Dynamic service-based load balancing in a software-defined wide area network (SD-WAN)
Granted: March 16, 2021
Patent Number:
10951529
Systems and methods for dynamic service-based load balancing in an SD-WAN are provided. According to one embodiment, a routing protocol daemon of an SDN controller within a spoke network receives a dynamically assigned subnet and associated attributes for a client device newly registered with the hub network. The routing protocol daemon tags the subnet with a route tag using a route map based on the received attributes meeting network administrator-defined match criteria for…
Accelerating computer network policy search
Granted: March 9, 2021
Patent Number:
10944724
Systems and methods for accelerating computer network policy searching are provided. According to one embodiment, a packet is received by a policy search engine (PSE) of a packet processing device. A set of candidate policies are identified from among multiple policies of the packet processing device by screening the multiple policies by a speculation unit of the PSE based on metadata associated with the received packet. Finally, a matching policy for the received packet is identified by…
Programmable, policy-based efficient wireless sniffing networks in WIPS (wireless intrusion prevention systems)
Granted: March 9, 2021
Patent Number:
10944650
A plurality of sniffing policies describing deep packet inspection processes performed on network traffic at sniffing access points from the plurality of access points is received. Network traffic levels are monitored at the plurality of access points and a level of sniffed traffic backhauled over the Wi-Fi network for analysis. A change can be detected in network traffic affecting a sniffing policy. Responsive to exceeding a certain level of sniffed traffic being backhauled, an amount…
User and IoT (internet of things) apparatus tracking in a log management system
Granted: March 2, 2021
Patent Number:
10938926
Network identity to User Identity and location mapping information can be found in various logs (such as Active Directory logs, DHCP logs, VPN logs, and WLAN authentication logs) and certain files such as router Layer 2 or 3 forwarding tables. For a large organization, this mapping can be dynamic. Accurate user identity and location information is crucial to assessing the security risk associated with a host and take corrective action. This invention discloses a distributed in-memory…
Evaluating trustworthiness of data transmitted via unencrypted wireless mobile communications
Granted: February 23, 2021
Patent Number:
10932127
Systems and methods for making local decisions regarding the trustworthiness of V2V communications are provided. According to one embodiment, a vehicle information packet is received by a vehicle connectivity subsystem of a connected car and is indicative of an attribute of a source from which the packet was received. The source purportedly represents a neighboring vehicle in proximity to the connected car. A trustworthiness value for the packet is determined based on the source and…
Deriving test profiles based on security and network telemetry information extracted from the target network environment
Granted: February 9, 2021
Patent Number:
10917325
Systems and methods for deriving test profiles for validating network devices based on security and network telemetry information extracted from the target network environment is provided. According to one embodiment, security and network telemetry information are extracted by a test generator during a monitoring period from one or more network devices running within a target network environment. Performance related parameters and data associated with the performance related parameters…
Embedding artificial intelligence for balancing access point processing load in IPV6 enabled networks
Granted: February 2, 2021
Patent Number:
10912015
Responsive to a CPU load of a specific access point surpassing a high CPU threshold value, each of the wireless stations is disassociated from the specific access point. A second access point within range of the disassociated wireless stations is identified. A current CPU load is determined for the second access point and determining RSSI values for the wireless station with respect to the second access points relative to other available access points. Responsive to a current CPU load…
Spectral efficient selection of station clusters for concurrent data transmissions in high efficiency WLANs (wireless local access networks) using unsupervised machine learning models
Granted: February 2, 2021
Patent Number:
10912003
For data packets are received from a plurality of sessions and associated with a plurality of transmitting Wi-Fi stations on the Wi-Fi network. The received data packets contend for access for transmission on the data communication network. Transmitting stations are grouped together when resource units are no longer available. Grouping can implement artificial intelligence such as K-means clustering.
Automatically syncing GTP roaming firewall device policies over a data communication network for network security over mobile devices roaming data services on a carrier network
Granted: February 2, 2021
Patent Number:
10911935
A GTP firewall device registers with a cloud-based GTP GSN objects server to receive IR.21 records for each of a plurality of carriers for which roaming data services are authorized for roaming mobile devices of the plurality of carriers. The cloud-based GTP GSN objects server distributes IR.21 records and updates to the plurality of carriers. The GTP firewall device receives substantially real-time updates to the IP addresses for IR.21 records of carriers from the cloud-based GTP GSN…
Check valve for preventing air backflow in a modular cooling system
Granted: January 5, 2021
Patent Number:
10888018
A cooling system for electrical and electronic devices for hot swapping of a fan module without affecting cooling efficiency due to air backflow, preventing stalling of newly installed exhaust device due to reverse rotation. A check valve assembly having an inlet side frame member, an outlet side frame member, and one or more non-symmetrical valve flaps, each flap having a movable part and a fixed part. The outlet side frame allows the flaps to open under suction pressure on side of the…
Over-the-air (OTA) Wi-Fi offloading
Granted: January 5, 2021
Patent Number:
10887795
Systems and methods for OTA Wi-Fi offloading are provided. According to one embodiment, a first AP of a private network provides connectivity between one or more wireless client devices and a wired network portion of the private network. The first AP is coupled to a switch via a first wired link. The first AP determines whether the traffic being transmitted on the first wired link exceeds a configurable or predefined threshold. When the determination is affirmative, the first AP offloads…
Blocking communication between rogue devices on wireless local access networks (WLANS)
Granted: December 29, 2020
Patent Number:
10880749
Techniques which prevent rogue devices from continued access to a wireless communication system. A control element directs access points as to which mobile stations to service. Each access point maintains a record of the mobile stations it is servicing. At the direction of the control element, one or more access points send ACK (acknowledgement) messages when hearing messages from a rogue device. When the rogue device sends a message, it expects an ACK message in response, but those…
Logical network abstraction for network access control
Granted: December 22, 2020
Patent Number:
10873607
Systems and methods for NAC access policy creation and reconfiguration of access points to enforce same are provided. According to one embodiment, access policies are decoupled from underlying implementation details of access points by: (i) maintaining by a NAC device an access point model that maps logical networks to corresponding enforcement action implementations for the access points; and (ii) representing the access policies in a form of a current state of a particular endpoint…
SDN (software-defined networking) controller for self-provisioning of a wireless communication network using coordination of data plane behavior to steer stations to preferred access points
Granted: December 15, 2020
Patent Number:
10869217
A wireless communication network is self-provisioned using coordination of data plane behavior to steer stations to preferred access points. To do so, a policy concerning traffic flow for the wireless communication network is received. Data plane traffic flow is monitored at each of the plurality of access points distributed around the wireless communication network. At some point, it may be determined the data plane traffic flow at a first access point from needs to be reduced based on…
Mitigation of NTP amplification and reflection based DDoS attacks
Granted: December 15, 2020
Patent Number:
10868828
Systems and methods for mitigating DDoS attacks utilizing NTP are provided. According to one embodiment, a tracking table is maintained by a network security device protecting a private network. The tracking table contains information regarding NTP requests originated by clients of the private network and observed by the network security device. An NTP request sent from a client to an NTP server external to the private network is intercepted by the network security device. An NTP request…
Configuration of sub-interfaces to enable communication with external network devices
Granted: December 15, 2020
Patent Number:
10868792
Systems and methods for facilitating communication between applications associated with virtual domains (VDOMs) of a virtualized network device and an external network are provided. According to one embodiment, a sub-interface is created for a physical Ethernet interface of the network device. A unique MAC address is assigned to the sub-interface. An application associated with a first VDOM is bound to the sub-interface. When the first VDOM is operating in transparent mode and an egress…
Logical network abstraction for network access control
Granted: December 8, 2020
Patent Number:
10862895
Systems and methods for NAC access policy creation and reconfiguration of access points to enforce same are provided. A NAC device maintains (i) an access point model that maps logical networks to a corresponding enforcement action implementation for each access point associated with a private network and (ii) access policies each specifying a current state of a particular endpoint device and an enforcement action, specified with reference to a logical network. Responsive to an event…
Proactive network security assessment based on benign variants of known threats
Granted: November 17, 2020
Patent Number:
10839703
Systems and methods for performing a proactive assessment of the network security of a private network are provided. According to one embodiment, computer systems and users of the private network are caused to react to a benign variant of a network security threat (“benign threat”) by deploying the benign threat within the private network. The benign threat is created by leaving in tact symptoms and propagation mechanisms associated with the network security threat and replacing…
Policy-based configuration of internet protocol security for a virtual private network
Granted: November 17, 2020
Patent Number:
10841341
A method for performing policy-based configuration of IPSec for a VPN is provided. According to one embodiment, a request for a VPN connection to be established between a network device and a peer network device is received by the network device from the peer network device. Responsive to receipt of the request, the VPN connection is established by the network device in accordance with a policy associated with the request without requiring manual entry of VPN settings by a network…
Learning network topology and monitoring compliance with security goals
Granted: November 17, 2020
Patent Number:
10841279
Systems and methods for monitoring compliance with security goals by a network or part thereof are provided. According to one embodiment, a topology of a network segment of a private network is discovered by a network security device associated with the private network. Security policies implemented by one or more network security devices that form part of the network segment are learned by the network security device. Compliance with a security goal associated with the network segment…
