公开(公告)号：US20250047675A1

公开(公告)日：2025-02-06

申请号：US18927424

申请日：2024-10-25

Applicant: Juniper Networks, Inc.

Inventor： Madhava Rao Cheethirala ,  Raja Rao Tadimeti ,  Natarajan Manthiramoorthy

IPC: H04L9/40

Abstract: Techniques are described for providing network provisioning by a network management system (NMS) based on fingerprint information determined by a network access control (NAC) system. An example method includes receiving, by the NAC system, a network access request for a client device to access an enterprise network; obtaining, by the NAC system, fingerprint information of the client device associated with the network access request, wherein the fingerprinting information comprises information specifying one or more attributes associated with the client device; authenticating, by the NAC system, the client device to access the enterprise network; sending, by the NAC system and to the NMS, the fingerprint information of the client device; and provisioning, by the NMS, one or more network resources associated with the client device based on the fingerprint information of the client device.

公开(公告)号：US12166758B2

公开(公告)日：2024-12-10

申请号：US17809730

申请日：2022-06-29

Applicant: Juniper Networks, Inc.

Inventor： Madhava Rao Cheethirala ,  Raja Rao Tadimeti ,  Natarajan Manthiramoorthy

IPC: H04L9/40

Abstract: Techniques are described for providing network provisioning by a network management system (NMS) based on fingerprint information determined by a network access control (NAC) system. An example method includes receiving, by the NAC system, a network access request for a client device to access an enterprise network; obtaining, by the NAC system, fingerprint information of the client device associated with the network access request, wherein the fingerprinting information comprises information specifying one or more attributes associated with the client device; authenticating, by the NAC system, the client device to access the enterprise network; sending, by the NAC system and to the NMS, the fingerprint information of the client device; and provisioning, by the NMS, one or more network resources associated with the client device based on the fingerprint information of the client device.

公开(公告)号：US20240154970A1

公开(公告)日：2024-05-09

申请号：US18551909

申请日：2022-07-12

Applicant: Juniper Networks, Inc.

Inventor： Madhava Rao Cheethirala ,  Raja Rao Tadimeti ,  Praveen Jain ,  Natarajan Manthiramoorthy

IPC: H04L9/40

CPC classification number: H04L63/102 ,  H04L63/101 ,  H04L63/20

Abstract: An example network access control system includes a memory storing one or more security policies for an enterprise network; and one or more processors coupled to the memory and configured to: receive a request to connect to the enterprise network from a client device of a user, in response to the receipt of the request, determine one or more user attributes associated with the user and one or more endpoint attributes of the client device, identify a security policy of the one or more security policies based on the one or more user attributes and the one or more endpoint attributes, and configure an access control module of a network device of the enterprise network in accordance with the security policy.

公开(公告)号：US12192241B2

公开(公告)日：2025-01-07

申请号：US17937208

申请日：2022-09-30

Applicant: Juniper Networks, Inc.

Inventor： Viacheslav Dementyev ,  Kesavan Kazhiyur Mannar ,  Madhava Rao Cheethirala ,  Natarajan Manthiramoorthy ,  Raja Rao Tadimeti

IPC: H04L9/40

Abstract: Techniques are described for configuration and application of intent-based network access control (NAC) policies for authentication and authorization of multi-tenant, network access server (NAS) devices to access enterprise networks of organizations. A network management system configures intent-based NAC policies for an organization. A cloud-based NAC system may apply an appropriate intent-based NAC policy in response to an authentication request from a NAS device. The NAC system identifies a vendor of the NAS device, matches incoming attributes in the authentication request to a set of normalized match rules of the intent-based NAC policy, and translates a set of abstracted policy results corresponding to the set of normalized match rules into a vendor-specific set of return attributes based on the vendor of the NAS device. The NAC system sends the vendor-specific set of return attributes to the NAS device to enable the NAS device to access the enterprise network of the organization.

公开(公告)号：US20250004738A1

公开(公告)日：2025-01-02

申请号：US18294933

申请日：2022-08-05

Applicant: Juniper Networks, Inc.

Inventor： Praveen Jain ,  Natarajan Manthiramoorthy ,  Suresh Kumar Nalluru ,  Mahesh Kalappattil ,  Krishnamurthy Kodundirapalli Padmanabhan

IPC: G06F8/61

Abstract: An example system includes a service provider, wherein the service provider is configured to: receive a connection request from an enterprise device via one or more communication networks, generate a route, a logical tunnel, and a first port number, instantiate, by the service provider, a service process configured to listen for network traffic at a first port associated with the first port number, store an association of the route to a logical tunnel interface for the logical tunnel with one of a plurality of virtual machines (VMs) and an association of the first port number with a source Internet protocol (IP) address obtained from the connection request, and forward, to the first port, an application request received from the enterprise at a second port associated with a second port number and via a tunnel established with the enterprise device.

公开(公告)号：US20240334190A1

公开(公告)日：2024-10-03

申请号：US18194397

申请日：2023-03-31

Applicant: Juniper Networks, Inc.

Inventor： Madhava Rao Cheethirala ,  Natarajan Manthiramoorthy ,  Raja Rao Tadimeti ,  Pavan Basetty ,  Jui-Hao Sun ,  Nicolas S. Dade

IPC: H04W12/065 ,  H04W28/02 ,  H04W28/08

CPC classification number: H04W12/065 ,  H04W28/0236 ,  H04W28/0835

Abstract: A network access server (NAS) device is described that is configured to load balance authentication requests to network access control (NAC) systems based on a type of the authentication request. The NAS device may probe or ping one or more geographically distributed NAC systems to determine response latency and to receive load and status indications from the NAC systems. In response to receipt of an authentication request from a client device, the NAS device may select one NAC system from among the one or more NAC systems based on the load and status indications of the NAC systems and the type of authentication request received.

公开(公告)号：US20230403305A1

公开(公告)日：2023-12-14

申请号：US17937208

申请日：2022-09-30

Applicant: Juniper Networks, Inc.

Inventor： Viacheslav Dementyev ,  Kesavan Kazhiyur Mannar ,  Madhava Rao Cheethirala ,  Natarajan Manthiramoorthy ,  Raja Rao Tadimeti

IPC: H04L9/40 ,  H04L41/22

CPC classification number: H04L63/20 ,  H04L41/22 ,  H04L63/104 ,  H04L63/0876

Abstract: Techniques are described for configuration and application of intent-based network access control (NAC) policies for authentication and authorization of multi-tenant, network access server (NAS) devices to access enterprise networks of organizations. A network management system configures intent-based NAC policies for an organization. A cloud-based NAC system may apply an appropriate intent-based NAC policy in response to an authentication request from a NAS device. The NAC system identifies a vendor of the NAS device, matches incoming attributes in the authentication request to a set of normalized match rules of the intent-based NAC policy, and translates a set of abstracted policy results corresponding to the set of normalized match rules into a vendor-specific set of return attributes based on the vendor of the NAS device. The NAC system sends the vendor-specific set of return attributes to the NAS device to enable the NAS device to access the enterprise network of the organization.

公开(公告)号：US20250056322A1

公开(公告)日：2025-02-13

申请号：US18395023

申请日：2023-12-22

Applicant: Juniper Networks, Inc.

Inventor： Natarajan Manthiramoorthy ,  Raja Rao Tadimeti ,  Anantha Ravi ,  Madhava Rao Cheethirala ,  Vinod Peris

IPC: H04W28/08 ,  H04W12/069

Abstract: A network access server (NAS) device on a wireless network at a site is described, the NAS device comprising memory including a policy cache having entries for one or more client devices where each entry includes a last policy action previously identified by a network access control (NAC) system for the respective client device. The NAS device further comprising processing circuitry configured to, upon receipt of an access request for the wireless network from a client device, authenticate the client device. The processing circuitry is configured to, after authentication of the client device, determine whether the client device is included in the policy cache. The processing circuitry is configured to, based on the client device being included in the policy cache, authorize the client device to access the wireless network in accordance with the last policy action for the client device.

公开(公告)号：US20230291735A1

公开(公告)日：2023-09-14

申请号：US17809730

申请日：2022-06-29

Applicant: Juniper Networks, Inc.

Inventor： Madhava Rao Cheethirala ,  Raja Rao Tadimeti ,  Natarajan Manthiramoorthy

IPC: H04L9/40

CPC classification number: H04L63/0876 ,  H04L63/101

Abstract: Techniques are described for providing network provisioning by a network management system (NMS) based on fingerprint information determined by a network access control (NAC) system. An example method includes receiving, by the NAC system, a network access request for a client device to access an enterprise network; obtaining, by the NAC system, fingerprint information of the client device associated with the network access request, wherein the fingerprinting information comprises information specifying one or more attributes associated with the client device; authenticating, by the NAC system, the client device to access the enterprise network; sending, by the NAC system and to the NMS, the fingerprint information of the client device; and provisioning, by the NMS, one or more network resources associated with the client device based on the fingerprint information of the client device.

公开(公告)号：US20250141932A1

公开(公告)日：2025-05-01

申请号：US19003918

申请日：2024-12-27

Applicant: Juniper Networks, Inc.

Inventor： Viacheslav Dementyev ,  Kesavan Kazhiyur Mannar ,  Madhava Rao Cheethirala ,  Natarajan Manthiramoorthy ,  Raja Rao Tadimeti

IPC: H04L9/40

Abstract: Techniques are described for configuration and application of intent-based network access control (NAC) policies for authentication and authorization of multi-tenant, network access server (NAS) devices to access enterprise networks of organizations. A network management system configures intent-based NAC policies for an organization. A cloud-based NAC system may apply an appropriate intent-based NAC policy in response to an authentication request from a NAS device. The NAC system identifies a vendor of the NAS device, matches incoming attributes in the authentication request to a set of normalized match rules of the intent-based NAC policy, and translates a set of abstracted policy results corresponding to the set of normalized match rules into a vendor-specific set of return attributes based on the vendor of the NAS device. The NAC system sends the vendor-specific set of return attributes to the NAS device to enable the NAS device to access the enterprise network of the organization.