发明授权
US6098172A Methods and apparatus for a computer network firewall with proxy
reflection
失效
具有代理反射的计算机网络防火墙的方法和装置
- 专利标题: Methods and apparatus for a computer network firewall with proxy reflection
- 专利标题(中): 具有代理反射的计算机网络防火墙的方法和装置
-
申请号: US928797申请日: 1997-09-12
-
公开(公告)号: US6098172A公开(公告)日: 2000-08-01
- 发明人: Michael John Coss , David L. Majette , Ronald L. Sharp
- 申请人: Michael John Coss , David L. Majette , Ronald L. Sharp
- 申请人地址: NJ Murray Hill
- 专利权人: Lucent Technologies Inc.
- 当前专利权人: Lucent Technologies Inc.
- 当前专利权人地址: NJ Murray Hill
- 主分类号: G06F13/00
- IPC分类号: G06F13/00 ; G06F21/20 ; G09C1/00 ; H04L9/32 ; H04L12/66 ; H04L29/06 ; H04L9/00
摘要:
Computer network firewalls which include one or more features for increased processing efficiency are provided. A firewall in accordance with the invention can support multiple security policies, multiple users or both, by applying any one of several distinct sets of access rules. The firewall can also be configured to utilize "stateful" packet filtering which involves caching rule processing results for one or more packets, and then utilizing the cached results to bypass rule processing for subsequent similar packets. To facilitate passage to a user, by a firewall, of a separate later transmission which is properly in response to an original transmission, a dependency mask can be set based on session data items such as source host address, destination host address, and type of service. The mask can be used to query a cache of active sessions being processed by the firewall, such that a rule can be selected based on the number of sessions that satisfy the query. Dynamic rules may be used in addition to pre-loaded access rules in order to simplify rule processing. To unburden the firewall of application proxies, the firewall can be enabled to redirect a network session to a separate server for processing.
公开/授权文献
- US5287721A Apparatus and method for forming curved needles 公开/授权日:1994-02-22