公开(公告)号：US20220353190A1

公开(公告)日：2022-11-03

申请号：US17569526

申请日：2022-01-06

Applicant: VMware, Inc.

Inventor： Navaneeth Krishnan Ramaswamy ,  Vaibhav Kulkarni

IPC: H04L47/24 ,  H04L12/46

Abstract: Some embodiments of the invention provide a method for micro-segmenting traffic flows in a software defined wide area network (SD-WAN). At a first edge forwarding node of a first multi-machine site in the SD-WAN, the method receives, from a particular forwarding element, a first packet of a packet flow originating from a second multi-machine site that is external to the SD-WAN, the packet flow destined for a particular machine at the first multi-machine site. The method uses deep packet inspection (DPI) on the first packet to identify contextual information not provided by the particular forwarding element about the first packet and the packet flow. Based on the identified contextual information, the method applies one or more policies to the first packet before forwarding the first packet to the particular machine.

公开(公告)号：US11831610B2

公开(公告)日：2023-11-28

申请号：US16938989

申请日：2020-07-26

Applicant: VMWARE, INC.

Inventor： Vaibhav Kulkarni ,  Ganesan Chandrashekhar ,  Mukesh Hira ,  Akshay Katrekar ,  Prashant Mane ,  Rompicherla Sai Pavan Kumar ,  Sachin Kalkur ,  Amey Borkar

IPC: H04L9/40 ,  G06F9/455

CPC classification number: H04L63/0263 ,  G06F9/45558 ,  H04L63/104 ,  G06F2009/45587 ,  G06F2009/45595

Abstract: A system and method for using private native security groups and private native firewall policy rules for a private cloud computing environment and a public cloud computing environment uses a public cloud gateway for routing data traffic between at least a cloud network created in the public cloud computing environment and the private cloud computing environment. For each of some private native firewall policy rules that has any of newly created private native security groups as one of source and destination, a cloud native security group (CNSG) rule object with an CNSG outbound rule object and an CNSG inbound rule object for the public cloud is created and at least one of the CNSG outbound rule object and the CNSG inbound rule object is updated so that the private native firewall policy rule can be used in the cloud network.

公开(公告)号：US11689522B2

公开(公告)日：2023-06-27

申请号：US17010052

申请日：2020-09-02

Applicant: VMWARE, INC.

Inventor： Vaibhav Kulkarni ,  Mukesh Hira ,  Akshay Katrekar ,  Suyash Vishwas Gogte ,  Prem Shankar Sharma ,  Nikolay Semenov ,  Saqib Raza

IPC: H04L9/40 ,  G06F9/455 ,  H04L67/10 ,  H04L67/53

CPC classification number: H04L63/0823 ,  G06F9/45558 ,  H04L63/0236 ,  H04L63/20 ,  H04L67/10 ,  H04L67/53 ,  G06F2009/45587 ,  G06F2009/45595

Abstract: System and computer-implemented method for secure hybrid cloud connectivity between an application in a public cloud service and an on-premises service supported by an on-premises appliance includes launching a public cloud gateway appliance in the public cloud service. The public cloud gateway appliance is configured with security information associated with the on-premises appliance. The on-premises appliance is provided with contact information associated with the public cloud gateway appliance. A communication channel is established, using an outbound port, from the on-premises appliance to the public cloud gateway appliance that is secured based on the security information associated with the on-premises appliance and the contact information associated with the public cloud gateway appliance.