DNS-ENABLED COMMUNICATION BETWEEN HETEROGENEOUS DEVICES
Granted: February 4, 2016
Application Number:
20160036943
Methods and systems for an IPv4-IPv6 proxy mode for DNS servers are provided. According to one embodiment, a DNS query is received by a network device from a dual-stack client. A determination is made the network device whether a first record type containing an Internet Protocol (IP) address for a server associated with the query exists within a DNS database of the network device. If the first record type exists for the server, then communication is enabled between the client and the…
AUTOMATED CONFIGURATION OF ENDPOINT SECURITY MANAGEMENT
Granted: February 4, 2016
Application Number:
20160036780
Systems and methods for managing configuration of a client security application based on a network environment in which the client device is operating are provided. According to one embodiment, a network connection state of a client device with respect to a private network is determined by a client security application running on the client device. The client security application, then selects a configuration based on the determined network connection state. Finally, the client security…
FINANCIAL INFORMATION EXCHANGE (FIX) PROTOCOL BASED LOAD BALANCING
Granted: January 28, 2016
Application Number:
20160027108
Methods and systems for efficiently allocating a Financial Information eXchange (FIX) protocol based trading session/transaction a server by means of a load balancer are provided. According to one embodiment, a FIX packet of a FIX session is received at a load balancer fronting multiple servers of a high frequency trading (HFT) platform. A customer of the HFT platform is identified based on a SenderCompID field of the FIX packet. A customer weighting factor is determined based on a…
TUNNEL INTERFACE FOR SECURING TRAFFIC OVER A NETWORK
Granted: January 21, 2016
Application Number:
20160021072
Methods and systems for a flexible, scalable hardware and software platform that allows a managed security service provider to easily provide security services to multiple customers are provided. According to one embodiment, a method is provided for delivering customized network services to subscribers of the service provider. A request is received, at a service management system (SMS) of the service provider, to establish an Internet Protocol (IP) connection between a first and second…
SCALABLE IP-SERVICES ENABLED MULTICAST FORWARDING WITH EFFICIENT RESOURCE UTILIZATION
Granted: January 21, 2016
Application Number:
20160020994
Methods, apparatus and data structures are provided for managing multicast IP flows. According to one embodiment, a router identifies active multicast IP sessions. A data structure is maintained by the router that contains information regarding the active multicast IP sessions and includes multiple pairs of a source field and a group field ({S, G} pairs), a first pointer associated with each of the {S,G} pairs and a set of slots. Each of the {S, G} pairs defines an active multicast IP…
SOCKET APPLICATION PROGRAM INTERFACE (API) FOR EFFICIENT DATA TRANSACTIONS
Granted: December 31, 2015
Application Number:
20150381710
Methods and systems for efficient data transactions between applications running on devices associated with the same host. According to one embodiment, a host system includes an HTTP proxy and an SSL/TLS proxy operatively coupled with each other. The SSL/TLS proxy may be configured to perform SSL negotiation with a client and the HTTP proxy may be configured to communicate with a web server in clear text. Data can be transferred directly between the proxies through a pair of connected…
FIREWALL POLICY MANAGEMENT
Granted: December 24, 2015
Application Number:
20150372977
Methods and systems are provided for creation and implementation of firewall policies. Method of the present invention includes enabling a firewall device to maintain a log of network traffic flow observed by the device. The method further includes enabling firewall device to receive an administrator request for a customized report to be generated based on log of network traffic and generating the report by extracting information from the log based on report parameters, where the report…
SECURE CLOUD STORAGE DISTRIBUTION AND AGGREGATION
Granted: December 17, 2015
Application Number:
20150363611
Methods and systems for secure cloud storage are provided. According to one embodiment, a trusted gateway device establishes and maintains multiple cryptographic keys. A request is received by the gateway from a user of an enterprise network to store a file. The file is partitioned into chunks. A directory is created within a cloud storage service having a name attribute based on an encrypted version of a name of the file. For each chunk: (i) a cryptographic key is selected; (ii)…
SECURE CLOUD STORAGE DISTRIBUTION AND AGGREGATION
Granted: December 17, 2015
Application Number:
20150363608
Methods and systems for vendor independent and secure cloud storage distribution and aggregation are provided. According to one embodiment, an application programming interface (API) is provided by a cloud storage gateway device logically interposed between third-party cloud storage platforms and users of an enterprise. The API facilitates storing of files, issuing of search requests against the files and retrieval of content of the files. A file storage policy is assigned to each user,…
POLICY-BASED SELECTION OF REMEDIATION
Granted: December 10, 2015
Application Number:
20150358360
Methods and systems for remediating a security policy violation on a computer system are provided. According to one embodiment, information regarding a program-code-based operational state of a host asset is collected by a light weight sensor (LWS) running on the host asset via a survey tool. The information is transmitted by the LWS to a remote server via an external network. Multiple security policies are enforced by the remote server with respect to the host asset based on the…
IDENTIFYING NODES IN A RING NETWORK
Granted: December 10, 2015
Application Number:
20150358210
Methods and systems for determining a token master on a ring network are provided in which possession of an arbitration token permits a blade participating in the ring network to transmit a packet. According to one embodiment, when an event at a blade represents expiration of a timeout period for receipt of the token, a new token is transmitted onto the ring network. When the event represents receipt of the token, then the priority of the originating blade is compared that of the first…
TELECOMMUNICATION TERMINAL
Granted: December 3, 2015
Application Number:
20150351156
A telecommunication terminal that integrated with a wireless access point is provided. According to one embodiment, a telecommunication terminal comprising a phone unit, a wireless access point unit, a local area network (LAN) port that is capable of connecting to a computer network and a housing that encloses said phone unit, said wireless access point unit and said LAN port.
CONTENT FILTERING OF REMOTE FILE-SYSTEM ACCESS PROTOCOLS
Granted: December 3, 2015
Application Number:
20150350162
Methods and systems for content filtering of remote file-system access protocols are provided. According to one embodiment, a proxy, implemented within a network gateway device of a private network, monitors remote file-system access protocol sessions involving client computer systems and a server computer system associated with the private network. For each file on a share of the server computer system being accessed by one or more of the client computer systems: (i) a shared holding…
SCALABLE INLINE BEHAVIORAL DDOS ATTACK MITIGATION
Granted: November 26, 2015
Application Number:
20150341382
Methods and systems for a scalable solution to behavioral Distributed Denial of Service (DDoS) attacks targeting a network are provided. According to one embodiment, a method to determine the scaling treatment is provided for various granular layer parameters of the Open System Interconnection (OSI) model for communication systems. A hardware-based apparatus helps identify packet rates and determine packet rate thresholds through continuous and adaptive learning with multiple DDoS attack…
COMPUTERIZED SYSTEM AND METHOD FOR DEPLOYMENT OF MANAGEMENT TUNNELS
Granted: November 26, 2015
Application Number:
20150341313
Methods and systems for deploying management tunnels between managed and managing devices are provided. According to one embodiment, the use of PKI-authenticated serial numbers within network devices manufactured by a particular manufacturer enables one-step provisioning of one or more managed devices. A managed device is provisioned with the serial number of a management device manufactured by the particular manufacturer. When the managed device is installed within a network, the…
AUTOMATED CONFIGURATION OF ENDPOINT SECURITY MANAGEMENT
Granted: November 26, 2015
Application Number:
20150341311
Systems and methods for managing configuration of a client security application based on a network environment in which the client device is operating are provided. According to one embodiment, a network connection state of a client device with respect to a private network is determined by a client security application running on the client device. The client security application, then selects a configuration based on the determined network connection state. Finally, the client security…
ACCELERATING DATA COMMUNICATION USING TUNNELS
Granted: November 19, 2015
Application Number:
20150334088
Methods and systems are provided for increasing application performance and accelerating data communications in a WAN environment. According to one embodiment, packets are received at a flow classification module operating at the Internet Protocol (IP) layer of a first wide area network (WAN) acceleration device via a private tunnel, which is operable to convey application layer data for connection-oriented applications between WAN acceleration devices. The packets are passed to a WAN…
OPERATION OF A DUAL INSTRUCTION PIPE VIRUS CO-PROCESSOR
Granted: November 19, 2015
Application Number:
20150332046
Circuits and methods are provided for detecting, identifying and/or removing undesired content. According to one embodiment, a content object that is to be virus processed is stored by a general purpose processor to a system memory. Virus scan parameters for the content object are set up by the general purpose processor. Instructions from a virus signature memory of a virus co-processor are read by the virus co-processor based on the virus scan parameters. The instructions contain…
NETWORK INTERFACE CARD RATE LIMITING
Granted: November 19, 2015
Application Number:
20150331815
Systems and methods for limiting the rate of packet transmission from a NIC to a host CPU are provided. According to one embodiment, data packets are received from a network by the NIC. The NIC is coupled to a host central processing unit (CPU) of a network appliance through a bus system. A status of the host CPU is monitored by the NIC. A rate limiting mode indicator is set by the NIC based on the status. When the rate limiting mode indicator indicates rate limiting is inactive, then…
LOAD BALANCING AMONG A CLUSTER OF FIREWALL SECURITY DEVICES
Granted: November 12, 2015
Application Number:
20150326533
A method for balancing load among firewall security devices in a network is disclosed. According to one embodiment, a switch causes firewall security devices (FSDs) of a cluster to enter into a load balancing mode. Responsive to receiving a heartbeat signal from an FSD, information regarding the FSD and the port on which the heartbeat signal was received are added to a table maintained by the switch that maps outputs of a load balancing function to ports of the switch. A received packet…
