公开(公告)号：US12192241B2

公开(公告)日：2025-01-07

申请号：US17937208

申请日：2022-09-30

Applicant: Juniper Networks, Inc.

Inventor： Viacheslav Dementyev ,  Kesavan Kazhiyur Mannar ,  Madhava Rao Cheethirala ,  Natarajan Manthiramoorthy ,  Raja Rao Tadimeti

IPC: H04L9/40

Abstract: Techniques are described for configuration and application of intent-based network access control (NAC) policies for authentication and authorization of multi-tenant, network access server (NAS) devices to access enterprise networks of organizations. A network management system configures intent-based NAC policies for an organization. A cloud-based NAC system may apply an appropriate intent-based NAC policy in response to an authentication request from a NAS device. The NAC system identifies a vendor of the NAS device, matches incoming attributes in the authentication request to a set of normalized match rules of the intent-based NAC policy, and translates a set of abstracted policy results corresponding to the set of normalized match rules into a vendor-specific set of return attributes based on the vendor of the NAS device. The NAC system sends the vendor-specific set of return attributes to the NAS device to enable the NAS device to access the enterprise network of the organization.

公开(公告)号：US20240334190A1

公开(公告)日：2024-10-03

申请号：US18194397

申请日：2023-03-31

Applicant: Juniper Networks, Inc.

Inventor： Madhava Rao Cheethirala ,  Natarajan Manthiramoorthy ,  Raja Rao Tadimeti ,  Pavan Basetty ,  Jui-Hao Sun ,  Nicolas S. Dade

IPC: H04W12/065 ,  H04W28/02 ,  H04W28/08

CPC classification number: H04W12/065 ,  H04W28/0236 ,  H04W28/0835

Abstract: A network access server (NAS) device is described that is configured to load balance authentication requests to network access control (NAC) systems based on a type of the authentication request. The NAS device may probe or ping one or more geographically distributed NAC systems to determine response latency and to receive load and status indications from the NAC systems. In response to receipt of an authentication request from a client device, the NAS device may select one NAC system from among the one or more NAC systems based on the load and status indications of the NAC systems and the type of authentication request received.

公开(公告)号：US20230403305A1

公开(公告)日：2023-12-14

申请号：US17937208

申请日：2022-09-30

Applicant: Juniper Networks, Inc.

Inventor： Viacheslav Dementyev ,  Kesavan Kazhiyur Mannar ,  Madhava Rao Cheethirala ,  Natarajan Manthiramoorthy ,  Raja Rao Tadimeti

IPC: H04L9/40 ,  H04L41/22

CPC classification number: H04L63/20 ,  H04L41/22 ,  H04L63/104 ,  H04L63/0876

Abstract: Techniques are described for configuration and application of intent-based network access control (NAC) policies for authentication and authorization of multi-tenant, network access server (NAS) devices to access enterprise networks of organizations. A network management system configures intent-based NAC policies for an organization. A cloud-based NAC system may apply an appropriate intent-based NAC policy in response to an authentication request from a NAS device. The NAC system identifies a vendor of the NAS device, matches incoming attributes in the authentication request to a set of normalized match rules of the intent-based NAC policy, and translates a set of abstracted policy results corresponding to the set of normalized match rules into a vendor-specific set of return attributes based on the vendor of the NAS device. The NAC system sends the vendor-specific set of return attributes to the NAS device to enable the NAS device to access the enterprise network of the organization.

公开(公告)号：US20250056322A1

公开(公告)日：2025-02-13

申请号：US18395023

申请日：2023-12-22

Applicant: Juniper Networks, Inc.

Inventor： Natarajan Manthiramoorthy ,  Raja Rao Tadimeti ,  Anantha Ravi ,  Madhava Rao Cheethirala ,  Vinod Peris

IPC: H04W28/08 ,  H04W12/069

Abstract: A network access server (NAS) device on a wireless network at a site is described, the NAS device comprising memory including a policy cache having entries for one or more client devices where each entry includes a last policy action previously identified by a network access control (NAC) system for the respective client device. The NAS device further comprising processing circuitry configured to, upon receipt of an access request for the wireless network from a client device, authenticate the client device. The processing circuitry is configured to, after authentication of the client device, determine whether the client device is included in the policy cache. The processing circuitry is configured to, based on the client device being included in the policy cache, authorize the client device to access the wireless network in accordance with the last policy action for the client device.

公开(公告)号：US20230291735A1

公开(公告)日：2023-09-14

申请号：US17809730

申请日：2022-06-29

Applicant: Juniper Networks, Inc.

Inventor： Madhava Rao Cheethirala ,  Raja Rao Tadimeti ,  Natarajan Manthiramoorthy

IPC: H04L9/40

CPC classification number: H04L63/0876 ,  H04L63/101

Abstract: Techniques are described for providing network provisioning by a network management system (NMS) based on fingerprint information determined by a network access control (NAC) system. An example method includes receiving, by the NAC system, a network access request for a client device to access an enterprise network; obtaining, by the NAC system, fingerprint information of the client device associated with the network access request, wherein the fingerprinting information comprises information specifying one or more attributes associated with the client device; authenticating, by the NAC system, the client device to access the enterprise network; sending, by the NAC system and to the NMS, the fingerprint information of the client device; and provisioning, by the NMS, one or more network resources associated with the client device based on the fingerprint information of the client device.

公开(公告)号：US20250141932A1

公开(公告)日：2025-05-01

申请号：US19003918

申请日：2024-12-27

Applicant: Juniper Networks, Inc.

Inventor： Viacheslav Dementyev ,  Kesavan Kazhiyur Mannar ,  Madhava Rao Cheethirala ,  Natarajan Manthiramoorthy ,  Raja Rao Tadimeti

IPC: H04L9/40

Abstract: Techniques are described for configuration and application of intent-based network access control (NAC) policies for authentication and authorization of multi-tenant, network access server (NAS) devices to access enterprise networks of organizations. A network management system configures intent-based NAC policies for an organization. A cloud-based NAC system may apply an appropriate intent-based NAC policy in response to an authentication request from a NAS device. The NAC system identifies a vendor of the NAS device, matches incoming attributes in the authentication request to a set of normalized match rules of the intent-based NAC policy, and translates a set of abstracted policy results corresponding to the set of normalized match rules into a vendor-specific set of return attributes based on the vendor of the NAS device. The NAC system sends the vendor-specific set of return attributes to the NAS device to enable the NAS device to access the enterprise network of the organization.

公开(公告)号：US20240179168A1

公开(公告)日：2024-05-30

申请号：US18551981

申请日：2022-06-29

Applicant: Juniper Networks, Inc.

Inventor： Natarajan Manthiramoorthy ,  Raja Rao Tadimeti ,  Madhava Rao Cheethirala

IPC: H04L9/40

CPC classification number: H04L63/1425 ,  H04L63/0876

Abstract: Techniques are described for network access anomaly detection and mitigation that improves network security for wired and/or wireless devices. An example method includes receiving a network access request for a client device to access a network; obtaining fingerprinting information of the client device; determining whether the client device is a new client device requesting access to the network; in response to determining that the client device is not a new client device requesting access to the network, determining whether the fingerprinting information of the client device has an anomaly to previously obtained fingerprinting information of an authorized client device; and executing, in response to determining that the fingerprinting information of the client device has an anomaly to previously obtained fingerprinting information of the authorized client device, an access policy to manage access to the network by the client device associated with the network access request.

公开(公告)号：US20230403272A1

公开(公告)日：2023-12-14

申请号：US17934124

申请日：2022-09-21

Applicant: Juniper Networks, Inc.

Inventor： Madhava Rao Cheethirala ,  Pavan Kumar Venkata Satish Bharathapudi ,  Natarajan Manthiramoorthy ,  Pavan Basetty ,  Raja Rao Tadimeti ,  Viacheslav Dementyev

IPC: H04L9/40 ,  H04L67/1097

CPC classification number: H04L63/0876 ,  H04L63/0823 ,  H04L63/166 ,  H04L67/1097

Abstract: A multi-tenant, cloud-hosted Network Access Control (NAC) system may receive an indicator from a Network Access Server (NAS) device to identify the tenant with which the NAS device is associated. The NAS device may put the identifier in the Transport Layer Security (TLS)/Secure Sockets Layer (SSL) extension Server Name Indication (SNI) field. The NAC system may use the identifier to obtain tenant-specific configuration information for setting up a secure tunnel with the NAS device.

公开(公告)号：US20250047675A1

公开(公告)日：2025-02-06

申请号：US18927424

申请日：2024-10-25

Applicant: Juniper Networks, Inc.

Inventor： Madhava Rao Cheethirala ,  Raja Rao Tadimeti ,  Natarajan Manthiramoorthy

IPC: H04L9/40

Abstract: Techniques are described for providing network provisioning by a network management system (NMS) based on fingerprint information determined by a network access control (NAC) system. An example method includes receiving, by the NAC system, a network access request for a client device to access an enterprise network; obtaining, by the NAC system, fingerprint information of the client device associated with the network access request, wherein the fingerprinting information comprises information specifying one or more attributes associated with the client device; authenticating, by the NAC system, the client device to access the enterprise network; sending, by the NAC system and to the NMS, the fingerprint information of the client device; and provisioning, by the NMS, one or more network resources associated with the client device based on the fingerprint information of the client device.

公开(公告)号：US12166758B2

公开(公告)日：2024-12-10

申请号：US17809730

申请日：2022-06-29

Applicant: Juniper Networks, Inc.

Inventor： Madhava Rao Cheethirala ,  Raja Rao Tadimeti ,  Natarajan Manthiramoorthy

IPC: H04L9/40

Abstract: Techniques are described for providing network provisioning by a network management system (NMS) based on fingerprint information determined by a network access control (NAC) system. An example method includes receiving, by the NAC system, a network access request for a client device to access an enterprise network; obtaining, by the NAC system, fingerprint information of the client device associated with the network access request, wherein the fingerprinting information comprises information specifying one or more attributes associated with the client device; authenticating, by the NAC system, the client device to access the enterprise network; sending, by the NAC system and to the NMS, the fingerprint information of the client device; and provisioning, by the NMS, one or more network resources associated with the client device based on the fingerprint information of the client device.