-
1.发明授权Deploying policy configuration across multiple security devices through hierarchical configuration templates 有权通过分层配置模板在多个安全设备之间部署策略配置公开(公告)号:US09027077B1
公开(公告)日:2015-05-05
申请号:US13460576
申请日:2012-04-30
申请人: Anupam Bharali , Kunal Kundu , Zhi Ning Wang
发明人: Anupam Bharali , Kunal Kundu , Zhi Ning Wang
摘要: Deploying policy configuration across multiple security devices through hierarchical configuration templates is disclosed. In some embodiments, deploying policy configuration across multiple security devices through hierarchical configuration templates for configuring a plurality of security devices includes receiving at a first security device a hierarchy of templates from a central management server, in which the hierarchy of templates includes configuration information for a group of security devices, and in which the first security device is included in the group of security devices; and reconciling on the first security device's configuration information included in the hierarchy of templates and device specific configuration based on local configuration information, in which the first security device performs an object level reconciliation to maintain device configuration consistency.
摘要翻译: 公开了通过分层配置模板在多个安全设备之间部署策略配置。 在一些实施例中,通过用于配置多个安全设备的分层配置模板来跨多个安全设备部署策略配置包括在第一安全设备处接收来自中央管理服务器的模板层级,其中模板层级包括用于 一组安全设备,并且其中第一安全设备包括在安全设备组中; 并且基于第一安全设备的基于本地配置信息的模板层次结构中的配置信息和设备特定配置进行协调,其中第一安全设备执行对象级别协调以维持设备配置一致性。
-
公开(公告)号:US08438252B2
公开(公告)日:2013-05-07
申请号:US13335745
申请日:2011-12-22
申请人: Nir Zuk , Ravi Ithal , Anupam Bharali
发明人: Nir Zuk , Ravi Ithal , Anupam Bharali
IPC分类号: G06F15/177
CPC分类号: H04L41/08 , H04L12/4679 , H04L41/0853 , H04L63/0272 , H04L67/10
摘要: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for managing network devices. A central management system stores shared configuration objects in a central configuration database. A network device stores shared configuration objects and device-specific configuration objects in a local configuration database. The local configuration database's shared configuration objects correspond to shared configuration objects in the central configuration database. The network device can be configured locally or using the central management system.
摘要翻译: 方法,系统和装置,包括在计算机存储介质上编码的计算机程序,用于管理网络设备。 中央管理系统将共享配置对象存储在中央配置数据库中。 网络设备将共享的配置对象和设备特定的配置对象存储在本地配置数据库中。 本地配置数据库的共享配置对象与中央配置数据库中的共享配置对象相对应。 网络设备可以在本地配置或使用中央管理系统。
-
3.发明申请公开(公告)号:US20070263553A1
公开(公告)日:2007-11-15
申请号:US11805488
申请日:2007-05-23
申请人: Anupam Bharali , Balraj Singh , Manish Sampat , Amit Singh , Rajiv Batra
发明人: Anupam Bharali , Balraj Singh , Manish Sampat , Amit Singh , Rajiv Batra
CPC分类号: H04L45/125 , H04L45/02 , H04L45/124 , H04L45/26 , H04L45/64
摘要: The present invention provides an efficient system and method for routing information through a dynamic network. The system includes at least one ingress point and one egress point. The ingress and egress point cooperate to form a virtual circuit for routing packets to destination subnets directly reachable by the egress point. The egress point automatically discovers which subnets are directly accessible via its local ports and summarizes this information for the ingress point. The ingress point receives this information, compiles it into a routing table, and verifies that those subnets are best accessed by the egress point. Verification is accomplished by sending probe packets to select addresses on the subnet. Additionally, the egress point may continue to monitor the local topology and incrementally update the information to the ingress to allow the ingress to adjust its compiled routing table.
摘要翻译: 本发明提供了一种通过动态网络路由信息的有效系统和方法。 该系统包括至少一个入口点和一个出口点。 入口点和出口点协作形成一个虚拟电路,用于将数据包路由到出口点直接访问的目的地子网。 出口点自动发现哪些子网可以通过其本地端口直接访问,并总结入口点的此信息。 入口点接收该信息,将其编译成路由表,并验证这些子网是否最好被出口点访问。 验证是通过发送探测数据包来选择子网上的地址来实现的。 此外,出口点可以继续监视本地拓扑,并将信息递增地更新到入口,以允许入口调整其编译的路由表。
-
4.发明授权公开(公告)号:US07936783B1
公开(公告)日:2011-05-03
申请号:US12494897
申请日:2009-06-30
申请人: Anupam Bharali , Qingming Ma
发明人: Anupam Bharali , Qingming Ma
CPC分类号: H04L47/10 , H04L45/00 , H04L45/64 , H04L47/125
摘要: In general, the invention is directed to techniques of load balancing network traffic among paths on a point-to-multipoint overlay network. In load balancing the network traffic, the techniques take into consideration costs associated with paths through the overlay network and costs associated with paths beyond the egress points of the overlay network, even when such costs may be unequal.
摘要翻译: 通常,本发明涉及在点对多点覆盖网络上的路径之间负载平衡网络业务的技术。 在负载平衡网络流量时,这些技术考虑到与通过覆盖网络的路径相关联的成本以及与覆盖网络的出口点之外的路径相关联的成本,即使这样的成本可能不相等。
-
5.发明授权公开(公告)号:US07590149B1
公开(公告)日:2009-09-15
申请号:US11558625
申请日:2006-11-10
申请人: Anupam Bharali , Qingming Ma
发明人: Anupam Bharali , Qingming Ma
IPC分类号: H04L12/56 , H04J3/24 , G06F15/173
CPC分类号: H04L47/10 , H04L45/00 , H04L45/64 , H04L47/125
摘要: In general, the invention is directed to techniques of load balancing network traffic among paths on a point-to-multipoint overlay network. In load balancing the network traffic, the techniques take into consideration costs associated with paths through the overlay network and costs associated with paths beyond the egress points of the overlay network, even when such costs may be unequal.
摘要翻译: 通常,本发明涉及在点对多点覆盖网络上的路径之间负载平衡网络业务的技术。 在负载平衡网络流量时,这些技术考虑到与通过覆盖网络的路径相关联的成本以及与覆盖网络的出口点之外的路径相关联的成本,即使这样的成本可能不相等。
-
公开(公告)号:US08566900B1
公开(公告)日:2013-10-22
申请号:US13113936
申请日:2011-05-23
申请人: Anupam Bharali , Ravi Ithal , Yueh-Zen Chen
发明人: Anupam Bharali , Ravi Ithal , Yueh-Zen Chen
IPC分类号: G06F17/00
CPC分类号: H04L63/107 , H04L63/0236 , H04L63/20 , H04L67/18
摘要: Using geographical information in policy enforcement is disclosed. A policy is determined based on geographical information associated with an IP address. A policy is enforced based at least in part on the geographical information. The IP address may be either a source IP address or a destination IP address. In some cases network traffic is monitored to determine the IP address.
摘要翻译: 披露了在政策实施中使用地理信息。 基于与IP地址相关联的地理信息确定策略。 至少部分地基于地理信息执行政策。 IP地址可能是源IP地址或目的IP地址。 在某些情况下,监控网络流量以确定IP地址。
-
公开(公告)号:US08432832B2
公开(公告)日:2013-04-30
申请号:US13599790
申请日:2012-08-30
申请人: Nir Zuk , Anupam Bharali
发明人: Nir Zuk , Anupam Bharali
IPC分类号: H04L12/28
CPC分类号: H04L41/084 , H04L41/0816 , H04L41/085
摘要: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for configuring network devices. A central management system stores shared configuration objects in a central configuration database. A network device stores shared configuration objects and device-specific configuration objects in a local configuration database. The local configuration database's shared configuration objects correspond to shared configuration objects in the central configuration database. The central management system determines the network device has received a request to update a shared configuration object, where the request did not originate from the central management system, and updates the central configuration database.
摘要翻译: 方法,系统和装置,包括在计算机存储介质上编码的计算机程序,用于配置网络设备。 中央管理系统将共享配置对象存储在中央配置数据库中。 网络设备将共享的配置对象和设备特定的配置对象存储在本地配置数据库中。 本地配置数据库的共享配置对象与中央配置数据库中的共享配置对象相对应。 中央管理系统确定网络设备已经接收到更新共享配置对象的请求,其中请求不是源于中央管理系统,并且更新中央配置数据库。
-
8.发明授权公开(公告)号:US08621556B1
公开(公告)日:2013-12-31
申请号:US13115894
申请日:2011-05-25
申请人: Anupam Bharali , Ajay Ghatge , Ravi Ithal
发明人: Anupam Bharali , Ajay Ghatge , Ravi Ithal
CPC分类号: H04L63/0236 , H04L47/286 , H04L61/1511 , H04L63/02 , H04L63/0227 , H04L63/1416 , H04L63/20
摘要: Dynamic resolution of Fully Qualified Domain Name (FQDN) address objects in policy definitions is provided. In some embodiments, dynamic resolution of Fully Qualified Domain Name (FQDN) address objects in policy definitions includes receiving a network policy that includes a domain name (e.g., the network policy can include a network security rule that is based on the domain name); and periodically updating Internet Protocol (IP) address information associated with the domain name by performing a Domain Name Server (DNS) query. In some embodiments, dynamic resolution of Fully Qualified Domain Name (FQDN) address objects in policy definitions includes dynamically performing a first local Domain Name Server (DNS) lookup for a first VSYS using a first DNS server on a first domain name for implementing a network policy based on the first domain name; dynamically performing a second local DNS lookup for a second VSYS using a second DNS server on the first domain name for implementing the network policy based on the first domain name; in which the network policy includes a network security rule that is based on the first domain name, and the network policy includes a network security rule that is based on the second domain name.
-
公开(公告)号:US08108495B1
公开(公告)日:2012-01-31
申请号:US12433728
申请日:2009-04-30
申请人: Nir Zuk , Ravi Ithal , Anupam Bharali
发明人: Nir Zuk , Ravi Ithal , Anupam Bharali
IPC分类号: G06F15/177
CPC分类号: H04L41/08 , H04L12/4679 , H04L41/0853 , H04L63/0272 , H04L67/10
摘要: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for managing network devices. A central management system stores shared configuration objects in a central configuration database. A network device stores shared configuration objects and device-specific configuration objects in a local configuration database. The local configuration database's shared configuration objects correspond to shared configuration objects in the central configuration database. The network device can be configured locally or using the central management system.
摘要翻译: 方法,系统和装置,包括在计算机存储介质上编码的计算机程序,用于管理网络设备。 中央管理系统将共享配置对象存储在中央配置数据库中。 网络设备将共享的配置对象和设备特定的配置对象存储在本地配置数据库中。 本地配置数据库的共享配置对象与中央配置数据库中的共享配置对象相对应。 网络设备可以在本地配置或使用中央管理系统。
-
公开(公告)号:US20120166599A1
公开(公告)日:2012-06-28
申请号:US13335745
申请日:2011-12-22
申请人: Nir Zuk , Ravi Ithal , Anupam Bharali
发明人: Nir Zuk , Ravi Ithal , Anupam Bharali
IPC分类号: G06F15/177
CPC分类号: H04L41/08 , H04L12/4679 , H04L41/0853 , H04L63/0272 , H04L67/10
摘要: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for managing network devices. A central management system stores shared configuration objects in a central configuration database. A network device stores shared configuration objects and device-specific configuration objects in a local configuration database. The local configuration database's shared configuration objects correspond to shared configuration objects in the central configuration database. The network device can be configured locally or using the central management system.
摘要翻译: 方法,系统和装置,包括在计算机存储介质上编码的计算机程序,用于管理网络设备。 中央管理系统将共享配置对象存储在中央配置数据库中。 网络设备将共享的配置对象和设备特定的配置对象存储在本地配置数据库中。 本地配置数据库的共享配置对象与中央配置数据库中的共享配置对象相对应。 网络设备可以在本地配置或使用中央管理系统。
-
-
-
-
-
-
-
-
-
搜索结果
12 条记录 (耗时 0.018 秒)
