WO2003030004A1 - Method and apparatus for implementing a layer 3/layer 7 firewall in an l2 device - Google Patents
Method and apparatus for implementing a layer 3/layer 7 firewall in an l2 device Download PDFInfo
- Publication number
- WO2003030004A1 WO2003030004A1 PCT/US2002/030835 US0230835W WO03030004A1 WO 2003030004 A1 WO2003030004 A1 WO 2003030004A1 US 0230835 W US0230835 W US 0230835W WO 03030004 A1 WO03030004 A1 WO 03030004A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- packet
- layer
- zone
- packets
- firewall
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/162—Implementing security features at a particular protocol layer at the data link layer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/102—Entity profiles
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Small-Scale Networks (AREA)
Abstract
Description
Claims
Priority Applications (7)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2003533141A JP4332033B2 (en) | 2001-09-28 | 2002-09-26 | Layer 3 / layer 7 firewall implementation method and apparatus in L2 device |
CA002461866A CA2461866A1 (en) | 2001-09-28 | 2002-09-26 | Method and apparatus for implementing a layer 3/layer 7 firewall in an l2 device |
AU2002327757A AU2002327757B2 (en) | 2001-09-28 | 2002-09-26 | Method and apparatus for implementing a layer 3/layer 7 firewall in an L2 device |
EP02763764.4A EP1438670B1 (en) | 2001-09-28 | 2002-09-26 | Method and apparatus for implementing a layer 3/layer 7 firewall in an l2 device |
IL16111202A IL161112A0 (en) | 2001-09-28 | 2002-09-26 | Method and apparatus for implementing a layer 3/layer 7 firewall in an l2 device |
EP13155632.6A EP2595357B1 (en) | 2001-09-28 | 2002-09-26 | Method performed in a network device and system for packet handling |
IL161112A IL161112A (en) | 2001-09-28 | 2004-03-25 | Method and apparatus for implementing a layer 3/layer 7 firewall in an l2 device |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US09/967,878 | 2001-09-28 | ||
US09/967,878 US7302700B2 (en) | 2001-09-28 | 2001-09-28 | Method and apparatus for implementing a layer 3/layer 7 firewall in an L2 device |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2003030004A1 true WO2003030004A1 (en) | 2003-04-10 |
Family
ID=25513451
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2002/030835 WO2003030004A1 (en) | 2001-09-28 | 2002-09-26 | Method and apparatus for implementing a layer 3/layer 7 firewall in an l2 device |
Country Status (8)
Country | Link |
---|---|
US (5) | US7302700B2 (en) |
EP (2) | EP2595357B1 (en) |
JP (1) | JP4332033B2 (en) |
CN (1) | CN100437543C (en) |
AU (1) | AU2002327757B2 (en) |
CA (1) | CA2461866A1 (en) |
IL (2) | IL161112A0 (en) |
WO (1) | WO2003030004A1 (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7869597B2 (en) | 2005-11-21 | 2011-01-11 | International Business Machines Corporation | Method and system for secure packet communication |
CN102035821A (en) * | 2009-09-29 | 2011-04-27 | 凹凸电子(武汉)有限公司 | Firewall / virtual private network integrated system and circuit |
Families Citing this family (107)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB2362482A (en) * | 2000-05-15 | 2001-11-21 | Ridgeway Systems & Software Lt | Direct slave addressing to indirect slave addressing |
GB2365256A (en) | 2000-07-28 | 2002-02-13 | Ridgeway Systems & Software Lt | Audio-video telephony with port address translation |
GB2369746A (en) * | 2000-11-30 | 2002-06-05 | Ridgeway Systems & Software Lt | Communications system with network address translation |
EP1374056B1 (en) * | 2001-03-01 | 2006-06-21 | Storeage Networking Technologies | Storage area network (san) security |
US7302700B2 (en) | 2001-09-28 | 2007-11-27 | Juniper Networks, Inc. | Method and apparatus for implementing a layer 3/layer 7 firewall in an L2 device |
US7571239B2 (en) * | 2002-01-08 | 2009-08-04 | Avaya Inc. | Credential management and network querying |
US20030163692A1 (en) * | 2002-01-31 | 2003-08-28 | Brocade Communications Systems, Inc. | Network security and applications to the fabric |
US8201252B2 (en) * | 2002-09-03 | 2012-06-12 | Alcatel Lucent | Methods and devices for providing distributed, adaptive IP filtering against distributed denial of service attacks |
US8185652B2 (en) * | 2002-11-15 | 2012-05-22 | Lantiq Deutschland Gmbh | Data switch and method of operating the data switch |
US7386889B2 (en) * | 2002-11-18 | 2008-06-10 | Trusted Network Technologies, Inc. | System and method for intrusion prevention in a communications network |
US7660980B2 (en) * | 2002-11-18 | 2010-02-09 | Liquidware Labs, Inc. | Establishing secure TCP/IP communications using embedded IDs |
US7591001B2 (en) * | 2004-05-14 | 2009-09-15 | Liquidware Labs, Inc. | System, apparatuses, methods and computer-readable media for determining the security status of a computer before establishing a network connection |
US7549159B2 (en) * | 2004-05-10 | 2009-06-16 | Liquidware Labs, Inc. | System, apparatuses, methods and computer-readable media for determining the security status of a computer before establishing connection thereto |
US20060098649A1 (en) * | 2004-11-10 | 2006-05-11 | Trusted Network Technologies, Inc. | System, apparatuses, methods, and computer-readable media for determining security realm identity before permitting network connection |
US20040123130A1 (en) * | 2002-12-20 | 2004-06-24 | Inrange Technologies Corporation | Method and apparatus for distributing and activating security parameters |
MY141160A (en) * | 2003-01-13 | 2010-03-31 | Multimedia Glory Sdn Bhd | System and method of preventing the transmission of known and unknown electronic content to and from servers or workstations connected to a common network |
US7697568B1 (en) * | 2003-03-03 | 2010-04-13 | Cisco Technology, Inc. | Method and system for automatic modem bandwidth detection in a router |
WO2004090675A2 (en) * | 2003-04-03 | 2004-10-21 | Commvault Systems, Inc. | System and method for performing storage operations through a firewall |
US20040210754A1 (en) * | 2003-04-16 | 2004-10-21 | Barron Dwight L. | Shared security transform device, system and methods |
US7562390B1 (en) * | 2003-05-21 | 2009-07-14 | Foundry Networks, Inc. | System and method for ARP anti-spoofing security |
US7516487B1 (en) | 2003-05-21 | 2009-04-07 | Foundry Networks, Inc. | System and method for source IP anti-spoofing security |
WO2004107130A2 (en) | 2003-05-28 | 2004-12-09 | Caymas Systems, Inc. | Multilayer access control security system |
US20040255154A1 (en) * | 2003-06-11 | 2004-12-16 | Foundry Networks, Inc. | Multiple tiered network security system, method and apparatus |
KR100503422B1 (en) * | 2003-06-13 | 2005-07-22 | 한국전자통신연구원 | Ethernet switch, apparatus for expanding the port and method therefor |
US7426577B2 (en) * | 2003-06-19 | 2008-09-16 | Avaya Technology Corp. | Detection of load balanced links in internet protocol netwoks |
US7876772B2 (en) * | 2003-08-01 | 2011-01-25 | Foundry Networks, Llc | System, method and apparatus for providing multiple access modes in a data communications network |
US7735114B2 (en) * | 2003-09-04 | 2010-06-08 | Foundry Networks, Inc. | Multiple tiered network security system, method and apparatus using dynamic user policy assignment |
US7774833B1 (en) | 2003-09-23 | 2010-08-10 | Foundry Networks, Inc. | System and method for protecting CPU against remote access attacks |
US7606916B1 (en) * | 2003-11-10 | 2009-10-20 | Cisco Technology, Inc. | Method and apparatus for load balancing within a computer system |
US7844731B1 (en) * | 2003-11-14 | 2010-11-30 | Symantec Corporation | Systems and methods for address spacing in a firewall cluster |
US8146148B2 (en) * | 2003-11-19 | 2012-03-27 | Cisco Technology, Inc. | Tunneled security groups |
US8528071B1 (en) | 2003-12-05 | 2013-09-03 | Foundry Networks, Llc | System and method for flexible authentication in a data communications network |
ATE413761T1 (en) * | 2004-03-02 | 2008-11-15 | Alcatel Lucent | A METHOD FOR GRANTING ACCESS TO A COMMUNICATIONS NETWORK AND CORRESPONDING DEVICE |
CN1298141C (en) * | 2004-05-20 | 2007-01-31 | 中国科学院软件研究所 | Safety platform for network data exchange |
US7636841B2 (en) | 2004-07-26 | 2009-12-22 | Intercall, Inc. | Systems and methods for secure data exchange in a distributed collaborative application |
US7624435B1 (en) * | 2004-07-26 | 2009-11-24 | Trend Micro Incorporated | Method and apparatus for managing digital assets |
GB2418110B (en) * | 2004-09-14 | 2006-09-06 | 3Com Corp | Method and apparatus for controlling traffic between different entities on a network |
US8261337B1 (en) | 2004-11-17 | 2012-09-04 | Juniper Networks, Inc. | Firewall security between network devices |
US8631450B1 (en) * | 2004-12-02 | 2014-01-14 | Entropic Communications, Inc. | Broadband local area network |
WO2006098024A1 (en) * | 2005-03-16 | 2006-09-21 | Fujitsu Limited | Multicast tree monitoring method and system in ip network |
US7881325B2 (en) * | 2005-04-27 | 2011-02-01 | Cisco Technology, Inc. | Load balancing technique implemented in a storage area network |
US7647434B2 (en) | 2005-05-19 | 2010-01-12 | Cisco Technology, Inc. | Technique for in order delivery of traffic across a storage area network |
KR100719118B1 (en) * | 2005-10-27 | 2007-05-17 | 삼성전자주식회사 | Method and system for limitting a function of device in specific perimeters |
WO2007055684A2 (en) * | 2005-11-09 | 2007-05-18 | Trusted Network Technologies, Inc. | Determining security realm identity before permitting network connection |
US7649875B2 (en) * | 2005-12-23 | 2010-01-19 | Beecher Phillip E | Networking layer extension |
US20070214502A1 (en) * | 2006-03-08 | 2007-09-13 | Mcalister Donald K | Technique for processing data packets in a communication network |
JP4823728B2 (en) * | 2006-03-20 | 2011-11-24 | 富士通株式会社 | Frame relay device and frame inspection device |
US9001645B2 (en) * | 2006-05-17 | 2015-04-07 | Rajant Corporation | System and method for packet delivery backtracking |
JP4813970B2 (en) * | 2006-05-29 | 2011-11-09 | 日本電信電話株式会社 | Bridge device |
US7522595B2 (en) * | 2006-06-16 | 2009-04-21 | Cisco Technology, Inc. | Communicating packets between forwarding contexts using virtual interfaces |
US8009566B2 (en) | 2006-06-26 | 2011-08-30 | Palo Alto Networks, Inc. | Packet classification in a network security device |
US8281360B2 (en) * | 2006-11-21 | 2012-10-02 | Steven Adams Flewallen | Control of communication ports of computing devices using policy-based decisions |
US8594085B2 (en) * | 2007-04-11 | 2013-11-26 | Palo Alto Networks, Inc. | L2/L3 multi-mode switch including policy processing |
US8341277B2 (en) * | 2007-07-03 | 2012-12-25 | International Business Machines Corporation | System and method for connecting closed, secure production network |
US8040888B1 (en) * | 2007-12-17 | 2011-10-18 | Integrated Device Technology, Inc. | Packet switch with port route tables |
US8640143B2 (en) * | 2008-02-12 | 2014-01-28 | International Business Machines Corporation | Method and system for providing preemptive response routing |
US8307422B2 (en) * | 2008-08-14 | 2012-11-06 | Juniper Networks, Inc. | Routing device having integrated MPLS-aware firewall |
US8316435B1 (en) * | 2008-08-14 | 2012-11-20 | Juniper Networks, Inc. | Routing device having integrated MPLS-aware firewall with virtual security system support |
US8713627B2 (en) * | 2008-08-14 | 2014-04-29 | Juniper Networks, Inc. | Scalable security services for multicast in a router having integrated zone-based firewall |
US8175101B2 (en) * | 2008-08-15 | 2012-05-08 | Raytheon Company | Multicasting in a network using neighbor information |
US8873556B1 (en) | 2008-12-24 | 2014-10-28 | Palo Alto Networks, Inc. | Application based packet forwarding |
US20100265955A1 (en) * | 2009-04-17 | 2010-10-21 | Park Sung I | Cross layer routing (xrp) protocol |
US8127365B1 (en) | 2009-11-16 | 2012-02-28 | Trend Micro Incorporated | Origination-based content protection for computer systems |
US8424091B1 (en) | 2010-01-12 | 2013-04-16 | Trend Micro Incorporated | Automatic local detection of computer security threats |
JP5382451B2 (en) | 2010-01-29 | 2014-01-08 | 日本電気株式会社 | Front-end system, front-end processing method |
JP5454399B2 (en) * | 2010-07-15 | 2014-03-26 | パナソニック株式会社 | Large scale NAT detection device, application switching device, large scale NAT detection method and application switching method |
US8687649B2 (en) * | 2011-03-08 | 2014-04-01 | International Business Machines Corporation | Message forwarding toward a source end node in a converged network environment |
US8695096B1 (en) | 2011-05-24 | 2014-04-08 | Palo Alto Networks, Inc. | Automatic signature generation for malicious PDF files |
US9047441B2 (en) | 2011-05-24 | 2015-06-02 | Palo Alto Networks, Inc. | Malware analysis system |
US8516241B2 (en) | 2011-07-12 | 2013-08-20 | Cisco Technology, Inc. | Zone-based firewall policy model for a virtualized data center |
US8640251B1 (en) | 2011-12-14 | 2014-01-28 | Trend Micro Incorporated | Methods and systems for classifying computer documents into confidential levels using log information |
US8826452B1 (en) | 2012-01-18 | 2014-09-02 | Trend Micro Incorporated | Protecting computers against data loss involving screen captures |
US9419941B2 (en) * | 2012-03-22 | 2016-08-16 | Varmour Networks, Inc. | Distributed computer network zone based security architecture |
WO2013189059A1 (en) * | 2012-06-21 | 2013-12-27 | 华为技术有限公司 | Packet processing method, apparatus, host and network system |
JP5445626B2 (en) * | 2012-06-25 | 2014-03-19 | 横河電機株式会社 | Network management system |
US9100366B2 (en) * | 2012-09-13 | 2015-08-04 | Cisco Technology, Inc. | Early policy evaluation of multiphase attributes in high-performance firewalls |
US10789294B2 (en) * | 2013-03-02 | 2020-09-29 | Leon Guzenda | Method and system for performing searches of graphs as represented within an information technology system |
US11301514B2 (en) | 2013-03-02 | 2022-04-12 | Leon Guzenda | System and method to identify islands of nodes within a graph database |
US9083732B2 (en) | 2013-04-12 | 2015-07-14 | Lenovo Enterprise Solutions (Singapore) Pte. Ltd. | Establishing communication between entities in a shared network |
US9917849B2 (en) * | 2013-05-01 | 2018-03-13 | Fortinet, Inc. | Security system for physical or virtual environments |
CN105745886B (en) * | 2013-09-23 | 2019-06-04 | 迈克菲有限公司 | Fast path is provided between the two entities |
US9973472B2 (en) | 2015-04-02 | 2018-05-15 | Varmour Networks, Inc. | Methods and systems for orchestrating physical and virtual switches to enforce security boundaries |
US9560081B1 (en) | 2016-06-24 | 2017-01-31 | Varmour Networks, Inc. | Data network microsegmentation |
US20170006082A1 (en) * | 2014-06-03 | 2017-01-05 | Nimit Shishodia | Software Defined Networking (SDN) Orchestration by Abstraction |
DE102015002574B4 (en) * | 2015-02-27 | 2018-06-21 | Audi Ag | Motor vehicle communication network with switch device |
US10178070B2 (en) | 2015-03-13 | 2019-01-08 | Varmour Networks, Inc. | Methods and systems for providing security to distributed microservices |
US9609026B2 (en) | 2015-03-13 | 2017-03-28 | Varmour Networks, Inc. | Segmented networks that implement scanning |
US9467476B1 (en) | 2015-03-13 | 2016-10-11 | Varmour Networks, Inc. | Context aware microsegmentation |
US9438634B1 (en) | 2015-03-13 | 2016-09-06 | Varmour Networks, Inc. | Microsegmented networks that implement vulnerability scanning |
US9756015B2 (en) * | 2015-03-27 | 2017-09-05 | International Business Machines Corporation | Creating network isolation between virtual machines |
US9525697B2 (en) | 2015-04-02 | 2016-12-20 | Varmour Networks, Inc. | Delivering security functions to distributed networks |
US10171507B2 (en) * | 2016-05-19 | 2019-01-01 | Cisco Technology, Inc. | Microsegmentation in heterogeneous software defined networking environments |
US9892622B2 (en) * | 2016-05-27 | 2018-02-13 | At&T Intellectual Property I, L.P. | Emergency event virtual network function deployment and configuration |
US9787639B1 (en) | 2016-06-24 | 2017-10-10 | Varmour Networks, Inc. | Granular segmentation using events |
US10972437B2 (en) * | 2016-08-08 | 2021-04-06 | Talari Networks Incorporated | Applications and integrated firewall design in an adaptive private network (APN) |
US10298491B2 (en) * | 2016-08-25 | 2019-05-21 | Cisco Technology, Inc. | Efficient path detection and validation between endpoints in large datacenters |
US10645123B1 (en) * | 2016-12-28 | 2020-05-05 | Juniper Networks, Inc. | Network traffic switching for virtual machines |
US10791091B1 (en) * | 2018-02-13 | 2020-09-29 | Architecture Technology Corporation | High assurance unified network switch |
DE102018216959B4 (en) * | 2018-10-02 | 2020-11-12 | Continental Automotive Gmbh | Method for securing a data packet by an exchange in a network, exchange and motor vehicle |
US11201854B2 (en) * | 2018-11-30 | 2021-12-14 | Cisco Technology, Inc. | Dynamic intent-based firewall |
DE102019210224A1 (en) * | 2019-07-10 | 2021-01-14 | Robert Bosch Gmbh | Device and method for attack detection in a computer network |
US11336694B2 (en) * | 2019-08-05 | 2022-05-17 | Cisco Technology, Inc. | Scalable security policy architecture with segregated forwarding and security plane and hierarchical classes |
CN110830301B (en) * | 2019-11-11 | 2022-04-22 | 国网江苏省电力有限公司检修分公司 | Power secondary system station control layer topology scanning method and device based on safety encryption |
US11343234B2 (en) * | 2019-12-10 | 2022-05-24 | Cisco Technology, Inc. | Multi-domain extension to cloud security |
US11777993B2 (en) | 2021-01-30 | 2023-10-03 | Netskope, Inc. | Unified system for detecting policy enforcement issues in a cloud-based environment |
US11848949B2 (en) * | 2021-01-30 | 2023-12-19 | Netskope, Inc. | Dynamic distribution of unified policies in a cloud-based policy enforcement system |
US11831605B2 (en) * | 2021-03-29 | 2023-11-28 | Nokia Solutions And Networks Oy | Router firewall |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5968176A (en) | 1997-05-29 | 1999-10-19 | 3Com Corporation | Multilayer firewall system |
US6115472A (en) * | 1996-09-11 | 2000-09-05 | Nippon Telegraph And Telephone Corporation | Contents transmission control method with user authentication functions and recording medium with the method recorded thereon |
US6131120A (en) * | 1997-10-24 | 2000-10-10 | Directory Logic, Inc. | Enterprise network management directory containing network addresses of users and devices providing access lists to routers and servers |
US6233688B1 (en) * | 1998-06-30 | 2001-05-15 | Sun Microsystems, Inc. | Remote access firewall traversal URL |
EP1164755A2 (en) | 2000-06-15 | 2001-12-19 | Avaya Technology Corp. | Policy enforcement switching |
Family Cites Families (61)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH06311161A (en) | 1993-04-23 | 1994-11-04 | Matsushita Electric Works Ltd | Hub device for lan |
US5485455A (en) * | 1994-01-28 | 1996-01-16 | Cabletron Systems, Inc. | Network having secure fast packet switching and guaranteed quality of service |
US5544322A (en) * | 1994-05-09 | 1996-08-06 | International Business Machines Corporation | System and method for policy-based inter-realm authentication within a distributed processing system |
US5617421A (en) | 1994-06-17 | 1997-04-01 | Cisco Systems, Inc. | Extended domain computer network using standard links |
US5608726A (en) * | 1995-04-25 | 1997-03-04 | Cabletron Systems, Inc. | Network bridge with multicast forwarding table |
US5889953A (en) * | 1995-05-25 | 1999-03-30 | Cabletron Systems, Inc. | Policy management and conflict resolution in computer networks |
US5684800A (en) * | 1995-11-15 | 1997-11-04 | Cabletron Systems, Inc. | Method for establishing restricted broadcast groups in a switched network |
US5781550A (en) | 1996-02-02 | 1998-07-14 | Digital Equipment Corporation | Transparent and secure network gateway |
US5918018A (en) * | 1996-02-09 | 1999-06-29 | Secure Computing Corporation | System and method for achieving network separation |
US5768501A (en) * | 1996-05-28 | 1998-06-16 | Cabletron Systems | Method and apparatus for inter-domain alarm correlation |
US5842040A (en) | 1996-06-18 | 1998-11-24 | Storage Technology Corporation | Policy caching method and apparatus for use in a communication device based on contents of one data unit in a subset of related data units |
US6101170A (en) * | 1996-09-27 | 2000-08-08 | Cabletron Systems, Inc. | Secure fast packet switch having improved memory utilization |
US5708654A (en) * | 1996-11-27 | 1998-01-13 | Arndt; Manfred R. | Method for detecting proxy ARP replies from devices in a local area network |
US5905859A (en) * | 1997-01-09 | 1999-05-18 | International Business Machines Corporation | Managed network device security method and apparatus |
US6591303B1 (en) | 1997-03-07 | 2003-07-08 | Sun Microsystems, Inc. | Method and apparatus for parallel trunking of interfaces to increase transfer bandwidth |
US6301257B1 (en) * | 1997-03-19 | 2001-10-09 | Nortel Networks Limited | Method and apparatus for transmitting data frames between switches in a meshed data network |
US6212558B1 (en) * | 1997-04-25 | 2001-04-03 | Anand K. Antur | Method and apparatus for configuring and managing firewalls and security devices |
US6088356A (en) | 1997-06-30 | 2000-07-11 | Sun Microsystems, Inc. | System and method for a multi-layer network element |
US5909686A (en) | 1997-06-30 | 1999-06-01 | Sun Microsystems, Inc. | Hardware-assisted central processing unit access to a forwarding database |
US6049528A (en) | 1997-06-30 | 2000-04-11 | Sun Microsystems, Inc. | Trunking ethernet-compatible networks |
US6775692B1 (en) | 1997-07-31 | 2004-08-10 | Cisco Technology, Inc. | Proxying and unproxying a connection using a forwarding agent |
US6104700A (en) * | 1997-08-29 | 2000-08-15 | Extreme Networks | Policy based quality of service |
US6041058A (en) * | 1997-09-11 | 2000-03-21 | 3Com Corporation | Hardware filtering method and apparatus |
US6098172A (en) | 1997-09-12 | 2000-08-01 | Lucent Technologies Inc. | Methods and apparatus for a computer network firewall with proxy reflection |
US6154775A (en) | 1997-09-12 | 2000-11-28 | Lucent Technologies Inc. | Methods and apparatus for a computer network firewall with dynamic rule processing with the ability to dynamically alter the operations of rules |
US6141749A (en) | 1997-09-12 | 2000-10-31 | Lucent Technologies Inc. | Methods and apparatus for a computer network firewall with stateful packet filtering |
US6170012B1 (en) | 1997-09-12 | 2001-01-02 | Lucent Technologies Inc. | Methods and apparatus for a computer network firewall with cache query processing |
US7143438B1 (en) | 1997-09-12 | 2006-11-28 | Lucent Technologies Inc. | Methods and apparatus for a computer network firewall with multiple domain support |
US6172981B1 (en) * | 1997-10-30 | 2001-01-09 | International Business Machines Corporation | Method and system for distributing network routing functions to local area network stations |
US6182226B1 (en) * | 1998-03-18 | 2001-01-30 | Secure Computing Corporation | System and method for controlling interactions between networks |
US6141755A (en) * | 1998-04-13 | 2000-10-31 | The United States Of America As Represented By The Director Of The National Security Agency | Firewall security apparatus for high-speed circuit switched networks |
US6456597B1 (en) * | 1998-05-04 | 2002-09-24 | Hewlett Packard Co. | Discovery of unknown MAC addresses using load balancing switch protocols |
JP4080599B2 (en) * | 1998-06-17 | 2008-04-23 | 富士通株式会社 | Communication control apparatus and communication control method applied to multicast-compatible LAN |
US6430188B1 (en) * | 1998-07-08 | 2002-08-06 | Broadcom Corporation | Unified table for L2, L3, L4, switching and filtering |
US6304973B1 (en) * | 1998-08-06 | 2001-10-16 | Cryptek Secure Communications, Llc | Multi-level security network system |
US6438133B1 (en) * | 1998-09-09 | 2002-08-20 | Cisco Technology, Inc. | Load balancing mechanism for a translational bridge environment |
US6556541B1 (en) * | 1999-01-11 | 2003-04-29 | Hewlett-Packard Development Company, L.P. | MAC address learning and propagation in load balancing switch protocols |
IL128814A (en) * | 1999-03-03 | 2004-09-27 | Packet Technologies Ltd | Local network security |
US6993027B1 (en) | 1999-03-17 | 2006-01-31 | Broadcom Corporation | Method for sending a switch indicator to avoid out-of-ordering of frames in a network switch |
US7643481B2 (en) | 1999-03-17 | 2010-01-05 | Broadcom Corporation | Network switch having a programmable counter |
US6704278B1 (en) | 1999-07-02 | 2004-03-09 | Cisco Technology, Inc. | Stateful failover of service managers |
US6606315B1 (en) | 1999-07-02 | 2003-08-12 | Cisco Technology, Inc. | Synchronizing service instructions among forwarding agents using a service manager |
US6735169B1 (en) | 1999-07-02 | 2004-05-11 | Cisco Technology, Inc. | Cascading multiple services on a forwarding agent |
US6742045B1 (en) | 1999-07-02 | 2004-05-25 | Cisco Technology, Inc. | Handling packet fragments in a distributed network service environment |
US7051066B1 (en) | 1999-07-02 | 2006-05-23 | Cisco Technology, Inc. | Integrating service managers into a routing infrastructure using forwarding agents |
US6970913B1 (en) | 1999-07-02 | 2005-11-29 | Cisco Technology, Inc. | Load balancing using distributed forwarding agents with application based feedback for different virtual machines |
US6633560B1 (en) | 1999-07-02 | 2003-10-14 | Cisco Technology, Inc. | Distribution of network services among multiple service managers without client involvement |
US6650641B1 (en) | 1999-07-02 | 2003-11-18 | Cisco Technology, Inc. | Network address translation using a forwarding agent |
US6549516B1 (en) | 1999-07-02 | 2003-04-15 | Cisco Technology, Inc. | Sending instructions from a service manager to forwarding agents on a need to know basis |
US6684253B1 (en) * | 1999-11-18 | 2004-01-27 | Wachovia Bank, N.A., As Administrative Agent | Secure segregation of data of two or more domains or trust realms transmitted through a common data channel |
US6754716B1 (en) * | 2000-02-11 | 2004-06-22 | Ensim Corporation | Restricting communication between network devices on a common network |
US7263719B2 (en) * | 2000-05-15 | 2007-08-28 | Hewlett-Packard Development Company, L.P. | System and method for implementing network security policies on a common network infrastructure |
US20020053020A1 (en) * | 2000-06-30 | 2002-05-02 | Raytheon Company | Secure compartmented mode knowledge management portal |
US7047561B1 (en) * | 2000-09-28 | 2006-05-16 | Nortel Networks Limited | Firewall for real-time internet applications |
JP3474548B2 (en) * | 2001-04-09 | 2003-12-08 | アライドテレシス株式会社 | Collective building |
US7239636B2 (en) | 2001-07-23 | 2007-07-03 | Broadcom Corporation | Multiple virtual channels for use in network devices |
US7245632B2 (en) | 2001-08-10 | 2007-07-17 | Sun Microsystems, Inc. | External storage for modular computer systems |
US7302700B2 (en) | 2001-09-28 | 2007-11-27 | Juniper Networks, Inc. | Method and apparatus for implementing a layer 3/layer 7 firewall in an L2 device |
JP2005215935A (en) * | 2004-01-29 | 2005-08-11 | Vodafone Kk | Firewall |
US7895431B2 (en) | 2004-09-10 | 2011-02-22 | Cavium Networks, Inc. | Packet queuing, scheduling and ordering |
US7535907B2 (en) | 2005-04-08 | 2009-05-19 | Oavium Networks, Inc. | TCP engine |
-
2001
- 2001-09-28 US US09/967,878 patent/US7302700B2/en active Active
-
2002
- 2002-09-26 EP EP13155632.6A patent/EP2595357B1/en not_active Expired - Lifetime
- 2002-09-26 IL IL16111202A patent/IL161112A0/en unknown
- 2002-09-26 WO PCT/US2002/030835 patent/WO2003030004A1/en active Application Filing
- 2002-09-26 CN CNB028213874A patent/CN100437543C/en not_active Expired - Lifetime
- 2002-09-26 AU AU2002327757A patent/AU2002327757B2/en not_active Ceased
- 2002-09-26 CA CA002461866A patent/CA2461866A1/en not_active Abandoned
- 2002-09-26 JP JP2003533141A patent/JP4332033B2/en not_active Expired - Lifetime
- 2002-09-26 EP EP02763764.4A patent/EP1438670B1/en not_active Expired - Lifetime
-
2004
- 2004-03-25 IL IL161112A patent/IL161112A/en active IP Right Grant
-
2007
- 2007-10-09 US US11/869,287 patent/US7779459B2/en not_active Expired - Lifetime
-
2010
- 2010-07-08 US US12/832,347 patent/US8291114B2/en not_active Expired - Lifetime
-
2012
- 2012-09-14 US US13/615,780 patent/US8689316B2/en not_active Expired - Fee Related
-
2014
- 2014-03-31 US US14/230,210 patent/US9407605B2/en not_active Expired - Lifetime
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6115472A (en) * | 1996-09-11 | 2000-09-05 | Nippon Telegraph And Telephone Corporation | Contents transmission control method with user authentication functions and recording medium with the method recorded thereon |
US5968176A (en) | 1997-05-29 | 1999-10-19 | 3Com Corporation | Multilayer firewall system |
US6131120A (en) * | 1997-10-24 | 2000-10-10 | Directory Logic, Inc. | Enterprise network management directory containing network addresses of users and devices providing access lists to routers and servers |
US6233688B1 (en) * | 1998-06-30 | 2001-05-15 | Sun Microsystems, Inc. | Remote access firewall traversal URL |
EP1164755A2 (en) | 2000-06-15 | 2001-12-19 | Avaya Technology Corp. | Policy enforcement switching |
Non-Patent Citations (1)
Title |
---|
See also references of EP1438670A4 |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7869597B2 (en) | 2005-11-21 | 2011-01-11 | International Business Machines Corporation | Method and system for secure packet communication |
US8300822B2 (en) | 2005-11-21 | 2012-10-30 | International Business Machines Corporation | System for secure packet communication |
CN102035821A (en) * | 2009-09-29 | 2011-04-27 | 凹凸电子(武汉)有限公司 | Firewall / virtual private network integrated system and circuit |
Also Published As
Publication number | Publication date |
---|---|
US20030065944A1 (en) | 2003-04-03 |
IL161112A0 (en) | 2004-08-31 |
AU2002327757B2 (en) | 2008-11-06 |
EP1438670A4 (en) | 2010-12-15 |
JP4332033B2 (en) | 2009-09-16 |
US20100281533A1 (en) | 2010-11-04 |
EP1438670A1 (en) | 2004-07-21 |
CN1575462A (en) | 2005-02-02 |
EP2595357A3 (en) | 2014-08-20 |
EP2595357B1 (en) | 2018-08-29 |
IL161112A (en) | 2010-06-16 |
CA2461866A1 (en) | 2003-04-10 |
US9407605B2 (en) | 2016-08-02 |
US8689316B2 (en) | 2014-04-01 |
CN100437543C (en) | 2008-11-26 |
US7302700B2 (en) | 2007-11-27 |
US20130007839A1 (en) | 2013-01-03 |
EP1438670B1 (en) | 2017-06-14 |
US8291114B2 (en) | 2012-10-16 |
US7779459B2 (en) | 2010-08-17 |
JP2005505175A (en) | 2005-02-17 |
US20140215600A1 (en) | 2014-07-31 |
EP2595357A2 (en) | 2013-05-22 |
US20080034414A1 (en) | 2008-02-07 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7302700B2 (en) | Method and apparatus for implementing a layer 3/layer 7 firewall in an L2 device | |
AU2002327757A1 (en) | Method and apparatus for implementing a layer 3/layer 7 firewall in an L2 device | |
EP1593251B1 (en) | Method and apparatus for enforcing security groups for vlans | |
US7496955B2 (en) | Dual mode firewall | |
US7296291B2 (en) | Controlled information flow between communities via a firewall | |
EP1817893B1 (en) | Method and apparatus for ingress filtering using security group information | |
US20100100616A1 (en) | Method and apparatus for controlling traffic between different entities on a network | |
US20050190758A1 (en) | Security groups for VLANs | |
US20040030765A1 (en) | Local network natification | |
Rietz et al. | An SDN-based approach to ward off LAN attacks | |
JP2001249866A (en) | Network with distributed fire wall function, fire wall server with fire wall distribution function and edge node with fire wall function | |
US7447782B2 (en) | Community access control in a multi-community node | |
US6915351B2 (en) | Community separation control in a closed multi-community node | |
Cisco | Introduction to Cisco MPLS VPN Technology | |
KR20030018018A (en) | Packet Control System and Method | |
Miroshnichenko | Design and configuration of a company network: Case study AstraZeneca Russia | |
Ee et al. | Simplifying Access Control in Enterprise Networks |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BY BZ CA CH CN CO CR CU CZ DE DM DZ EE ES FI GB GD GE GH GM HU ID IL IN IS JP KE KG KP KR KZ LK LR LS LT LU LV MA MD MG MK MW MX MZ NO NZ PL PT RO RU SD SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): GH GM KE LS MW MZ SD SL SZ UG ZM ZW AM AZ BY KG KZ RU TJ TM AT BE BG CH CY CZ DK EE ES FI FR GB GR IE IT LU MC PT SE SK TR BF BJ CF CG CI GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWE | Wipo information: entry into national phase |
Ref document number: 161112 Country of ref document: IL Ref document number: 2461866 Country of ref document: CA |
|
WWE | Wipo information: entry into national phase |
Ref document number: 632/CHENP/2004 Country of ref document: IN |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2003533141 Country of ref document: JP |
|
REEP | Request for entry into the european phase |
Ref document number: 2002763764 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2002763764 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2002327757 Country of ref document: AU Ref document number: 20028213874 Country of ref document: CN |
|
WWP | Wipo information: published in national office |
Ref document number: 2002763764 Country of ref document: EP |