Virtual memory protocol segmentation offloading
Granted: April 19, 2016
Patent Number:
9319491
Methods and systems for a more efficient transmission of network traffic are provided. According to one embodiment, payload data originated by a user process running on a host processor of a network device is fetched by an interface of the network device by performing direct virtual memory addressing of a user memory space of a system memory of the network device on behalf of a network interface unit of the network device. The direct virtual memory addressing maps physical addresses of…
Virtual memory protocol segmentation offloading
Granted: April 19, 2016
Patent Number:
9319490
Methods and systems for a more efficient transmission of network traffic are provided. According to one embodiment, payload data originated by a user process running on a host processor of the computer system is fetched by an interface of the computer system by performing direct virtual memory addressing of a user memory space of a system memory of the computer system on behalf of a network processor of the computer system. The direct virtual memory addressing maps a physical address of…
Data leak protection
Granted: April 19, 2016
Patent Number:
9319417
Methods and systems for Data Leak Prevention (DLP) in an enterprise network are provided. According to one embodiment a data leak protection method is provided. A network device receives information regarding a watermark filtering rule, including a sensitivity level and an action to be applied to files observed by the network device matching the watermark filtering rule. The network device scans a file attempted to be passed through the network device by locating a watermark embedded…
Filtering hidden data embedded in media files
Granted: April 19, 2016
Patent Number:
9319384
Systems and methods for filtering unsafe content at a network security appliance are provided. According to one embodiment, a network security appliance captures network traffic and extracts a media file from the network traffic. The network security appliance then determines the presence of a hidden data item embedded in the media file in a machine-readable form. When such a hidden data item is identified, the network security appliance performs one or more actions on the media file…
Scalable IP-services enabled multicast forwarding with efficient resource utilization
Granted: April 19, 2016
Patent Number:
9319303
Methods, apparatus and data structures are provided for managing multicast IP flows. According to one embodiment, a router identifies active multicast IP sessions. A data structure is maintained by the router that contains information regarding the active multicast IP sessions and includes multiple pairs of a source field and a group field ({S, G} pairs), a first pointer associated with each of the {S,G} pairs and a set of slots. Each of the {S, G} pairs defines an active multicast IP…
Policy-based configuration of internet protocol security for a virtual private network
Granted: April 12, 2016
Patent Number:
9313183
A method for performing policy-based configuration of Internet Protocol Security (IPSec) for a Virtual Private Network (VPN) is provided. According to one embodiment, a policy page through which a policy, including multiple VPN settings for establishing a VPN connection, may be viewed and configured is displayed via a user interface of a source network device. The VPN settings include a type of IPSec tunnel to be established between the source network device and a peer network device. A…
Method, apparatus, signals and medium for enforcing compliance with a policy on a client computer
Granted: April 5, 2016
Patent Number:
9306976
A method and system for enforcing compliance with a policy on a client computer in communication with a network is disclosed. The method involves receiving a data transmission from the client computer on the network. The data transmission includes status information associated with the client computer. The data transmission is permitted to continue when the status information meets a criterion.
Load balancing among a cluster of firewall security devices
Granted: April 5, 2016
Patent Number:
9306907
A method for balancing load among firewall security devices in a network is disclosed. According to one embodiment, a switch causes firewall security devices (FSDs) of a cluster to enter into a load balancing mode. Responsive to receiving a heartbeat signal from an FSD, information regarding the FSD and the port on which the heartbeat signal was received are added to a table maintained by the switch that maps outputs of a load balancing function to ports of the switch. A received packet…
Secure system for allowing the execution of authorized computer program code
Granted: April 5, 2016
Patent Number:
9305159
Systems and methods for selective authorization of code modules are provided. According to one embodiment, a kernel mode driver monitors events occurring within a file system or an operating system. Responsive to observation of a trigger event performed by or initiated by an active process, in which the active process corresponds to a first code module within the file system and the event relates to a second code module within the file system, performing or bypassing a real-time…
Examining and controlling IPv6 extension headers
Granted: March 29, 2016
Patent Number:
9300632
Methods and systems for selectively blocking, allowing and/or reformatting IPv6 headers by traversing devices are provided. According to one embodiment, a traversing device receives an Internet Protocol (IP) version 6 (IPv6) packet or packet fragment. One or more security checks are applied to extension headers of the IPv6 packet or packet fragment. If a security check of the one or more security checks is determined to be violated, then one or more appropriate countermeasures are…
Network advertising system
Granted: March 29, 2016
Patent Number:
9299079
Systems and methods for transmitting content to a client via a communication network are provided. According to one embodiment, a system includes a content server, an insertion server and a policy server. The content server stores and selects substitute or supplemental content. The insertion server monitors client traffic, detects client TCP/IP requests or destination TCP/IP responses and sends the selected substitute or supplemental content retrieved from the content server to the…
Cloud based logging service
Granted: March 22, 2016
Patent Number:
9294494
Methods and systems are provided for facilitating access to a cloud-based logging service. According to one embodiment, access to a cloud-based logging service is integrated within a network security appliance by automatically configuring access settings for the logging service and providing a basic level of service from the logging service by registering a user account for the security appliance with the logging service. A log is transparently created within the logging service by…
Computerized system and method for deployment of management tunnels
Granted: March 22, 2016
Patent Number:
9294286
Methods and systems for deploying management tunnels between managed and managing devices are provided. According to one embodiment, a managed device receives an address of a management device. The managed device has stored therein a pre-configured unique identifier of an authorized management device and a digital certificate assigned to the managed device prior to installation of the managed device within a network. A tunnel is established between the devices. The management device has…
Wireless radio access point configuration
Granted: March 15, 2016
Patent Number:
9288844
Methods and systems for configuring an access point (AP) are provided. According to one embodiment, a dual radio AP includes: two radios, a first operating at 2.4 GigaHertz (GHz) or 5 GHz and a second operating at 5 GHz; first and second directional antennas coupled to the first and second radios, respectively; first and second transmit queues buffering packets for transmission by the first and second radios, respectively; a location determination module configured to compute locations…
Load balancing among a cluster of firewall security devices
Granted: March 15, 2016
Patent Number:
9288183
A method for balancing load among firewall security devices in a network is disclosed. According to one embodiment, a switch causes firewall security devices (FSDs) of a cluster to enter into a load balancing mode. Responsive to receiving a heartbeat signal from an FSD, information regarding the FSD and the port on which the heartbeat signal was received are added to a table maintained by the switch that maps outputs of a load balancing function to ports of the switch. A received packet…
Secure cloud storage distribution and aggregation
Granted: March 8, 2016
Patent Number:
9280678
Methods and systems for vendor independent and secure cloud storage distribution and aggregation are provided. According to one embodiment, an application programming interface (API) is provided by a cloud storage gateway device logically interposed between third-party cloud storage platforms and users of an enterprise. The API facilitates storing of files, issuing of search requests against the files and retrieval of content of the files. A file storage policy is assigned to each user,…
Hardware-logic based flow collector for distributed denial of service (DDoS) attack mitigation
Granted: March 1, 2016
Patent Number:
9276955
Methods and systems for an integrated solution to flow collection for determination of rate-based DoS attacks targeting ISP infrastructure are provided. According to one embodiment, a method of mitigating DDoS attacks is provided. Information regarding at least one destination within a network for which a distributed denial of service (DDoS) attack status is to be monitored is received by a DDoS attack detection module coupled with a flow controller via a bus. The DDoS attack status is…
Load balancing in a network with session information
Granted: March 1, 2016
Patent Number:
9276907
Methods and systems for balancing load among firewall security devices (FSDs) are provided. According to one embodiment, session data, including session entries representing previously established traffic sessions from a particular source to a particular destination and forming an association between the previously established session and a particular FSD, is maintained for each port of a session-aware switching device. When a TCP SYN packet is received, the switching device: (i) reduces…
Selecting among multiple concurrently active paths through a network
Granted: March 1, 2016
Patent Number:
9276861
Methods and systems for selecting among multiple concurrently active paths through a network are provided. According to one embodiment, a method is performed by a network interface of a source node within a loop-free, reverse-path-learning network. The network is divided into multiple virtual networks. A packet destined for a destination node and specifying an address for the destination or including information from which the address can be derived is received from the source. A set of…
Load balancing among a cluster of firewall security devices
Granted: February 23, 2016
Patent Number:
9270639
A method for balancing load among firewall security devices in a network is disclosed. Firewall security devices are arranged in multiple clusters. A switching device is configured with the firewall security devices by communicating control messages and heartbeat signals. Information regarding the configured firewall security devices is then included in a load balancing table. A load balancing function is configured for enabling the distribution of data traffic received by the switching…
