POLICY-BASED CONFIGURATION OF INTERNET PROTOCOL SECURITY FOR A VIRTUAL PRIVATE NETWORK
Granted: July 7, 2016
Application Number:
20160197884
A method for performing policy-based configuration of Internet Protocol Security (IPSec) for a Virtual Private Network (VPN) is provided. According to one embodiment, a network device displays a policy page via a user interface of the network device through which a policy, including multiple VPN settings for establishing the VPN connection, is viewed and configured, the VPN settings including a type of IPSec tunnel to be established between the network device and a peer network device.…
FIREWALL POLICY MANAGEMENT
Granted: July 7, 2016
Application Number:
20160197883
Methods and systems are provided for creation and implementation of firewall policies. Method of the present invention includes enabling a firewall device to maintain a log of network traffic flow observed by the device. The method further includes enabling firewall device to receive an administrator request for a customized report to be generated based on log of network traffic and generating the report by extracting information from the log based on report parameters, where the report…
HETEROGENEOUS MEDIA PACKET BRIDGING
Granted: July 7, 2016
Application Number:
20160197855
Methods and systems for bridging network packets transmitted over heterogeneous media channels are provided. According to one embodiment, a network switching/routing blade server comprises network modules, including a first and second set operable to receive packets having a first and second framing media format, respectively. A single bridging domain is provided by a shared bridging application. A memory stores data structures for translating between the first and second framing media…
SERVICE PROCESSING SWITCH
Granted: July 7, 2016
Application Number:
20160197836
Methods and systems for providing IP services in an integrated fashion are provided. According to one embodiment, a flow cache is established having multiple entries each identifying one of multiple VR flows through a VR-based network device and corresponding forwarding state information. A packet is received at an input port of a line interface module of the network device and forwarded to a VRE. Flow-based packet classification is performed by the VRE. An attempt is made to retrieve an…
FACILITATING CONTENT ACCESSIBILITY VIA DIFFERENT COMMUNICATION FORMATS
Granted: June 30, 2016
Application Number:
20160191643
Methods and systems for facilitating content accessibility via different communication formats are provided. According to one embodiment, a method is provided for directing content requests to an appropriate server. Information indicative of one or more communication formats via which a client device is capable of communication is caused to be stored on a client device by (i) sending to the client device a web page having embedded therein one or more of IPv4 and IPv6 test content; and…
CLOUD BASED LOGGING SERVICE
Granted: June 30, 2016
Application Number:
20160191562
Methods and systems are provided for facilitating access to a cloud-based logging service. According to one embodiment, access to a cloud-based logging service is integrated within a network security appliance by automatically configuring access settings for the logging service and creating an account for the security appliance with the logging service. A log is created within the logging service by making use of the automatically configured access settings and the account. A request is…
DYNAMICALLY OPTIMIZED SECURITY POLICY MANAGEMENT
Granted: June 30, 2016
Application Number:
20160191466
Methods and systems for dynamically optimized rule-based security policy management are provided. A request is received by a network security management device to add a new traffic flow policy rule to multiple existing policy rules managed by the network security management device. Dependencies of the new traffic flow policy rule on the existing policy rules are automatically determined. An updated set of policy rules is formed by incorporating the new traffic flow policy rule within the…
ABNORMAL BEHAVIOUR AND FRAUD DETECTION BASED ON ELECTRONIC MEDICAL RECORDS
Granted: June 23, 2016
Application Number:
20160180022
Methods and systems for detecting and mitigating fraud by proactively analyzing and correlating Electronic Medical Record (EMR) audit log information in real-time are provided. According to one embodiment, activity information is received and queued in real-time as it is posted to audit logs of an EMR system onto a message queue of an EMR fraud and risk mitigation system. The activity information includes information regarding timing of an access to a database of multiple databases of…
LOCATION-BASED NETWORK SECURITY
Granted: June 23, 2016
Application Number:
20160182565
Methods and systems for a location-aware network security device are provided. According to one embodiment, a resource access request is received at a network security device of a protected network from a user device. The resource access request represents a request to access a resource of the protected network. A geographical location of the user device is determined by the network security device. The network security device then determines whether the user device should be allowed…
LOAD BALANCING IN A NETWORK WITH SESSION INFORMATION
Granted: June 23, 2016
Application Number:
20160182450
Methods and systems for balancing load among firewall security devices (FSDs) are provided. According to one embodiment, session data, including session entries representing previously observed traffic sessions from a particular source to a particular destination and forming an association between the previously observed session and a particular FSD, is maintained by a switching device. When a TCP SYN packet is received, the switching device: (i) reduces its vulnerability to a TCP SYN…
MANAGEMENT OF CERTIFICATE AUTHORITY (CA) CERTIFICATES
Granted: June 16, 2016
Application Number:
20160173488
Systems and methods for automatically installing CA certificates received from a network security appliance by a client security manager to make the CA certificate become a trusted CA certificate to a client machine are provided. In one embodiment, a client security manager establishes a connection with a network security appliance through a network, wherein the client security manager is configured for managing security of a client at the client side and the network security appliance…
PRESENTATION OF THREAT HISTORY ASSOCIATED WITH NETWORK ACTIVITY
Granted: June 16, 2016
Application Number:
20160173446
Methods and systems for extracting, processing, displaying, and analyzing events that are associated with one or more threats are provided. According to one embodiment, threat information, including information from one or more of firewall logs and historical threat logs, is maintained in a database. Information regarding threat filtering parameters, including one or more of types of threats to be extracted from the database, parameters of the threats, network-level details of the…
STAND-BY CONTROLLER ASSISTED FAILOVER
Granted: June 9, 2016
Application Number:
20160165463
Methods and systems for standby controller aided failover are provided. According to one embodiment, an active control channel and an active data channel are established by an active controller with a managed device via a management protocol. A standby control channel and a standby data channel are established by a standby controller with the managed device via the management protocol. A keep-alive message is periodically sent by the standby controller to the active controller. When a…
NEAR REAL-TIME DETECTION OF DENIAL-OF-SERVICE ATTACKS
Granted: June 9, 2016
Application Number:
20160164912
Methods and systems for detection and mitigation of denial-of-service (DoS) attacks against network applications/services/devices in near real-time are provided. According to one embodiment, multiple access requests are received at a network device from a source Internet Protocol (IP) address. Temporal and/or spacial information relating to the access requests are stored in a first database operatively coupled with the network device. It is determined based on a first defined condition…
ROGUE ACCESS POINT DETECTION
Granted: June 9, 2016
Application Number:
20160164889
Methods and systems for detecting on-wire unauthorized/rogue access points (APs) within a network are provided. According to one embodiment, a potential rogue AP is detected by a managed access point (AP) within a network. The managed AP causes a network element on a wired side of the network to inject a special network packet having a defined pattern onto the network. When the managed AP detects the special network packet has been transmitted by the potential rogue AP, then the…
EXAMINING AND CONTROLLING IPv6 EXTENSION HEADERS
Granted: June 9, 2016
Application Number:
20160164834
Methods and systems for selectively blocking, allowing and/or reformatting IPv6 headers by traversing devices are provided. According to one embodiment, reputation information regarding observed senders of Internet Protocol (IP) version 6 (IPv6) packets and packet fragments is maintained by a traversing device based on conformity or nonconformity of extension headers contained within the IPv6 packets with respect to a set of security checks performed by the traversing device. When an…
APPLICATION CONTROL
Granted: May 26, 2016
Application Number:
20160149792
Systems and methods for controlling applications on a network are provided. According to one embodiment, a network security device intercepts network traffic and conducts a heuristic detection of an application protocol used in the network traffic by multiple application protocol identifying engines defined in a heuristic rule. According to another embodiment, the network security device confirms a suspect application protocol as an actual application protocol used in the network traffic…
NETWORK ADDRESS TRANSLATION
Granted: May 26, 2016
Application Number:
20160149748
Systems and methods for connecting a network using one network protocol with a network using another network protocol are provided. According to an embodiment, a method is provided for performing network address translation. A data packet is received, by a protocol bridge connecting a first network, using a first protocol, and a second network, using a second protocol, via a first session of the first protocol from a first network appliance of the first network. The first protocol may be…
TUNNEL INTERFACE FOR SECURING TRAFFIC OVER A NETWORK
Granted: May 19, 2016
Application Number:
20160142384
Methods and systems for a flexible, scalable hardware and software platform that allows a managed security service provider to easily provide security services to multiple customers are provided. According to one embodiment, a method is provided for delivering customized network services to subscribers of the service provider. A request is received, at a service management system (SMS) of the service provider, to establish an Internet Protocol (IP) connection between a first and second…
SECURE SYSTEM FOR ALLOWING THE EXECUTION OF AUTHORIZED COMPUTER PROGRAM CODE
Granted: May 12, 2016
Application Number:
20160132675
Systems and methods for selective authorization of code modules are provided. According to one embodiment, a kernel mode driver monitors events occurring within a file system or an operating system. Responsive to observation of a trigger event performed by or initiated by an active process, in which the active process corresponds to a first code module within the file system and the event relates to a second code module within the file system, performing or bypassing a real-time…
