Network address translation
Granted: March 13, 2018
Patent Number:
9917928
Systems and methods for connecting a network using one network protocol with a network using another network protocol are provided. According to an embodiment, a method is provided for performing network address translation. A data packet is received, by a protocol bridge connecting a first network, using a first protocol, and a second network, using a second protocol, via a first session of the first protocol from a first network appliance of the first network. The first protocol may be…
Facilitating content accessibility via different communication formats
Granted: March 13, 2018
Patent Number:
9917914
Methods and systems for facilitating content accessibility via different communication formats are provided. According to one embodiment, information indicative of one or more communication formats via which a client device is capable of communication is stored on a client device by (i) sending the client device a web page having embedded therein test content associated with a first protocol stack and/or a second protocol stack; and (ii) based on a response to the test content received…
Logging attack context data
Granted: March 13, 2018
Patent Number:
9917857
Methods and systems for improved attack context data logging are provided. According to one embodiment, prior to a logging event being triggered (i) it is determined by a network security device whether a received packet is potentially associated with a threat or undesired activity by analyzing the packet; (ii) when the determination is negative, the packet is stored within a circular buffer; and (iii) when the determination is affirmative, (a) the logging event is triggered, (b)…
Security system for physical or virtual environments
Granted: March 13, 2018
Patent Number:
9917849
Systems and methods for performing intra-zone and inter-zone security management in a network are provided. According to one embodiment, an association is formed by a network security device between a first zone including a first set of devices and a first set of security policies defining a first type of security scanning to be performed on packets originated within the first zone and between a second zone including a second set of devices and a second set of security policies defining…
Provisioning and configuration of cellular modems
Granted: March 6, 2018
Patent Number:
9913127
Systems and methods for seamless provisioning and configuration of cellular modems of a private network by a provisioning server are provided. A network device detects a SIM card is inserted into a cellular modem of the network device and reads one or more properties of the SIM card from the SIM card. The network device sends the one or more properties of the SIM card to a provisioning server and receives configurations of the cellular modem from the provisioning server and applies the…
Voice adaptation for wireless communication
Granted: February 27, 2018
Patent Number:
9906650
A system and method for optimizing voice communications in a wireless network including an AP having a message waiting time that provides proper QoS while losing minimal communication bandwidth. The QoS may be responsive to the amount of user traffic in both the AP and neighboring APs. The method may include setting parameters for each level of QoS in response to a measure of the degree of contention for that level of QoS, and in response to a measure of the degree of contention for…
Detecting network traffic content
Granted: February 27, 2018
Patent Number:
9906540
A device for detecting network traffic content is provided. The device includes a memory configured for storing one or more signatures, each of the one or more signatures associated with content desired to be detected, and 5 defined by one or more predicates. The device also includes a processor configured to receive data associated with network traffic content, execute one or more instructions based on the one or more signatures and the data, and determine whether the network traffic…
Automated configuration of endpoint security management
Granted: February 13, 2018
Patent Number:
9894034
Systems and methods for managing configuration of a client security application based on a network environment in which the client device is operating are provided. According to one embodiment, a network connection state of a client device with respect to a private network is determined by a client security application running on the client device. The client security application, then selects a configuration based on the determined network connection state. Finally, the client security…
Cache-based wireless client authentication
Granted: February 13, 2018
Patent Number:
9894520
Methods and systems for caching of remote server MAC authentication to enable fast roaming are provided. According to one embodiment, a wireless network controller of a wireless local area network (WLAN) receives an authentication request relating to a wireless client device from a wireless access point (AP) managed by the wireless network controller. It is determined whether a prior authentication result associated with the client is present in a cache of the controller. The client is…
Dynamically optimized security policy management
Granted: February 13, 2018
Patent Number:
9894100
Methods and systems for dynamically optimized rule-based security policy management are provided. A request is received by a network security management device to add a new traffic flow policy rule to multiple existing policy rules managed by the network security management device. Dependencies of the new traffic flow policy rule on the existing policy rules are automatically determined. An updated set of policy rules is formed by incorporating the new traffic flow policy rule within the…
DNS-enabled communication between heterogeneous devices
Granted: February 13, 2018
Patent Number:
9894033
Methods and systems for an IPv4-IPv6 proxy mode for DNS servers are provided. According to one embodiment, a DNS query is received by a network device from a dual-stack client. A determination is made the network device whether a first record type containing an Internet Protocol (IP) address for a server associated with the query exists within a DNS database of the network device. If the first record type exists for the server, then communication is enabled between the client and the…
Efficient data transfer in a virus co-processing system
Granted: February 13, 2018
Patent Number:
9892257
Circuits and methods are provided for detecting, identifying and/or removing undesired content. According to one embodiment, a processor maintains a page directory and a page table within a system memory for use in connection with translating virtual addresses to physical addresses. Content scanning of a content object is offloaded to a hardware accelerator coupled to the processor by storing content scanning parameters, including the content object and a type of the content object, to…
Presentation of threat history associated with network activity
Granted: February 6, 2018
Patent Number:
9888023
Methods and systems for extracting, processing, displaying, and analyzing events that are associated with one or more threats are provided. According to one embodiment, threat information, including information from one or more of firewall logs and historical threat logs, is maintained in a database. Information regarding threat filtering parameters is received. Information regarding threats matching the threat filtering parameters are extracted from the database and is presented in a…
Management of certificate authority (CA) certificates
Granted: February 6, 2018
Patent Number:
9887985
Systems and methods for automatically installing CA certificates received from a network security appliance by a client security manager to make the CA certificate become a trusted CA certificate to a client machine are provided. In one embodiment, a client security manager establishes a connection with a network security appliance through a network, wherein the client security manager is configured for managing security of a client at the client side and the network security appliance…
System and method for securing virtualized networks
Granted: February 6, 2018
Patent Number:
9887901
Systems and methods for securing a dynamic virtualized network are provided. According to one embodiment, a network policy of a dynamic virtualized network is received by an SDN controller of the dynamic virtualized network. The network policy includes network policy elements which each identify (i) an authorized endpoint, (ii) a network access device, and (iii) a port of the network access device with which the authorized endpoint is associated. A test network access device is selected…
Accelerating data communication using tunnels
Granted: January 30, 2018
Patent Number:
9882878
Methods and systems are provided for increasing application performance and accelerating data communications in a WAN environment. According to one embodiment, packets are received at a flow classification module operating at the Internet Protocol (IP) layer of a first wide area network (WAN) acceleration device via a private tunnel, which is operable to convey application layer data for connection-oriented applications between WAN acceleration devices. Packets that are classified as…
Telecommunication terminal
Granted: January 2, 2018
Patent Number:
9859965
A telecommunication terminal that integrated with a wireless access point is provided. According to one embodiment, a telecommunication terminal comprising a phone unit, a wireless access point unit, a local area network (LAN) port that is capable of connecting to a computer network and a housing that encloses said phone unit, said wireless access point unit and said LAN port.
Firewall interface configuration to enable bi-directional VoIP traversal communications
Granted: January 2, 2018
Patent Number:
9860215
Methods and systems for an intelligent network protection gateway (NPG) and network architecture are provided. According to one embodiment, a firewall provides network-layer protection to hosts of a private network against unauthorized access by hosts of an external network by performing network address translation (NAT) processing of Internet Protocol (IP) addresses. The firewall also provides application-layer protection on behalf of the hosts and supports Voice over IP (VoIP) services…
Filtering hidden data embedded in media files
Granted: January 2, 2018
Patent Number:
9860212
Systems and methods for filtering unsafe content by a network security device are provided. According to one embodiment, a network security device captures network traffic and extracts a media file from the network traffic. The network security device then determines the presence of a hidden data item embedded in the media file in a machine-readable form. When such a hidden data item is identified, the network security device performs one or more actions on the media file based on a…
Data leak protection
Granted: January 2, 2018
Patent Number:
9860211
Methods and systems for Data Leak Prevention (DLP) in an enterprise network are provided. According to one embodiment, a network security device maintains a filter database containing multiple filtering rules. Each filtering rule specifies a watermark hash value, a set of network services for which the filtering rule is active and an action to be taken. Network traffic directed to a destination residing outside of an enterprise network, associated with a particular network service and…
