Directing clients based on communication format
Granted: April 16, 2019
Patent Number:
10263950
Methods and systems for redirecting client requests are provided. According to one embodiment, a system includes a processor and a memory coupled to the processor and configured to provide the processor with instructions. A request is received from a client capable of communicating via multiple supported communication formats. The request is capable of being serviced by multiple servers each of which are configured to communicate via a different communication format. A server is selected…
Remote management system for configuring and/or controlling a computer network switch
Granted: April 16, 2019
Patent Number:
10263839
Methods and systems for remotely managing a switching device are provided. According to one embodiment the existence of a firewall security device within a network is automatically determined by a discovery module of a switching device. Upon determining the existence of the firewall security device, a command channel is established with the firewall security device by a communication module of the switching device. The switching device may then receive commands issued by the firewall…
Power saving in Wi-Fi devices utilizing bluetooth
Granted: March 26, 2019
Patent Number:
10244470
The present description provides methods, computer program products, and systems for saving power in Wi-Fi devices utilizing Bluetooth. A Wi-Fi radio transitions to deep sleep mode from active mode while a Bluetooth radio remains active. An active Wi-Fi connection to the access point can be maintained by the station while in deep sleep mode as needed to prevent being disassociated. Responsive to the indication of data packets waiting at the access point, sent over the Bluetooth radio,…
Management of cellular data usage during denial of service (DoS) attacks
Granted: March 19, 2019
Patent Number:
10237301
Systems and methods for managing data usage of a cellular modem during DoS/DDoS attacks are provided. According to one embodiment, a network security device of a private network detects a DoS attack in network traffic going through the network security device and determines whether the DoS attack is being transmitted through a cellular modem of a cellular data network. The network security device reduces data usage of the cellular modem when the DoS attack is detected and the DoS attack…
Data leak protection
Granted: March 19, 2019
Patent Number:
10237282
Methods and systems for Data Leak Prevention (DLP) in an enterprise network are provided. According to one embodiment, a network security device maintains a filter database containing multiple filtering rules. Each filtering rule specifies a watermark value, a set of network services for which the filtering rule is active and an action to be taken. Network traffic directed to a destination residing outside of an enterprise network, associated with a particular network service and…
Packet capture grouping for MU-MIMO (multi-user / multiple input—multiple output) access points
Granted: March 19, 2019
Patent Number:
10236953
An access packet group is formed for packet capture of MU-MIMO capable access points. A neighbor list for a plurality of access points discovered by an access point is received. The access point has MU-MIMO capability for multiple concurrent streams of data with multiple clients. A frame report is received from the access point of RSSI values for the plurality of access points on the neighbor list. A group of access points is selected from the plurality of access points to switch into…
Application layer-based single sign on
Granted: March 12, 2019
Patent Number:
10230763
Methods and systems are provided for implementing application layer security. According to one embodiment, security rules applicable to end users of a private IP network and particular resources accessible within the network are maintained by a network appliance. A packet originated within the network is received by the network appliance. An application type associated with the packet is determined based on layer 7 information within the packet. Layer 7 information fields are extracted…
Network-controlled beamforming using centrally-monitored locationing for beamforming Wi-Fi transmissions to wireless stations from access points independent of beamforming capability of stations
Granted: March 5, 2019
Patent Number:
10224995
A control layer centrally controls in inherently distributed locationing protocols, such as IEEE 802.11ac or IEEE 802.11ad. As a result, network resources control when and how beamforming resources are allotted to stations on a Wi-Fi portion of the network. To do so, the station location information is organically determined for the plurality of stations from the plurality of access points using RSSI measurements at different access points. Beamforming locationing is thus centrally…
Repurposing protocol messages to facilitate handoff
Granted: March 5, 2019
Patent Number:
10225770
A control element identifies the possibility that a station will transfer to a destination AP, and prepares that destination for a handoff. The control element repurposes messages from the station which indicate a possible near-term handoff, to prepare access points to receive that handoff. The control element treats a neighbor list request as a trigger to select which AP's to identify, to restrict the neighbor list to selected AP's, and to prepare each selected AP for a handoff. In…
Per user uplink medium access control on a Wi-Fi communication network
Granted: March 5, 2019
Patent Number:
10225764
Uplink medium access control on per-wireless device level for a specific user. An access point sends a beacon frame to a wireless device. The beacon frame includes a BSSID that is unique to the wireless device. The beacon frame also includes embedded uplink configurations specifying uplink medium access for the wireless device. In one embodiment, a controller recognizes a device or user associated with the device, and sends corresponding uplink configurations for embedding in a…
Detection of spoof attacks on internet of things (IOT) location broadcasting beacons
Granted: February 19, 2019
Patent Number:
10212187
Spoof attacks on location based beacons are detected. A stream of beacons (e.g., IBEACONS) comprising at least a unique source identifier is generated. The stream of beacons is broadcast over a wireless communication channel to mobile devices within range. A list of broadcasted beacons is stored in a table along with a time and location of broadcast. Subsequent to broadcasting, a stream of beacons is detected. The detected beacon stream comprises a unique source identifier along with a…
Centralized management and enforcement of online privacy policies
Granted: February 19, 2019
Patent Number:
10212134
Systems and methods for centralized management and enforcement of online privacy policies of a private network are provided. According to one embodiment, existence of private information contained in a data packet originated by a client device of a private network and destined for a server device external to the private network is identified by a network security device protecting the private network by scanning the data packet for information matching a signature contained within a…
Network interface card rate limiting
Granted: February 19, 2019
Patent Number:
10212129
Systems and methods for limiting the rate of packet transmission from a NIC to a host CPU are provided. According to one embodiment, data packets are received from a network by the NIC. The NIC is coupled to a host central processing unit (CPU) of a network security device through a bus. A status of the host CPU is monitored by the NIC. A rate limiting mode indicator is set by the NIC based on the status. When the rate limiting mode indicator indicates rate limiting is inactive, then the…
Facilitating content accessibility via different communication formats
Granted: February 19, 2019
Patent Number:
10212124
Methods and systems for facilitating content accessibility via different communication formats are provided. According to one embodiment, information indicative of one or more communication formats via which a client device is capable of communication is stored on a client device by (i) sending the client device a web page having embedded therein test content associated with a first protocol stack and/or a second protocol stack; and (ii) based on a response to the test content received…
Automatic generation of logical maps for access point layouts
Granted: February 19, 2019
Patent Number:
10212042
A logical mapping of a plurality of access points is automatically generated. Each of the plurality of access points is plotted on a logical map. Lengths of connection lines between access points pairs are determined for each of the plurality of access points on the logical map. Connection lines are oriented in combination with adjustments to the plotted access points on the logical map to run connection lines between each of the access point pairs. Some of the access points are part of…
Directed station roaming in cloud managed Wi-Fi network
Granted: February 5, 2019
Patent Number:
10200932
Directing station roaming in a cloud-managed Wi-Fi network. Management messages are received from a controller that is located remotely from the Wi-Fi communication network by an access point. When an RSSI (received signal strength indication) value between the station and the access point falls below a threshold, the access point (i.e., controller access point) determines which neighboring access point would be a best fit for a hand-off, with limited real-time input form the cloud-based…
Hardware-accelerated packet multicasting
Granted: February 5, 2019
Patent Number:
10200275
Methods and systems for hardware-accelerated packet multicasting are provided. According to one embodiment, a first multicast packet to be multicast to a first multicast destination is received by a virtual routing system. The multicast packet is caused to be transmitted to the multicast destination by: (i) directing the multicast packet to a first VR of multiple VRs instantiated within the virtual routing system by selecting the first VR from among the multiple VRs to multicast the…
Self-provisioning of a wireless communication network using coordination of data plane behavior to steer stations to preferred access points
Granted: January 29, 2019
Patent Number:
10194345
A wireless communication network is self-provisioned using coordination of data plane behavior to steer stations to preferred access points. To do so, a policy concerning traffic flow for the wireless communication network is received. Data plane traffic flow is monitored at each of the plurality of access points distributed around the wireless communication network. At some point, it may be determined the data plane traffic flow at a first access point from needs to be reduced based on…
Reducing multicast service traffic for matching and streaming in SDN (software defined networking enabled networks
Granted: January 29, 2019
Patent Number:
10193763
Multicast packets from streaming services on a data network are reduced. A packet conversion policy distributes OpenFlow rules to network components involved in multicasting services. In coordination with, and responsive to, detecting a matching service provider advertisement and service receiver request, executing an SDN policy governing a multicast streaming service. Specifically, multicast packets from a flow for streaming the multicast service are converted from multicast to unicast…
Monitoring wireless station experience on a wi-fi network by emulating client radios
Granted: January 22, 2019
Patent Number:
10187273
Wireless station experience is monitored by emulating client radios. A radio (or entire transceiver) from a plurality of radios on the access point is assigned to switch from a normal mode to a client mode to operate as a client radio. The client radio of the access point can send a probe request to a normal mode radio of the access point for registration as a client. Network performance can then be measured from the client radio and analyzed by the access point for network problems.
