: OE, Install and Configuration, Monitoring & Management Plugs Into Existing Monitoring System Centralized Firewall, WiFi, & VWAN Control Consistent Monitoring, Reporting & Management for all sites regardless of local carrier or connection type). 

As per claim 15, SHI et al. disclose “wherein the firewall rule management automation framework comprise a rule purger that scans the metrics database and checks if any of the rules identified therein are obsolete, and if so then removes that rule from the firewall using the rule applier” by providing a system For Supporting Dynamic Firewall Configuration For Internet Access, Has Network Appliance Removing Firewall Rules Previously Added Such That Traffic From Devices In Protected Network Is Routed Over Tunnel When Tunnel Is Established (See AHI et al. Abstract; Figure 3, Component 312 describing removing the firewall rules).

Allowable Subject Matter
Claims are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

The following is a statement of reasons for the indication of allowable subject matter:  the prior art of record failed to show “wherein the firewall rule management automation framework comprises a rule generator adapted to: receive, as a user request, an input source subnet and destination subnets, a protocol, and one or more source port and destination ports that are to be blocked or permitted: search within network database and route tables, to identify a set of firewalls and zones wherein the rule is to be configured in accordance with the user request; and wherein a firewall configuration is generated and applied to each of the identified firewalls”. These claimed features if rewritten in independent form including all of the limitations of the base claim and any intervening claims would be allowable over the prior art of record.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to FRANTZ COBY whose telephone number is (571)272-4017. The examiner can normally be reached Monday-Thursday 7AM-5:30PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Umar Cheema can be reached on 571 270-3037. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/FRANTZ COBY/Primary Examiner, Art Unit 2456                                                                                                                                                                                                        
June 2, 2022