公开(公告)号：US20220116379A1

公开(公告)日：2022-04-14

申请号：US17069869

申请日：2020-10-14

Applicant: VMware, Inc.

Inventor： Pavan Rajkumar RANGAIN ,  Suman ALUVALA ,  Arjun KOCHHAR ,  Amit Kumar YADAV

IPC: H04L29/06

Abstract: Example methods and systems for context-aware network policy enforcement are described. In one example, a computer system may detect a request for a client device to access a destination server. The computer system may extract, from the request, connection information identifying a connection to be established for the client device to access the destination server; and map the connection information to contextual information associated with the client device or a user operating the client device, or both. Based on the contextual information, the computer system may apply one or more network policies to determine whether to allow or deny access by the client device to the destination server. In response to determination to allow the access, a first response may be generated and sent to allow establishment of the connection. Otherwise, a second response may be generated and sent to block establishment of the connection.

公开(公告)号：US20210021518A1

公开(公告)日：2021-01-21

申请号：US16574088

申请日：2019-09-18

Applicant: VMWARE, INC.

Inventor： Puran CHAND ,  Craig Farley NEWELL ,  Amit Kumar YADAV

IPC: H04L12/741 ,  H04L12/755 ,  H04L29/12 ,  H04L29/06 ,  H04L12/46

Abstract: Disclosed are various embodiments for providing split-tunneled network connectivity on a per-application basis. A request to make a connection, such as a transmission control protocol (TCP) or a universal datagram protocol (UDP) connection, to a remote host specified by an internet protocol (IP) address in the request is received from a network driver. A hostname lookup table is queried to determine a hostname associated with the IP address for the remote host. A policy is identified based on the hostname associated with the IP address for the remote host. Then, the connection is routed based on the policy.