Seamless mobility in wireless networks
Granted: January 2, 2018
Patent Number:
9860813
AP's associated with a communication network and any wireless devices desiring contact, operated according to a protocol in which each wireless device selects AP's with which to communicate. A system coordinator causes the AP's to operate so as to guide each wireless device to an AP selected by the system coordinator. This has the effect that, notwithstanding that the protocol involves having the wireless device make the selection of AP, functionally, the AP's make the selection for it.…
Load balancing for a cloud-based wi-fi controller based on local conditions
Granted: January 2, 2018
Patent Number:
9860789
Load balancing for cloud-based monitoring of Wi-Fi devices on local access networks is based on local conditions. Requests for connection are received from Wi-Fi devices of the plurality of WLANs exceed a threshold. An indication of at least one condition for each of the WLANs is also received either with the connection request or separately. Example conditions include, without limitation, a number of local connections, network security breaches, guaranteed service levels, local latency…
Tunnel interface for securing traffic over a network
Granted: December 26, 2017
Patent Number:
9853948
Methods and systems for a flexible, scalable hardware and software platform that allows a managed security service provider to easily provide security services to multiple customers are provided. According to one embodiment, a method is provided for delivering customized network services to subscribers of the service provider. A request is received, at a service management system (SMS) of the service provider, to establish an Internet Protocol (IP) connection between a first and second…
Cloud based logging service
Granted: December 26, 2017
Patent Number:
9853944
Methods and systems are provided for facilitating access to a cloud-based logging service. According to one embodiment, access to a cloud-based logging service is integrated within a network security appliance by automatically configuring access settings for the logging service and creating an account for the security appliance with the logging service. A log is created within the logging service by making use of the automatically configured access settings and the account. A request is…
Load balancing among a cluster of firewall security devices
Granted: December 26, 2017
Patent Number:
9853942
A method for balancing load among firewall security devices (FSDs) is provided. According to one embodiment, imminent shutdown of a first cluster unit of an HA cluster of FSDs is gracefully handled by a switching device. A load balancing (LB) table, forming associations between hash values output by the LB function and corresponding ports of the switching device to which the cluster units are coupled, is maintained. The first cluster unit is coupled to a first port. Responsive to…
Security information and event management
Granted: December 26, 2017
Patent Number:
9853941
Systems and methods are described for conducting work flows by an SIEM device to carry out a complex task automatically. According to one embodiment, an SIEM device may create a work flow that includes multiple security tasks that are performed by one or more security devices. When a security event is captured or the work flow is scheduled to be executed, the SIEM device starts the work flow by scheduling the security tasks defined in the work flow. The SIEM device then collects results…
Heterogeneous media packet bridging
Granted: December 26, 2017
Patent Number:
9853917
Methods and systems for bridging network packets transmitted over heterogeneous media channels are provided. According to one embodiment, a network device maintains translation data structures defining translations among multiple framing media formats used for transmitting or receiving network packets via multiple supported media transmission channels, including (i) between a first framing media format and an intermediate format and (ii) between the intermediate format and a second…
Stand-by controller assisted failover
Granted: December 26, 2017
Patent Number:
9853855
Methods and systems for standby controller aided failover are provided. According to one embodiment, an active control channel and an active data channel are established by an active controller with a managed device via a management protocol. A standby control channel and a standby data channel are established by a standby controller with the managed device via the management protocol. A keep-alive message is periodically sent by the standby controller to the active controller. When a…
Secure system for allowing the execution of authorized computer program code
Granted: December 12, 2017
Patent Number:
9842203
Systems and methods for selective authorization of code modules are provided. According to one embodiment, a kernel mode driver monitors events occurring within a file system or an operating system. Responsive to observation of a trigger event performed by or initiated by an active process, in which the active process corresponds to a first code module within the file system and the event relates to a second code module within the file system, performing or bypassing a real-time…
Multitier wireless data distribution
Granted: December 5, 2017
Patent Number:
9838911
Data distribution between mobile stations and external data paths is assigned to a new set of devices, distribution points. Each distribution point is independently coupled to mobile stations, also assigned to access points. Control elements operate to control the distribution points separately from the access points. Each access point maintains a substantially stateless link with each distribution point for which the two share a mobile station. Access points might exchange data with any…
Restricting broadcast and multicast traffic in a wireless network to a VLAN
Granted: December 5, 2017
Patent Number:
9838369
Traffic broadcast to a VLAN is restricted. To do so, a plurality of stations are associated with a BSSID (basic service set identifier). A first VLAN is configured by sending a first group key to each station from the plurality of stations that is a member of the first VLAN, wherein each VLAN is associated with a unique group key. One or more frames addressed to the first VLAN are received. The one or more frames are encrypted with the first group key to prevent stations without the…
Calculating consecutive matches using parallel computing
Granted: November 21, 2017
Patent Number:
9824195
Methods and systems for determining consecutive matches are provided. According to one embodiment, a class definition and a data stream are received by a network security device. The data stream is partitioned into multiple data blocks each containing N data segments. Each data block is processed in parallel to compute: (i) a value (F) indicating whether every data segment value meets the class definition; (ii) a value (L) indicating a number of consecutive data segment values meeting…
Computerized system and method for advanced network content processing
Granted: November 21, 2017
Patent Number:
9825993
A computerized system and method for processing network content in accordance with at least one content processing rule is provided. According to one embodiment, the network content is received at a first interface. A transmission protocol according to which the received network content is formatted is identified and used to intercept at least a portion of the received network content. The intercepted portion of the network content is redirected to a proxy, which buffers the redirected…
Cloud-based security policy configuration
Granted: November 21, 2017
Patent Number:
9825992
Systems and methods for configuring security policies based on security parameters stored in a public or private cloud infrastructure are provided. According to one embodiment, security parameters associated with a first network appliance of an enterprise, physically located at a first site, are shared by the first network appliance with multiple network appliances of the enterprise by logging into an shared enterprise cloud account. The shared parameters are retrieved by a second…
System and method for software defined behavioral DDoS attack mitigation
Granted: November 21, 2017
Patent Number:
9825990
Systems and methods for software defined behavioral DDoS attack mitigation are provided. According to one embodiment, a method is provided for mitigating DDoS attacks. A DDoS attack mitigation appliance of multiple mitigation appliances controlled by a DDoS attack mitigation central controller receives DDoS attack mitigation policies through a network connecting the controller and the mitigation appliance. A DDoS attack is mitigated by the mitigation appliance based on the received…
Content filtering of remote file-system access protocols
Granted: November 21, 2017
Patent Number:
9825988
Methods and systems for content filtering of remote file-system access protocols are provided. According to one embodiment, a proxy, implemented within a network gateway device of a private network, monitors remote file-system access protocol sessions involving client computer systems and a server computer system associated with the private network. For each file on a share of the server computer system being accessed by one or more of the client computer systems: (i) a shared holding…
Computerized system and method for deployment of management tunnels
Granted: November 21, 2017
Patent Number:
9825915
Methods and systems for deploying management tunnels between managed and managing devices are provided. According to one embodiment, the use of PKI-authenticated serial numbers within network devices manufactured by a particular manufacturer enables one-step provisioning of one or more managed devices. A managed device is provisioned with the serial number of a management device manufactured by the particular manufacturer. When the managed device is installed within a network, the…
Load balancing among a cluster of firewall security devices
Granted: November 21, 2017
Patent Number:
9825912
A method for balancing load among firewall security devices (FSDs) is provided. According to one embodiment, a switching device performs adaptive load balancing among cluster units of an HA cluster of firewall security devices. A load balancing (LB) function implemented by the switching device is configured based on information received from a network administrator. A LB table is maintained that forms associations between hash values output by the LB function and corresponding ports of…
Virtual memory protocol segmentation offloading
Granted: November 21, 2017
Patent Number:
9825885
Methods and systems for a more efficient transmission of network traffic are provided. According to one embodiment, presence of outbound payload data, distributed across a first and second payload buffer, within a user memory space of a network device that has been generated by a user process is determined by a bus/memory interface or a network interface unit. The payload data is fetched by performing direct virtual memory addressing of the user memory space including mapping virtual…
Selecting among multiple concurrently active paths through a network
Granted: November 21, 2017
Patent Number:
9825866
Methods and systems for selecting among multiple concurrently active paths through a network are provided. According to one embodiment, a method is performed by a network interface of a source network device within a loop-free, reverse-path-learning network. The network is divided into multiple virtual local area networks (VLANs). Network traffic destined for a destination network device and specifying an address for the destination or including information from which the address can be…
