公开(公告)号：US20180097736A1

公开(公告)日：2018-04-05

申请号：US15833222

申请日：2017-12-06

Applicant: A10 NETWORKS, INC.

Inventor： John Chiong

IPC: H04L12/803

CPC classification number: H04L47/125 ,  H04L47/28

Abstract: Application Delivery Controller (ADC), Global Server Load Balancer (GSLB), and methods for their operation in data networks are disclosed. The methods for load balancing may include receiving a query concerning a host name from a client, determining that there are two or more host servers associated with the host name, measuring various metrics associated with each of the two or more host servers and a local Doman Name Server (DNS), and based at least in part on the measurement, selecting a host server among the two or more host servers. The load balancing may also be based on a measured round trip time.

公开(公告)号：US20160261642A1

公开(公告)日：2016-09-08

申请号：US15157357

申请日：2016-05-17

Applicant: A10 Networks, Inc.

Inventor： Lee Chen ,  Dennis Oshiba ,  John Chiong

IPC: H04L29/06 ,  H04L29/08

CPC classification number: H04L63/20 ,  G06F21/00 ,  H04L45/308 ,  H04L51/04 ,  H04L61/20 ,  H04L61/2596 ,  H04L61/3065 ,  H04L63/02 ,  H04L63/0227 ,  H04L63/0236 ,  H04L63/029 ,  H04L63/0407 ,  H04L63/08 ,  H04L63/0892 ,  H04L65/1026 ,  H04L67/02 ,  H04L67/06 ,  H04L67/10 ,  H04L67/14 ,  H04L67/22 ,  H04L67/306 ,  H04L67/42 ,  H04L69/22 ,  H04M1/72547 ,  H04W12/00

Abstract: Embodiments of the present technology relate to a method for applying a security policy to an application session, comprising: determining, by a security gateway, a first user identity and a second user identity from a data packet for an application session; obtaining, by the security gateway, a security policy for the application session; and applying the security policy to the application session by the security gateway. The user identity may be a network user identity or an application user identity recognized from packets of the application session. The security policy may comprise a network traffic policy mapped and/or a document access policy mapped to the user identity, where the network traffic policy is applied to the application session. The security gateway may further generate a security report concerning the application of the security policy to the application session.

Abstract translation: 本技术的实施例涉及一种将安全策略应用于应用会话的方法，包括：由安全网关从用于应用会话的数据分组确定第一用户身份和第二用户身份; 由安全网关获取应用会话的安全策略; 并将安全策略应用于安全网关的应用会话。 用户身份可以是从应用会话的分组识别的网络用户身份或应用用户身份。 安全策略可以包括被映射的网络流量策略和/或映射到用户身份的文档访问策略，其中将网络流量策略应用于应用会话。 安全网关还可以生成关于安全策略应用于应用会话的安全报告。

公开(公告)号：US09270705B1

公开(公告)日：2016-02-23

申请号：US14323884

申请日：2014-07-03

Applicant: A10 Networks, Inc.

Inventor： Lee Chen ,  Dennis Oshiba ,  John Chiong

IPC: H04L29/06 ,  G06F21/00 ,  H04L29/08 ,  H04L12/58

CPC classification number: H04L63/0263 ,  G06F21/00 ,  G06F21/44 ,  H04L12/66 ,  H04L51/04 ,  H04L63/02 ,  H04L63/0227 ,  H04L63/0236 ,  H04L63/0245 ,  H04L63/0254 ,  H04L63/029 ,  H04L63/0407 ,  H04L63/08 ,  H04L63/10 ,  H04L63/102 ,  H04L63/105 ,  H04L63/164 ,  H04L63/168 ,  H04L63/20 ,  H04L63/30 ,  H04L65/1026 ,  H04L67/10 ,  H04L67/1004 ,  H04L67/104 ,  H04L67/141 ,  H04L67/22 ,  H04L67/306 ,  H04L67/42 ,  H04L69/28 ,  H04L69/329 ,  H04M1/72547 ,  H04W12/00

Abstract: Applying a security policy to an application session, includes: recognizing the application session between a network and an application via a security gateway; determining by the security gateway a user identity of the application session using information about the application session; obtaining by the security gateway the security policy comprising network parameters mapped to the user identity; and applying the security policy to the application session by the security gateway. The user identity may be a network user identity or an application user identity recognized from packets of the application session. The security policy may comprise a network traffic policy mapped and/or a document access policy mapped to the user identity, where the network traffic policy is applied to the application session. The security gateway may further generate a security report concerning the application of the security policy to the application session.

公开(公告)号：US20160036778A1

公开(公告)日：2016-02-04

申请号：US14323920

申请日：2014-07-03

Applicant: A10 Networks, Inc.

Inventor： Lee Chen ,  Dennis Oshiba ,  John Chiong

IPC: H04L29/06

CPC classification number: H04L63/20 ,  G06F21/00 ,  H04L45/308 ,  H04L51/04 ,  H04L61/20 ,  H04L61/2596 ,  H04L61/3065 ,  H04L63/02 ,  H04L63/0227 ,  H04L63/0236 ,  H04L63/029 ,  H04L63/0407 ,  H04L63/08 ,  H04L63/0892 ,  H04L65/1026 ,  H04L67/02 ,  H04L67/06 ,  H04L67/10 ,  H04L67/14 ,  H04L67/22 ,  H04L67/306 ,  H04L67/42 ,  H04L69/22 ,  H04M1/72547 ,  H04W12/00

Abstract: A security gateway includes packet routing policies, each including a host network address, an application network address, and a forwarding interface. In routing data packets of an application session, the security gateway: recognizes the application session between a network and an application; determines a user identity from an application session record for the application session; determines packet routing policies applicable to the application session based on the user identity; receives a data packet for the application session, including a source network address and a destination network address; compares the source network address with the host network address, and the destination network address with the application network address; and in response to finding a match between the source network address and the host network address, and between the destination network address and the application network address, processes the data packet using the forwarding interface of the packet routing policy.

Abstract translation: 安全网关包括分组路由策略，每个路由策略包括主机网络地址，应用网络地址和转发接口。 在路由应用会话的数据包时，安全网关：识别网络和应用之间的应用会话; 从应用会话的应用会话记录中确定用户身份; 基于用户身份确定适用于应用会话的分组路由策略; 接收应用会话的数据包，包括源网络地址和目的网络地址; 将源网络地址与主机网络地址进行比较，将目的网络地址与应用网络地址进行比较; 并且响应于找到源网络地址和主机网络地址之间以及目的地网络地址和应用网络地址之间的匹配，使用分组路由策略的转发接口处理数据分组。

公开(公告)号：US08868765B1

公开(公告)日：2014-10-21

申请号：US13841496

申请日：2013-03-15

Applicant: A10 Networks, Inc.

Inventor： Lee Chen ,  John Chiong ,  Xin Wang

IPC: G06F15/16 ,  H04L29/06 ,  H04L29/08

CPC classification number: H04L63/102 ,  H04L12/66 ,  H04L29/06 ,  H04L61/6022 ,  H04L61/6068 ,  H04L63/02 ,  H04L63/0281 ,  H04L63/04 ,  H04L63/08 ,  H04L63/0853 ,  H04L63/10 ,  H04L63/30 ,  H04L63/308 ,  H04L65/1003 ,  H04L65/1006 ,  H04L65/1069 ,  H04L65/4007 ,  H04L67/14 ,  H04L67/141 ,  H04L67/146

Abstract: The inventive system includes a host, a network including a security gateway, and a public application. Established are an access session between the network and the host and an application session between the public application and the network. An application session record is created for the application session, and includes the user's public user identity used to access the public application, the user's private user identity used to access the network, a host identity, and an application session time. To determine the private user identity for the application session, the security gateway sends a query with the host identity and the application session time. These are compared with the host identity and access session time in an access session record. If they match, then the private user identity in the access session record is returned, and it is stored as the private user identity in the application session record.

Abstract translation: 本发明的系统包括主机，包括安全网关的网络和公共应用。 建立在网络和主机之间的访问会话以及公共应用程序和网络之间的应用程序会话。 为应用会话创建应用会话记录，并且包括用于访问公共应用的用户的公共用户标识，用于访问网络的用户的私有用户标识，主机标识和应用会话时间。 为了确定应用程序会话的私有用户身份，安全网关发送具有主机标识和应用程序会话时间的查询。 这些与访问会话记录中的主机身份和访问会话时间进行比较。 如果匹配，则返回访问会话记录中的私有用户身份，并将其作为私有用户身份存储在应用程序会话记录中。

公开(公告)号：US10305859B2

公开(公告)日：2019-05-28

申请号：US15601954

申请日：2017-05-22

Applicant: A10 NETWORKS, INC.

Inventor： Lee Chen ,  Dennis Oshiba ,  John Chiong

IPC: H04L29/06 ,  G06F21/44 ,  H04L12/66 ,  H04L29/08 ,  G06F21/00 ,  H04L12/58 ,  H04M1/725 ,  H04W12/00

Abstract: Applying a security policy to an application session, includes recognizing the application session between a network and an application via a security gateway, determining by the security gateway a user identity of the application session using information about the application session, obtaining by the security gateway the security policy comprising network parameters mapped to the user identity, and applying the security policy to the application session by the security gateway. The user identity may be a network user identity or an application user identity recognized from packets of the application session. The security policy may comprise a network traffic policy mapped and/or a document access policy mapped to the user identity, where the network traffic policy is applied to the application session. The security gateway may further generate a security report concerning the application of the security policy to the application session.

公开(公告)号：US20180212835A1

公开(公告)日：2018-07-26

申请号：US15928345

申请日：2018-03-22

Applicant: A10 NETWORKS, INC.

Inventor： Lee Chen ,  John Chiong

IPC: H04L12/24 ,  H04L29/08 ,  H04L29/12

CPC classification number: H04L41/12 ,  H04L29/12066 ,  H04L61/1511 ,  H04L67/1002 ,  H04L67/1021 ,  H04L67/1036

Abstract: A method for web service load balancing may commence with receiving, from a local DNS server, a request for a web service. The local DNS server may be coupled to a web client requesting the web service. The request may include local DNS server information. The method may continue with determining a geographic location of the local DNS server based on the local DNS server information. The method may further include selecting a web server from a plurality of web servers based on the web service. The method may continue with determining a geographic location of the web server and determining that the geographic location of the local DNS server matches the geographic location of the web server. The method may further include selecting the web server based on the match. The method may continue with sending a response to the local DNS server.

公开(公告)号：US09954899B2

公开(公告)日：2018-04-24

申请号：US15157357

申请日：2016-05-17

Applicant: A10 Networks, Inc.

Inventor： Lee Chen ,  Dennis Oshiba ,  John Chiong

IPC: H04L29/06 ,  H04L29/08 ,  H04L12/725 ,  H04L29/12 ,  G06F21/00 ,  H04L12/58 ,  H04M1/725 ,  H04W12/00

CPC classification number: H04L63/20 ,  G06F21/00 ,  H04L45/308 ,  H04L51/04 ,  H04L61/20 ,  H04L61/2596 ,  H04L61/3065 ,  H04L63/02 ,  H04L63/0227 ,  H04L63/0236 ,  H04L63/029 ,  H04L63/0407 ,  H04L63/08 ,  H04L63/0892 ,  H04L65/1026 ,  H04L67/02 ,  H04L67/06 ,  H04L67/10 ,  H04L67/14 ,  H04L67/22 ,  H04L67/306 ,  H04L67/42 ,  H04L69/22 ,  H04M1/72547 ,  H04W12/00

Abstract: Embodiments of the present technology relate to a method for applying a security policy to an application session, comprising: determining, by a security gateway, a first user identity and a second user identity from a data packet for an application session; obtaining, by the security gateway, a security policy for the application session; and applying the security policy to the application session by the security gateway. The user identity may be a network user identity or an application user identity recognized from packets of the application session. The security policy may comprise a network traffic policy mapped and/or a document access policy mapped to the user identity, where the network traffic policy is applied to the application session. The security gateway may further generate a security report concerning the application of the security policy to the application session.

公开(公告)号：US09712493B2

公开(公告)日：2017-07-18

申请号：US15054583

申请日：2016-02-26

Applicant: A10 Networks, Inc.

Inventor： Xin Wang ,  Lee Chen ,  John Chiong

IPC: G06F15/16 ,  H04L29/06 ,  H04L29/08 ,  H04L29/12

CPC classification number: H04L63/102 ,  H04L12/66 ,  H04L29/06 ,  H04L61/6022 ,  H04L61/6068 ,  H04L63/02 ,  H04L63/0281 ,  H04L63/04 ,  H04L63/08 ,  H04L63/0853 ,  H04L63/10 ,  H04L63/30 ,  H04L63/308 ,  H04L65/1003 ,  H04L65/1006 ,  H04L65/1069 ,  H04L65/4007 ,  H04L67/14 ,  H04L67/141 ,  H04L67/146

Abstract: The inventive system includes a host, a network including a security gateway, and a public application. Established are an access session between the network and the host and an application session between the public application and the network. An application session record is created for the application session, and includes the user's public user identity used to access the public application, the user's private user identity used to access the network, a host identity, and an application session time. To determine the private user identity for the application session, the security gateway sends a query with the host identity and the application session time. These are compared with the host identity and access session time in an access session record, if they match, then the private user identity in the access session record is returned, and it is stored as the private user identity in the application session record.

公开(公告)号：US20170041350A1

公开(公告)日：2017-02-09

申请号：US15334174

申请日：2016-10-25

Applicant: A10 Networks, Inc.

Inventor： Lee Chen ,  Dennis Oshiba ,  John Chiong

IPC: H04L29/06

CPC classification number: H04L63/0263 ,  G06F21/00 ,  G06F21/44 ,  H04L12/66 ,  H04L51/04 ,  H04L63/02 ,  H04L63/0227 ,  H04L63/0236 ,  H04L63/0245 ,  H04L63/0254 ,  H04L63/029 ,  H04L63/0407 ,  H04L63/08 ,  H04L63/10 ,  H04L63/102 ,  H04L63/105 ,  H04L63/164 ,  H04L63/168 ,  H04L63/20 ,  H04L63/30 ,  H04L65/1026 ,  H04L67/10 ,  H04L67/1004 ,  H04L67/104 ,  H04L67/141 ,  H04L67/22 ,  H04L67/306 ,  H04L67/42 ,  H04L69/28 ,  H04L69/329 ,  H04M1/72547 ,  H04W12/00

Abstract: Applying a security policy to an application session, includes recognizing the application session between a network and an application via a security gateway, determining by the security gateway a user identity of the application session using information about the application session, obtaining by the security gateway the security policy comprising network parameters mapped to the user identity, and applying the security policy to the application session by the security gateway. The user identity may be a network user identity or an application user identity recognized from packets of the application session. The security policy may comprise a network traffic policy mapped and/or a document access policy mapped to the user identity, where the network traffic policy is applied to the application session. The security gateway may further generate a security report concerning the application of the security policy to the application session.

Abstract translation: 将安全策略应用到应用会话中，包括通过安全网关识别网络和应用之间的应用会话，使用关于应用会话的信息由安全网关确定应用会话的用户身份，由安全网关获取 包括映射到用户身份的网络参数的安全策略，以及安全网关将安全策略应用于应用会话。 用户身份可以是从应用会话的分组识别的网络用户身份或应用用户身份。 安全策略可以包括被映射的网络流量策略和/或映射到用户身份的文档访问策略，其中将网络流量策略应用于应用会话。 安全网关还可以生成关于安全策略应用于应用会话的安全报告。