Zero configuration of an access point connecting to a mesh network
Granted: August 7, 2018
Patent Number:
10044840
A client access point joins a wireless network over a wireless connection in order to allow stations access to the wireless network. To join, the client access point (having a wireless connection to a mesh network) receives a beacon frame with unique identifiers of authorized client access points from a host access point (having a wired connection to the mesh network). Responsive to a unique identifier of the beacon frame matching the unique identifier of the client access point, a…
Adaptive allocation for dynamic reporting rates of log events to a central log management server from distributed nodes in a high volume log management system
Granted: August 7, 2018
Patent Number:
10044578
Dynamic reporting rates for a log management system are adaptively allocated. Each individual controller node device of plurality of controller nodes is initially allocated an EPS rate limit for submitting event records to a log management system (e.g., an SIEM log management system) out of a licensed EPS rate. When surges are detected, the log management system dynamically reallocates proportions of EPS rates, within the licensed EPS rate. The individual EPS rate limit for at least one…
Automatically deployed wireless network
Granted: July 31, 2018
Patent Number:
10039031
Systems and methods are described for an automatically deployed wireless network. According to one embodiment, an access point controller (AC) determines the existence of a network anomaly at a position of a wireless network that is managed by the AC. Responsive thereto, the AC causes an unmanned vehicle that carries a movable access point (AP) to carry the movable AP to the position or proximate thereto and causes the movable AP to provide wireless network service to an area…
Facilitating enforcement of security policies by and on behalf of a perimeter network security device by providing enhanced visibility into interior traffic flows
Granted: July 31, 2018
Patent Number:
10038671
Systems and methods for managing network traffic by a perimeter network security device based on internal network traffic or configuration information are provided. According to one embodiment, a network security appliance of a private network receives internal network information collected by multiple Layer 2/3 network devices of the private network. The Layer 2/3 network devices switch/route internal network traffic among multiple internal host devices without the network traffic…
Computerized system and method for handling network traffic
Granted: July 31, 2018
Patent Number:
10038668
Methods and systems for processing network content associated with multiple virtual domains are provided. According to one embodiment, a service daemon process is instantiated within a firewall to handle content processing of network traffic of virtual domains by aggregating communication channels associated with the virtual domains and by applying an appropriate content processing policy for the corresponding virtual domain. A connection request is received by the firewall from a…
Centralized management of access points
Granted: July 31, 2018
Patent Number:
10038594
Systems and methods are provided for centralized access, control, and management of APs. According to one embodiment, multiple APs of a private IP network are decoupled from potentially transient IP addresses by assigning a unique identifier to each of the multiple APs by an AC. An AC GUI is presented by the AC to an administrator through which (i) commands are provided by the administrator and (ii) the administrator is provided with access to a first AP of the multiple APs responsive to…
Scalable IP-services enabled multicast forwarding with efficient resource utilization
Granted: July 31, 2018
Patent Number:
10038567
Methods, apparatus and data structures are provided for managing multicast IP flows. According to one embodiment, a router identifies active multicast IP sessions. A data structure is maintained by the router that contains information regarding the active multicast IP sessions and includes multiple pairs of a source field and a group field ({S, G} pairs), a first pointer associated with each of the {S,G} pairs and a set of slots. Each of the {S, G} pairs defines an active multicast IP…
Dual-mode processing of cryptographic operations
Granted: July 24, 2018
Patent Number:
10033527
Systems and methods for dual mode hardware acceleration for cryptographic operations are provided. According to one embodiment, data upon which a cryptographic operation is to be performed is receive by a computer system that includes a host CPU and a cryptographic hardware accelerator. The data is divided into multiple blocks. Performance of the operation on a first block is offloaded to the hardware accelerator. For each remaining block: (i) the CPU requests state information of the…
Fingerprinting BYOD (bring your own device) and IOT (internet of things) IPV6 stations for network policy enforcement
Granted: July 24, 2018
Patent Number:
10033590
IoT stations are profiled in an IPv6 protocol environment. Responsive to sending the modified router advertisement instead of the router advertisement to the station, a DHCPv6 solicitation packet is snooped. The DHPv6 solicitation packet is sent from the station to a DHCPv6 server to gather network configuration information stored in the router advertisement withheld by the access point. In turn, the access point examines the DHCPv6 solicitation packet to determine an identity of least…
Extension of Wi-Fi services multicast to a subnet across a Wi-Fi network using software-defined networking (SDN) to centrally control data plane behavior
Granted: July 24, 2018
Patent Number:
10033541
Wi-Fi services multicast to a subnet in a software-defined network (SDN) are extended. An SDN controller centrally monitors a data plane of a Wi-Fi network. Advertisements for services within a first subnet by an advertising station are forwarded to the SDN controller. Parameters of the service of the advertising station are extracted for storage by performing deep packet inspection on the one or more packets. Queries for services within a second subnet by a querying station are also…
Delegated network management services
Granted: July 17, 2018
Patent Number:
10027556
A method for providing a management function requested by a user that uses a managed device includes establishing a session on a managed device in response to a user logging into an account on the managed device, establishing a delegated management session on a management device, the delegated management session corresponding to the session on the managed device, receiving a management message on the management device, the management message being related to a management function…
Wireless radio access point configuration
Granted: July 3, 2018
Patent Number:
10015791
Methods and systems for configuring an access point (AP) are provided. According to one embodiment, a wireless network architecture includes multiple dual concurrent wireless access points, each including dual radios and dual antennas. The dual radios are configured to operate in a same frequency band and include multiple channels within the frequency band. The dual radios in each of the dual concurrent wireless access points are configured with different channels. The dual concurrent…
Mobile hotspot managed by access controller
Granted: July 3, 2018
Patent Number:
10015142
Systems and methods are described for a mobile hotspot that can be managed from an access controller. According to an embodiment, a mobile establishes a wide area network (WAN) connection through a wireless WAN module and establishes a wireless local area network (WLAN) connection with a wireless fidelity (WiFi)-enabled device using a first wireless access point (AP) profile, wherein the first AP profile is also used for multiple APs of an enterprise that are controlled by an access…
Secure cloud storage distribution and aggregation
Granted: June 26, 2018
Patent Number:
10007804
Methods and systems for vendor independent and secure cloud storage distribution and aggregation are provided. According to one embodiment, an application programming interface (API) is provided by a cloud storage gateway device logically interposed between third-party cloud storage platforms and users of an enterprise. The API facilitates storing of files, issuing of search requests against the files and retrieval of content of the files. A file storage policy is assigned to each user,…
Computerized system and method for advanced network content processing
Granted: June 26, 2018
Patent Number:
10009386
A computerized system and method for processing network content in accordance with at least one content processing rule is provided. According to one embodiment, the network content is received at a first interface. A transmission protocol according to which the received network content is formatted is identified and used to intercept at least a portion of the received network content. The intercepted portion of the network content is redirected to a proxy, which buffers the redirected…
System and method for integrated header, state, rate and content anomaly prevention for session initiation protocol
Granted: June 26, 2018
Patent Number:
10009365
Methods and systems for an integrated solution to the rate based denial of service attacks targeting the Session Initiation Protocol are provided. According to one embodiment, header, state, rate and content anomalies are prevented and network policy enforcement is provided for session initiation protocol (SIP). A hardware-based apparatus helps identify SIP rate-thresholds through continuous and adaptive learning. The apparatus can determine SIP header and SIP state anomalies and drop…
Detecting malicious resources in a network based upon active client reputation monitoring
Granted: June 26, 2018
Patent Number:
10009361
Systems and methods for detecting malicious resources by analyzing communication between multiple resources coupled to a network are provided. According to one embodiment, a method of client reputation monitoring is provided. A monitoring unit executing on a network security device operable to protect a private network observes activities relating to multiple monitored devices within the private network. For each of the observed activities, a score is assigned by the monitoring unit…
Secure, automatic second factor user authentication using push services
Granted: June 26, 2018
Patent Number:
10009340
A network-based multi-factor authentication approach is provided. A request to access a protected network resource and user credentials are received from a client by an application server hosting the resource. Attributes associated with the request are obtained. After determining the credentials are valid, the access attributes are provided to an authentication server. A first OTP is generated by the authentication server. The client is caused to seek confirmation from the user regarding…
Computerized system and method for deployment of management tunnels
Granted: June 26, 2018
Patent Number:
10009320
Methods and systems for deploying management tunnels between managed and managing devices are provided. According to one embodiment, the use of PKI-authenticated serial numbers within network devices manufactured by a particular manufacturer enables one-step provisioning of one or more managed devices. A managed device is provisioned with the serial number of a management device manufactured by the particular manufacturer. When the managed device is installed within a network, the…
Virtual memory protocol segmentation offloading
Granted: June 26, 2018
Patent Number:
10009295
Methods and systems for a more efficient transmission of network traffic are provided. According to one embodiment, presence of outbound payload data, distributed across a first and second payload buffer, within a user memory space of a network device that has been generated by a user process is determined by a bus/memory interface or a network interface unit. The payload data is fetched by performing direct virtual memory addressing of the user memory space including mapping virtual…
