DYNAMIC DETECTION OF INACTIVE VIRTUAL PRIVATE NETWORK CLIENTS

    公开(公告)号:US20190141141A1

    公开(公告)日:2019-05-09

    申请号:US16240726

    申请日:2019-01-05

    Abstract: The present disclosure discloses a method and network device for dynamic detection of inactive virtual private network clients. Specifically, a network device receives periodic messages from a first device at a first interval, and determines a timeout value for the first device based at least on the first interval, at which the periodic messages are received from the first device. Subsequent to determining the timeout value, the network device detects that a message has not been received from the first device for a period of time corresponding to the timeout value for the first device. The network device then terminates at least one connection with the first device responsive to determining that no message has been received from the first device for the period of time corresponding to the timeout value for the first device.

    NETWORK SECURITY ENFORCEMENT USING FLEXIBLE CLIENT GROUPING AT THE CONTROL PLANE AND DATA PLANE

    公开(公告)号:US20250119436A1

    公开(公告)日:2025-04-10

    申请号:US18539735

    申请日:2023-12-14

    Abstract: Systems and methods are provided for customized grouping of end user devices using a new group identifier tag (GIT) in addition to role-based access (e.g., administrator or guest) and device identifier access (e.g., IP or MAC address). Two components may be implemented at a network access device, including a data plane component and a control plane component. For example, the control plane component may authenticate an end user device, store the MAC and IP addresses for authenticated end user devices, and define access roles for the end user device in the datapath. The data plane component may perform packet processing (e.g., forwarding and policy enforcement) pursuant to previously-defined rules. Whenever a packet arrives at the Network Access Device, the packet is forwarded according to the rules specified by the “role” and GIT present in the entry, allowing for improved processing and scalability of network traffic processing.

    DYNAMIC DISTRIBUTION OF CLIENT DEVICES IN GATEWAY CLUSTER

    公开(公告)号:US20240364635A1

    公开(公告)日:2024-10-31

    申请号:US18139819

    申请日:2023-04-26

    CPC classification number: H04L47/24 H04L47/122

    Abstract: A system for facilitating the dynamic selection of a gateway at an access node is provided. During operation, the system can select primary and standby gateways for a client device coupling the access node from a list of gateways associated with a gateway cluster based on an identifier of the client device. The gateway cluster can include a plurality of gateways coupled to the access node. The system can then forward traffic from the client device to the primary gateway. If there is a change in a set of parameters associated with the gateway cluster, the system can receive a policy indicating a change of gateway for the client device. The set of parameters indicates performance associated with the plurality of gateways. The system can select a new primary gateway for the client device based on the policy and redirect traffic from the client device to the new primary gateway.

    Metric based dynamic virtual private network (VPN) tunnel between branch gateway devices

    公开(公告)号:US11595231B2

    公开(公告)日:2023-02-28

    申请号:US17237256

    申请日:2021-04-22

    Abstract: Example implementation relates to a method for establishing a dynamic VPN tunnel between branch gateway devices based on metric data. A branch orchestrator receives metric data from VPNC device. The metric data includes data center bandwidth and processor utilization of the VPNC device. The metric data is derived from the traffic being routed via the VPNC device. When the metric data associated with traffic between a first branch gateway device and a second branch gateway device is above a Service Level Agreement (SLA), a dynamic branch to branch VPN tunnel is established to route the traffic between the first branch gateway device and the second branch gateway device. The VPN tunnel between the branch gateways can be teared when the load at the VPNC device reduces.

    SYSTEM AND METHOD OF ESTABLISHING SEAMLESS REMOTE ACCESS VIRTUAL PRIVATE NETWORK CONNECTIONS

    公开(公告)号:US20220321401A1

    公开(公告)日:2022-10-06

    申请号:US17333381

    申请日:2021-05-28

    Abstract: A system and a method of establishing seamless remote access VPN connections are described. For establishment of a VPN connection for a user device, a cluster leader of a cluster of controllers identifies an active controller and a standby controller, based on network load of each controller of the cluster of controllers. An active VPN connection is established between the user device and the active controller and a standby VPN connection is established between the user device and the standby controller. The standby VPN connection is utilized in place of the active VPN connection during failover of the active controller. Because information of an active session is regularly shared by the active controller to the standby controller, the standby controller can seamlessly resume the active session during failover of the active controller.

    Pre-shared key based virtual private network

    公开(公告)号:US12113775B2

    公开(公告)日:2024-10-08

    申请号:US18059137

    申请日:2022-11-28

    CPC classification number: H04L63/0272 H04L9/0838 H04L9/3073

    Abstract: Some examples relate to a pre-shared key based virtual private network. In an example, a VPN server generates a unique pre-shared key (PSK) corresponding to an identity of a VPN client. The VPN server creates a mapping between the identity and the unique PSK of the VPN client, and stores it in a database. The VPN server shares the unique PSK with the VPN client. In response to receiving an IKE packet comprising an encrypted identity of the VPN client, the VPN server decrypts the encrypted identity of the VPN client from the IKE packet to determine the identity of the VPN client associated with the IKE packet. The VPN server retrieves the unique PSK corresponding to the identity of the VPN client associated with the IKE packet from the mapping stored in the database. The VPN server establishes a VPN connection with the VPN client.

    Precaching precursor keys within a roaming domain of client devices

    公开(公告)号:US11778467B2

    公开(公告)日:2023-10-03

    申请号:US17513868

    申请日:2021-10-28

    CPC classification number: H04W12/069 H04W8/12 H04W12/088

    Abstract: Examples relate to seamless roaming across subnets. In an example, a system receives an indication that a client device has been authenticated at a first network device of a network. The system receives precursor keys and identification information of the client device, as generated from the authentication of the client device. The system determines second clusters, which are within a roaming domain of the cluster or the client device. The system receives one or more second precursor keys corresponding to the second clusters and distributes the second precursor keys to the corresponding second clusters. The system determines to create one or more tunnels among the second clusters and the cluster and provisions the tunnels to transmit data through the tunnels.

Patent Agency Ranking