-
公开(公告)号:US09544364B2
公开(公告)日:2017-01-10
申请号:US15048290
申请日:2016-02-19
申请人: A10 Networks, Inc.
发明人: Rajkumar Jalan , Gurudeep Kamat
IPC分类号: H04L29/08 , H04L29/06 , H04L12/741
摘要: In providing packet forwarding policies in a virtual service network that includes a network node and a pool of service load balancers serving a virtual service, the network node: receives a virtual service session request from a client device, the request including a virtual service network address for the virtual service; compares the virtual service network address in the request with the virtual service network address in each at least one packet forwarding policy; in response to finding a match between the virtual service network address in the request and a given virtual service network address in a given packet forwarding policy, determines the given destination in the given packet forwarding policy; and sends the request to a service load balancer in the pool of service load balancers associated with the given destination, where the service load balancer establishes a virtual service session with the client device.
摘要翻译: 在包括服务于虚拟服务的网络节点和服务负载平衡器池的虚拟服务网络中提供分组转发策略时,网络节点从客户端设备接收虚拟服务会话请求,该请求包括虚拟服务网络地址 为虚拟服务; 在每个至少一个分组转发策略中将请求中的虚拟服务网络地址与虚拟服务网络地址进行比较; 响应于在给定分组转发策略中找到请求中的虚拟服务网络地址与给定虚拟服务网络地址之间的匹配,确定给定分组转发策略中的给定目的地; 并将请求发送到与给定目的地相关联的服务负载平衡器池中的服务负载平衡器,其中服务负载平衡器与客户端设备建立虚拟服务会话。
-
公开(公告)号:US09537886B1
公开(公告)日:2017-01-03
申请号:US14522289
申请日:2014-10-23
申请人: A10 Networks, Inc.
发明人: Terrence Gareau
CPC分类号: H04L63/1441 , H04L63/0227 , H04L63/1416
摘要: Provided are methods and systems for flagging security threats in web service requests. Specifically, a method for flagging security threats in web service requests can include receiving a request addressed to an addressee. The method can further include analyzing the request based on at least one security signature. The method can continue with determining a threat level associated with the request. The determination can be carried out based on the analysis. The method can further include creating a flag corresponding to the threat level. The method can further include inserting the flag into a network packet associated with the request, thereby creating a modified request. The method may further include sending the modified packet to the addressee. An application associated with the addressee can be operable to selectively process the request based on the threat level.
摘要翻译: 提供了用于标记Web服务请求中的安全威胁的方法和系统。 特别地,用于标记Web服务请求中的安全威胁的方法可以包括接收寻址到收件人的请求。 该方法还可以包括基于至少一个安全签名来分析请求。 该方法可以继续确定与请求相关联的威胁级别。 可以根据分析进行确定。 该方法还可以包括创建对应于威胁级别的标志。 该方法还可以包括将标志插入到与请求相关联的网络分组中,从而创建修改的请求。 该方法还可以包括将修改的分组发送给收件人。 与收件人相关联的应用可以用于基于威胁级别选择性地处理该请求。
-
公开(公告)号:US09344456B2
公开(公告)日:2016-05-17
申请号:US14570372
申请日:2014-12-15
申请人: A10 Networks, Inc.
发明人: Lee Chen , Ronald Wai Lun Szeto
CPC分类号: H04L63/20 , H04L29/12433 , H04L29/12481 , H04L61/2539 , H04L61/2557 , H04L63/0209 , H04L63/0218 , H04L63/0227 , H04L63/0281 , H04L65/1069
摘要: A system and method for a distributed multi-processing security gateway establishes a host side session, selects a proxy network address for a server, uses the proxy network address to establish a server side session, receives a data packet, assigns a central processing unit core from a plurality of central processing unit cores in a multi-core processor of the security gateway to process the data packet, processes the data packet according to security policies, and sends the processed data packet. The proxy network address is selected such that a same central processing unit core is assigned to process data packets from the server side session and the host side session. By assigning central processing unit cores in this manner, higher capable security gateways are provided.
-
公开(公告)号:US09270705B1
公开(公告)日:2016-02-23
申请号:US14323884
申请日:2014-07-03
申请人: A10 Networks, Inc.
发明人: Lee Chen , Dennis Oshiba , John Chiong
CPC分类号: H04L63/0263 , G06F21/00 , G06F21/44 , H04L12/66 , H04L51/04 , H04L63/02 , H04L63/0227 , H04L63/0236 , H04L63/0245 , H04L63/0254 , H04L63/029 , H04L63/0407 , H04L63/08 , H04L63/10 , H04L63/102 , H04L63/105 , H04L63/164 , H04L63/168 , H04L63/20 , H04L63/30 , H04L65/1026 , H04L67/10 , H04L67/1004 , H04L67/104 , H04L67/141 , H04L67/22 , H04L67/306 , H04L67/42 , H04L69/28 , H04L69/329 , H04M1/72547 , H04W12/00
摘要: Applying a security policy to an application session, includes: recognizing the application session between a network and an application via a security gateway; determining by the security gateway a user identity of the application session using information about the application session; obtaining by the security gateway the security policy comprising network parameters mapped to the user identity; and applying the security policy to the application session by the security gateway. The user identity may be a network user identity or an application user identity recognized from packets of the application session. The security policy may comprise a network traffic policy mapped and/or a document access policy mapped to the user identity, where the network traffic policy is applied to the application session. The security gateway may further generate a security report concerning the application of the security policy to the application session.
-
公开(公告)号:US09258332B2
公开(公告)日:2016-02-09
申请号:US14522504
申请日:2014-10-23
申请人: A10 Networks, Inc.
发明人: Lee Chen , Ronald Wai Lun Szeto
CPC分类号: H04L63/20 , H04L29/12433 , H04L29/12481 , H04L61/2539 , H04L61/2557 , H04L63/0209 , H04L63/0218 , H04L63/0227 , H04L63/0281 , H04L65/1069
摘要: A system and method for a distributed multi-processing security gateway establishes a host side session, selects a proxy network address for a server, uses the proxy network address to establish a server side session, receives a data packet, assigns a central processing unit core from a plurality of central processing unit cores in a multi-core processor of the security gateway to process the data packet, processes the data packet according to security policies, and sends the processed data packet. The proxy network address is selected such that a same central processing unit core is assigned to process data packets from the server side session and the host side session. By assigning central processing unit cores in this manner, higher capable security gateways are provided.
-
公开(公告)号:US20150350379A1
公开(公告)日:2015-12-03
申请号:US14295265
申请日:2014-06-03
申请人: A10 Networks, Inc.
发明人: Rajkumar Jalan , Rishi Sampat
IPC分类号: H04L29/06
CPC分类号: H04L67/322 , H04L67/141
摘要: Exemplary embodiments for programming a network device using user-defined scripts are disclosed. The systems and methods provide for a servicing node to receive a request for a network session between a client device and a server, receive a user defined class and a user defined object configuration from a node controller, and use the information to instruct an object virtual machine to generate at least one user defined object. The servicing node can then apply the at least one user defined object to a data packet of the network session, where the user defined object allows a user to configure the network device with user-defined instruction scripts.
摘要翻译: 公开了使用用户定义的脚本编程网络设备的示例性实施例。 所述系统和方法为服务节点提供接收对客户端设备和服务器之间的网络会话的请求,从节点控制器接收用户定义的类和用户定义的对象配置,并且使用该信息来指示对象虚拟 机器生成至少一个用户定义的对象。 服务节点然后可以将至少一个用户定义的对象应用于网络会话的数据分组,其中用户定义的对象允许用户使用用户定义的指令脚本来配置网络设备。
-
67.发明授权公开(公告)号:US09154577B2
公开(公告)日:2015-10-06
申请号:US13154399
申请日:2011-06-06
申请人: Rajkumar Jalan , Dennis Oshiba
发明人: Rajkumar Jalan , Dennis Oshiba
IPC分类号: G06F15/177 , H04L29/08 , H04L29/06
CPC分类号: H04L41/084 , H04L29/06 , H04L41/0806 , H04L41/0816 , H04L67/34
摘要: Synchronization of configuration files of a virtual application distribution chassis, includes: processing a configuration command received by a master blade; updating a first configuration file with the configuration command and an updated tag by the master blade; sending a configuration message by the master blade to the slave blades informing of the updated configuration file, the configuration message comprising the updated tag; in response to receiving the configuration message by a given slave blade of the one or more slave blades, comparing the updated tag in the configuration message with a tag in a second configuration file stored at the given slave blade; and in response to determining that the updated tag in the configuration message is more recent than the tag in the second configuration file stored at the given slave blade, sending a request for the updated configuration file to the master blade by the given slave blade.
摘要翻译: 虚拟应用分发机箱的配置文件同步包括:处理主刀片接收的配置命令; 使用配置命令更新第一配置文件和由主刀片更新的标签; 将所述主刀片的配置消息发送到所述从属刀片,通知所述更新的配置文件,所述配置消息包括所述更新的标签; 响应于由一个或多个从属刀片的给定从属刀片接收配置消息,将配置消息中的更新标签与存储在给定从属刀片上的第二配置文件中的标签进行比较; 并且响应于确定配置消息中的更新的标签比存储在给定从属刀片中的第二配置文件中的标签更新,由给定从属刀片向主刀片发送对更新的配置文件的请求。
-
68.发明授权System and method to associate a private user identity with a public user identity 有权将私有用户身份与公共用户身份相关联的系统和方法公开(公告)号:US08868765B1
公开(公告)日:2014-10-21
申请号:US13841496
申请日:2013-03-15
申请人: A10 Networks, Inc.
发明人: Lee Chen , John Chiong , Xin Wang
CPC分类号: H04L63/102 , H04L12/66 , H04L29/06 , H04L61/6022 , H04L61/6068 , H04L63/02 , H04L63/0281 , H04L63/04 , H04L63/08 , H04L63/0853 , H04L63/10 , H04L63/30 , H04L63/308 , H04L65/1003 , H04L65/1006 , H04L65/1069 , H04L65/4007 , H04L67/14 , H04L67/141 , H04L67/146
摘要: The inventive system includes a host, a network including a security gateway, and a public application. Established are an access session between the network and the host and an application session between the public application and the network. An application session record is created for the application session, and includes the user's public user identity used to access the public application, the user's private user identity used to access the network, a host identity, and an application session time. To determine the private user identity for the application session, the security gateway sends a query with the host identity and the application session time. These are compared with the host identity and access session time in an access session record. If they match, then the private user identity in the access session record is returned, and it is stored as the private user identity in the application session record.
摘要翻译: 本发明的系统包括主机,包括安全网关的网络和公共应用。 建立在网络和主机之间的访问会话以及公共应用程序和网络之间的应用程序会话。 为应用会话创建应用会话记录,并且包括用于访问公共应用的用户的公共用户标识,用于访问网络的用户的私有用户标识,主机标识和应用会话时间。 为了确定应用程序会话的私有用户身份,安全网关发送具有主机标识和应用程序会话时间的查询。 这些与访问会话记录中的主机身份和访问会话时间进行比较。 如果匹配,则返回访问会话记录中的私有用户身份,并将其作为私有用户身份存储在应用程序会话记录中。
-
公开(公告)号:US08826372B1
公开(公告)日:2014-09-02
申请号:US14061722
申请日:2013-10-23
申请人: Lee Chen , John Chiong , Dennis I. Oshiba
发明人: Lee Chen , John Chiong , Dennis I. Oshiba
CPC分类号: H04L63/20 , G06F21/00 , H04L45/308 , H04L51/04 , H04L61/20 , H04L61/2596 , H04L61/3065 , H04L63/02 , H04L63/0227 , H04L63/0236 , H04L63/029 , H04L63/0407 , H04L63/08 , H04L63/0892 , H04L65/1026 , H04L67/02 , H04L67/06 , H04L67/10 , H04L67/14 , H04L67/22 , H04L67/306 , H04L67/42 , H04L69/22 , H04M1/72547 , H04W12/00
摘要: A security gateway includes packet routing policies, each including a host network address, an application network address, and a forwarding interface. In routing data packets of an application session, the security gateway: recognizes the application session between a network and an application; determines a user identity from an application session record for the application session; determines packet routing policies applicable to the application session based on the user identity; receives a data packet for the application session, including a source network address and a destination network address; compares the source network address with the host network address, and the destination network address with the application network address; and in response to finding a match between the source network address and the host network address, and between the destination network address and the application network address, processes the data packet using the forwarding interface of the packet routing policy.
摘要翻译: 安全网关包括分组路由策略,每个路由策略包括主机网络地址,应用网络地址和转发接口。 在路由应用会话的数据包时,安全网关:识别网络和应用之间的应用会话; 从应用会话的应用会话记录中确定用户身份; 基于用户身份确定适用于应用会话的分组路由策略; 接收应用会话的数据包,包括源网络地址和目的网络地址; 将源网络地址与主机网络地址进行比较,将目的网络地址与应用网络地址进行比较; 并且响应于找到源网络地址和主机网络地址之间以及目的地网络地址和应用网络地址之间的匹配,使用分组路由策略的转发接口处理数据分组。
-
公开(公告)号:US08813180B1
公开(公告)日:2014-08-19
申请号:US14061720
申请日:2013-10-23
申请人: Lee Chen , John Chiong , Dennis I. Oshiba
发明人: Lee Chen , John Chiong , Dennis I. Oshiba
CPC分类号: H04L63/0263 , G06F21/00 , G06F21/44 , H04L12/66 , H04L51/04 , H04L63/02 , H04L63/0227 , H04L63/0236 , H04L63/0245 , H04L63/0254 , H04L63/029 , H04L63/0407 , H04L63/08 , H04L63/10 , H04L63/102 , H04L63/105 , H04L63/164 , H04L63/168 , H04L63/20 , H04L63/30 , H04L65/1026 , H04L67/10 , H04L67/1004 , H04L67/104 , H04L67/141 , H04L67/22 , H04L67/306 , H04L67/42 , H04L69/28 , H04L69/329 , H04M1/72547 , H04W12/00
摘要: Applying a security policy to an application session, includes: recognizing the application session between a network and an application via a security gateway; determining by the security gateway a user identity of the application session using information about the application session; obtaining by the security gateway the security policy comprising network parameters mapped to the user identity; and applying the security policy to the application session by the security gateway. The user identity may be a network user identity or an application user identity recognized from packets of the application session. The security policy may comprise a network traffic policy mapped and/or a document access policy mapped to the user identity, where the network traffic policy is applied to the application session. The security gateway may further generate a security report concerning the application of the security policy to the application session.
摘要翻译: 将安全策略应用于应用程序会话包括:通过安全网关识别网络和应用程序之间的应用程序会话; 使用关于应用会话的信息由安全网关确定应用会话的用户身份; 由安全网关获取包括映射到用户身份的网络参数的安全策略; 并将安全策略应用于安全网关的应用会话。 用户身份可以是从应用会话的分组识别的网络用户身份或应用用户身份。 安全策略可以包括被映射的网络流量策略和/或映射到用户身份的文档访问策略,其中将网络流量策略应用于应用会话。 安全网关还可以生成关于安全策略应用于应用会话的安全报告。
-
-
-
-
-
-
-
-
-
搜索结果
228 条记录 (耗时 0.026 秒)
