公开(公告)号：US20240205191A1

公开(公告)日：2024-06-20

申请号：US18106526

申请日：2023-02-07

Applicant: VMWARE, INC.

Inventor： SHIRISH VIJAYVARGIYA ,  VASANTHA KUMAR DHANASEKAR ,  SRIRAM GOPALAKRISHNAN

IPC: H04L9/40

CPC classification number: H04L63/0263 ,  H04L63/20

Abstract: The disclosure provides an approach for firewall policy management. Embodiments include receiving, at a firewall from a first virtual computing instance (VCI), a registration request comprising a first identifier of the first VCI and a second identifier of a second VCI. Embodiments include determining, at the firewall, based on the second identifier included in the registration request, that the second VCI is associated with a network security policy at the firewall. Embodiments include applying, at the firewall, based on the first identifier included in the registration request, the network policy associated with the second VCI to the first VCI. Additionally, embodiments include allowing or disallowing network activity for the first VCI based on the applied network security policy.

公开(公告)号：US20240422195A1

公开(公告)日：2024-12-19

申请号：US18230695

申请日：2023-08-07

Applicant: VMWARE, INC.

Inventor： VASANTHA KUMAR DHANASEKAR ,  DIMITRIOS SIKERIDIS ,  SHIRISH VIJAYVARGIYA ,  SRIRAM GOPALAKRISHNAN

IPC: H04L9/40 ,  G06F9/455

Abstract: Example methods and systems for policy configuration using a data-plane approach are described. In one example, a first computer system may detect first data- plane packet(s) for establishing a connection between (a) a first virtualized computing instance and (b) a second computer system from which a resource is accessible. The first computer system may extract, from the first data-plane packet(s), parameter information associated with the connection; and configure a policy that is applicable for access control of the resource based on the parameter information. In response to detecting second data-plane packet(s) to access the resource, the computer system may apply the policy to allow or block forwarding of the second data-plane packet towards the second computer system. The second data-plane packet may originate from (a) the first virtualized computing instance or (b) a second virtualized computing instance supported by the first computer system.

公开(公告)号：US20200236086A1

公开(公告)日：2020-07-23

申请号：US16383692

申请日：2019-04-15

Applicant: VMWARE, INC.

Inventor： RAYANAGOUDA BHEEMANAGOUDA PATIL ,  VASANTHA KUMAR ,  SRIRAM GOPALAKRISHNAN ,  MANDAR BARVE

IPC: H04L29/06 ,  G06F9/455 ,  H04L12/715

Abstract: Example methods and systems for score-based dynamic firewall rule enforcement in a software-defined networking (SDN) environment. One example method may comprise in response to detecting a first request to access a first resource, identifying a first score associated with the user, and a firewall rule that is applicable to the user based on information associated with the user. The firewall rule may be applied to allow access to the first resource. The method may further comprise adjusting the first score to a second score that represents a more restrictive access level compared to the first score. In response to detecting a second request to access the first resource, applying the firewall rule to block the second request based on the second score.