DATA LEAK PROTECTION IN UPPER LAYER PROTOCOLS
Granted: November 24, 2016
Application Number:
20160344698
Methods and systems for Data Leak Prevention (DLP) in a private network are provided. According to one embodiment, a packet is received by a network security device. An upper layer protocol associated with the packet is identified. It is determined whether the identified upper layer protocol is one of multiple candidate upper layer protocols having a potential to carry sensitive information with reference to a database identifying the candidate upper layer protocols, corresponding…
FIREWALL POLICY MANAGEMENT
Granted: November 24, 2016
Application Number:
20160344696
Methods and systems are provided for creation and implementation of firewall policies. According to one embodiment, a firewall maintains a log of observed network traffic flows. An administrator may request the firewall to generate a customized report based on the logged network traffic by extracting information from the log based on specified report parameters. The report includes aggregated network traffic items and one or more corresponding action objects. Responsive to receipt of a…
INHERITANCE BASED NETWORK MANAGEMENT
Granted: November 24, 2016
Application Number:
20160344588
Systems and methods for normalization of physical interfaces having different physical attributes are provided. According to one embodiment, information regarding multiple network devices is presented to a network manager. The network devices have one or more different physical attributes. Two physical attributes of two network devices that are to be normalized and that are among the one or more different physical attributes are identified. The physical attributes are normalized by…
CONTENT PRESENTATION BASED ON ACCESS POINT LOCATION
Granted: November 24, 2016
Application Number:
20160343029
Methods and systems for AP location based content presentation are provided. According to one embodiment, a web service receives from a widget executing within a web page requested by a wireless computing device of multiple wireless computing devices operating within an enterprise, a unique identifier of the wireless computing device. An access point (AP) identifier is determined for an AP of multiple APs of the enterprise that is servicing the wireless computing device by querying a log…
DIRECT CACHE ACCESS FOR NETWORK INPUT/OUTPUT DEVICES
Granted: November 17, 2016
Application Number:
20160337468
Methods and systems for improving efficiency of direct cache access (DCA) are provided. According to one embodiment, a set of DCA control settings are defined by a network I/O device of a network security device for each of multiple I/O device queues based on network security functionality performed by corresponding CPUs of a host processor. The control settings specify portions of network packets that are to be copied to a cache of the corresponding CPU. A packet is received by the…
FILTERING HIDDEN DATA EMBEDDED IN MEDIA FILES
Granted: November 17, 2016
Application Number:
20160337316
Systems and methods for filtering unsafe content at a network security appliance are provided. According to one embodiment, a network security appliance captures network traffic and extracts a media file from the network traffic. The network security appliance then determines the presence of a hidden data item embedded in the media file in a machine-readable form. When such a hidden data item is identified, the network security appliance performs one or more actions on the media file…
ACCESS POINT STREAM AND VIDEO SURVEILLANCE STREAM BASED OBJECT LOCATION DETECTION AND ACTIVITY ANALYSIS
Granted: November 17, 2016
Application Number:
20160335484
Methods and systems for co-relating location and identity data available from Access Points (APs) and video surveillance systems are provided. According to one embodiment, data, including a unique identifier of an object and information regarding a first geo-position of the object, is received from an AP of a wireless network of a venue. A video feed captured by a camera system monitoring a portion of the venue and/or information regarding a second geo-position corresponding to the…
WEB PROXY
Granted: November 3, 2016
Application Number:
20160323352
Systems and methods for establishing a connection context for a remote server by a web proxy are provided before a request for an object hosted by the remote server is received from a client. According to an embodiment, a web proxy receives a request for a web page from a client and forwards the request to a web server for handling. After receiving the web page from the web server, the web proxy forwards the web page to the client. The web proxy extracts a link contained in the web page…
DEPLOYMENT AND CONFIGURATION OF ACCESS POINTS
Granted: November 3, 2016
Application Number:
20160323810
Systems and methods for facilitating automated configuration and deployment of APs are provided. According to one embodiment, prior to deployment of a wireless access point (AP) within a private network, a cloud service receives a unique identifier associated with the AP and information regarding a network controller within the private network by which the AP will be managed. A mapping is stored by the cloud service between the unique identifier and the information regarding the network…
WEB PROXY
Granted: November 3, 2016
Application Number:
20160323405
Systems and methods for establishing a connection context for a remote server by a web proxy are provided before a request for an object hosted by the remote server is received from a client. According to an embodiment, a web proxy receives a request for a web page from a client and forwards the request to a web server for handling. The web page is received by the web proxy from the web server. The web page is forwarded by the web proxy to the client. A link contained within the web page…
DHCP AGENT ASSISTED ROUTING AND ACCESS CONTROL
Granted: October 27, 2016
Application Number:
20160315907
Systems and methods for increasing layer 2 visibility of layer 3 network devices so as to facilitate implementation of device-oriented policy actions by layer 3 network devices are provided. According to one embodiment, unique physical addresses of one or more host devices are retrieved by a dynamic host configuration protocol (DHCP) agent that is operatively coupled with a DHCP server. The physical addresses are mapped to corresponding Internet Protocol (IP) addresses assigned by the…
HARDWARE-LOGIC BASED FLOW COLLECTOR FOR DISTRIBUTED DENIAL OF SERVICE (DDoS) ATTACK MITIGATION
Granted: October 20, 2016
Application Number:
20160308901
Methods and systems for an integrated solution to flow collection for determination of rate-based DoS attacks targeting ISP infrastructure are provided. According to one embodiment, a method of mitigating DDoS attacks is provided. Information regarding at least one destination within a network for which a distributed denial of service (DDoS) attack status is to be monitored is received by a DDoS attack detection module coupled with a flow controller via a bus. The DDoS attack status is…
HETEROGENEOUS MEDIA PACKET BRIDGING
Granted: October 20, 2016
Application Number:
20160308788
Methods and systems for bridging network packets transmitted over heterogeneous media channels are provided. According to one embodiment, a network device maintains translation data structures defining translations among multiple framing media formats used for transmitting or receiving network packets via multiple supported media transmission channels, including (i) between a first framing media format and an intermediate format and (ii) between the intermediate format and a second…
VIRUS CO-PROCESSOR INSTRUCTIONS AND METHODS FOR USING SUCH
Granted: October 13, 2016
Application Number:
20160300062
Circuits and methods for detecting, identifying and/or removing undesired content are provided. According to one embodiment, a system includes a co-processor (CP), a first memory, a general purpose processor (GPP) and a second memory. The first memory is associated with the CP and coupled to the CP. The first memory includes a first signature compiled for execution on the CP. The GPP is coupled to the CP. The second memory is associated with the GPP and coupled to the CP and to the GPP.…
CALCULATING CONSECUTIVE MATCHES USING PARALLEL COMPUTING
Granted: October 13, 2016
Application Number:
20160299742
Methods and systems for determining consecutive matches are provided. According to one embodiment, a class definition and a data stream are received by a network security device. The data stream is partitioned into multiple data blocks each containing N data segments. Each data block is processed in parallel to compute: (i) a value (F) indicating whether every data segment value meets the class definition; (ii) a value (L) indicating a number of consecutive data segment values meeting…
LOAD BALANCING IN A NETWORK WITH SESSION INFORMATION
Granted: October 6, 2016
Application Number:
20160294866
Methods and systems for balancing load among firewall security devices (FSDs) are provided. According to one embodiment, service group and VLAN associations are stored within a switching device for each front panel port and for each fabric slot of the switching device. Each of multiple FSDs providing security services for a protected network are coupled with a fabric slot. When a packet is received, the switching device: (i) tags the packet based on a VLAN ID corresponding to the VLAN to…
HARDWARE-ACCELERATED PACKET MULTICASTING
Granted: September 29, 2016
Application Number:
20160285743
Methods and systems for hardware-accelerated packet multicasting are provided. According to one embodiment, a first multicast packet to be multicast to a first multicast destination is received by a virtual routing system. The multicast packet is caused to be transmitted to the multicast destination by: (i) directing the multicast packet to a first VR of multiple VRs instantiated within the virtual routing system by selecting the first VR from among the multiple VRs to multicast the…
RULE BASED CACHE PROCESSING IN APPLICATION DELIVERY CONTROLLER FOR LOAD BALANCING
Granted: September 29, 2016
Application Number:
20160285992
Methods and systems for improving performance of an HTTP cache are provided. According to one embodiment, an HTTP request is received by an ADC for a resource associated with a server on behalf of which the ADC is performing load balancing. The ADC determines based on a local HTTP cache whether it can service the request. The request is parsed to identify a header. The existence or non-existence of locally cached content matching the request is identified by comparing portions of the…
HTTP PROXY
Granted: September 29, 2016
Application Number:
20160285989
Systems and methods are described for translating an HTTP/2 message into an HTTP/1 message by an HTTP proxy that connects HTTP/2 enabled clients with HTTP/1 only servers. According to an embodiment, an HTTP/2-HTTP/1 proxy receives an HTTP/2 request message from an HTTP/2-enabled client and directed to an HTTP/1-only server. The HTTP/2-HTTP/1 proxy translates the HTTP/2 request message into an HTTP/1 request message and sends the HTTP/1 request message to the HTTP/1-only server. The…
CALCULATING CONSECUTIVE MATCHES USING PARALLEL COMPUTING
Granted: September 29, 2016
Application Number:
20160285895
Methods and systems for determining consecutive matches are provided. According to one embodiment, a class definition and a data stream are received by a network security device. The data stream is partitioned into multiple data blocks each containing N data segments. Each data block is processed in parallel to compute: (i) a value (F) indicating whether every data segment value meets the class definition; (ii) a value (L) indicating a number of consecutive data segment values meeting…
