公开(公告)号：US11824757B1

公开(公告)日：2023-11-21

申请号：US17663249

申请日：2022-05-13

申请人： Palo Alto Networks, Inc.

发明人： Tapraj Singh ,  Nazanin Magharei ,  Rimu Bhardwaj ,  Harshavardhan Parandekar ,  Vikram Guleria

IPC分类号： H04L45/02 ,  H04L9/40 ,  H04L61/256

CPC分类号： H04L45/02 ,  H04L61/256 ,  H04L63/0218

摘要： A pseudo-active/active firewall configuration handles firewall switchover events without traffic disruption. A passive firewall is set to an active state, and an active firewall is switched to a pseudo-active state wherein it continues to process ingress and egress traffic according to traffic handling protocols for its active state. An Internet protocol address binding linking the now pseudo-active firewall to an Internet gateway that forwards traffic to the firewalls is updated in a network address translation (NAT) table to route traffic to the newly active firewall. Once a pseudo-active timer expires and the binding is successfully updated to route traffic to the newly active firewall, the pseudo-active firewall is set to a passive state.

公开(公告)号：US11683250B2

公开(公告)日：2023-06-20

申请号：US17451944

申请日：2021-10-22

申请人： Palo Alto Networks, Inc.

发明人： Yu Zhang ,  Harshavardhan Parandekar ,  Nazanin Magharei

IPC分类号： H04L43/0864 ,  H04L43/0882 ,  H04L43/16 ,  H04L69/326 ,  H04L67/561

CPC分类号： H04L43/0864 ,  H04L43/0882 ,  H04L43/16 ,  H04L67/561 ,  H04L69/326

摘要： A proxy server can be configured to manage flow between terminated transport layer connections despite incongruous network conditions. The proxy server is programmed to dynamically adjust window size of one transport layer connection in the pair of proxy terminated connections to accommodate the other connection. After detecting a network condition related to one of the connections, the proxy server determines a drain rate of the transmit buffer of the transport layer connection corresponding to the impacting network condition. The proxy server then adjusts the transport layer window size for the other connection of the connection pair based on the determined drain rate.

公开(公告)号：US20230370422A1

公开(公告)日：2023-11-16

申请号：US17663257

申请日：2022-05-13

申请人： Palo Alto Networks, Inc.

发明人： Tapraj Singh ,  Harshavardhan Parandekar ,  Nazanin Magharei ,  Rimu Bhardwaj ,  Vikram Guleria

IPC分类号： H04L9/40 ,  H04L61/256 ,  H04L61/2514

CPC分类号： H04L63/0236 ,  H04L63/0263 ,  H04L61/256 ,  H04L61/2514

摘要： A pseudo-active/active firewall configuration handles firewall switchover events with minimized session disconnection. A passive firewall is set to an active state, and an active firewall is switched to a pseudo-active state wherein it continues to process ingress and egress traffic according to traffic handling protocols for its active state. During updating of a corresponding Network Address Translation (NAT) table to route traffic to the now-active firewall, the pseudo-active firewall enters a forwarding state wherein it forwards ingress network sessions to the now-active firewall and processes the ingress network sessions according to its active state. The now-active firewall receives the ingress network sessions and records session states prior to discarding them. After updating the NAT table, when traffic is routed to the now-active firewall, the recorded session states are used to maintain active sessions.

公开(公告)号：US20230370357A1

公开(公告)日：2023-11-16

申请号：US17663249

申请日：2022-05-13

申请人： Palo Alto Networks, Inc.

发明人： Tapraj Singh ,  Nazanin Magharei ,  Rimu Bhardwaj ,  Harshavardhan Parandekar ,  Vikram Guleria

IPC分类号： H04L45/02 ,  H04L61/256 ,  H04L9/40

CPC分类号： H04L45/02 ,  H04L61/256 ,  H04L63/0218

摘要： A pseudo-active/active firewall configuration handles firewall switchover events without traffic disruption. A passive firewall is set to an active state, and an active firewall is switched to a pseudo-active state wherein it continues to process ingress and egress traffic according to traffic handling protocols for its active state. An Internet protocol address binding linking the now pseudo-active firewall to an Internet gateway that forwards traffic to the firewalls is updated in a network address translation (NAT) table to route traffic to the newly active firewall. Once a pseudo-active timer expires and the binding is successfully updated to route traffic to the newly active firewall, the pseudo-active firewall is set to a passive state.

公开(公告)号：US20230131398A1

公开(公告)日：2023-04-27

申请号：US17451944

申请日：2021-10-22

申请人： Palo Alto Networks, Inc.

发明人： Yu Zhang ,  Harshavardhan Parandekar ,  Nazanin Magharei

IPC分类号： H04L12/26 ,  H04L29/08

摘要： A proxy server can be configured to manage flow between terminated transport layer connections despite incongruous network conditions. The proxy server is programmed to dynamically adjust window size of one transport layer connection in the pair of proxy terminated connections to accommodate the other connection. After detecting a network condition related to one of the connections, the proxy server determines a drain rate of the transmit buffer of the transport layer connection corresponding to the impacting network condition. The proxy server then adjusts the transport layer window size for the other connection of the connection pair based on the determined drain rate.