Distributed VPN gateway for processing remote device management attribute based rules
First Claim
Patent Images
1. A non-transitory machine readable medium storing sets of instructions for processing remote-device data messages entering a network, the sets of instructions for:
- receiving, at a virtual private network (VPN) gateway executing on a computer, a data message sent by a remote device through a tunnel that connects the remote device to the network; and
intercepting the data message from an egress path of the VPN gateway as the VPN gateway forwards the data message to the message'"'"'s destination within the network; and
identifying a set of remote device management (RDM) attributes associated with the received data message by retrieving the RDM attribute set from a data storage on the computer that stores different RDM attribute sets for different data message flows; and
based on the RDM attribute set, performing a service operation on the data message;
the sets of instructions for execution by a set of processing units of the computer.
1 Assignment
0 Petitions
Accused Products
Abstract
Some embodiments provide novel methods for processing remote-device data messages in a network based on data-message attributes from a remote device management (RDM) system. For instance, the method of some embodiments identifies a set of RDM attributes associated with a data message, and then performs one or more service operations based on identified RDM attribute set.
50 Citations
20 Claims
-
1. A non-transitory machine readable medium storing sets of instructions for processing remote-device data messages entering a network, the sets of instructions for:
-
receiving, at a virtual private network (VPN) gateway executing on a computer, a data message sent by a remote device through a tunnel that connects the remote device to the network; and intercepting the data message from an egress path of the VPN gateway as the VPN gateway forwards the data message to the message'"'"'s destination within the network; and identifying a set of remote device management (RDM) attributes associated with the received data message by retrieving the RDM attribute set from a data storage on the computer that stores different RDM attribute sets for different data message flows; and based on the RDM attribute set, performing a service operation on the data message; the sets of instructions for execution by a set of processing units of the computer. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A non-transitory machine readable medium storing sets of instructions for processing remote-device data messages entering a network, the sets of instructions for:
-
receiving a data message sent by a remote device; identifying a set of remote device management (RDM) attributes associated with the received data message; and based on the RDM attribute set, performing a destination network address translation (DNAT) operation on the received data message by; (i) determining, based on the RDM attribute set, that the remote device is associated with a first location but is accessing the network at a second location; (ii) identifying an RDM based rule specifying that remote devices associated with the first location that access the network at the second location have to be directed to network elements in the second location that are segregated from other network elements in the second location for use by remote devices associated with the first location; and (iii) performing the DNAT operation to direct the data message to one of the segregated network elements; the sets of instructions for execution by a set of processing units of one computer.
-
-
15. A computer comprising:
-
a set of processing units for processing instructions; a memory for storing sets of instructions for processing remote-device data messages entering a network, the sets of instructions for; establishing, at a VPN gateway executing on the computer, a VPN tunnel with a remote device; receiving, at the VPN gateway, a data message sent by the remote device through the tunnel; intercepting the data message from an egress path of the VPN gateway as the VPN gateway forwards the data message to the message'"'"'s destination within the network; and identifying a set of remote device management (RDM) attributes associated with the data message received from the remote device by retrieving the RDM attribute set from a data storage on the computer that stores different RDM attribute sets for different data message flows; and based on the identified RDM attribute set, performing a service operation on the remote-device data message. - View Dependent Claims (16)
-
-
17. A method of processing remote-device data messages entering a network, the method comprising:
-
receiving, at a virtual private network (VPN) gateway executed by a set of processing units of a computer, a data message sent by the remote device through a tunnel that connects the remote device to the network; and intercepting the data message from an egress path of the VPN gateway as the VPN gateway forwards the data message to the message'"'"'s destination within the network; and identifying a set of remote device management (RDM) attributes associated with the received data message by retrieving the RDM attribute set from a data storage on the computer that stores different RDM attribute sets for different data message flows; and based on the RDM attribute set, performing a service operation on the data message wherein said receiving, identifying and performing are executed by the set of processing units of the computer. - View Dependent Claims (18, 19, 20)
-
Specification