Tunnel mechanis for providing selective external access to firewall protected devices
First Claim
1. A method for providing an external client with selective access to a computer device protected behind a firewall and a host, comprising:
- providing a tunnel mechanism between the host and the computer device, wherein the tunnel mechanism is in communication with the host and the computer device;
receiving with the tunnel mechanism an access request to the computer device from the external client;
verifying the external client currently has authorized access to the host; and
after successful completion of the verifying, routing the access request to the computer device with the tunnel mechanism.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for providing an external client access to a device that is protected by a firewall. The method includes providing a tunnel mechanism and then operating the tunnel mechanism to receive an access request to the device from the external client. The tunnel mechanism verifies the external client is currently authorized to access a host device. If authorized, the method continues with routing the access request to the device. The verifying step may include determining a level of authorization and then the routing step is performed based on the determined level of authorization. The routing step includes modifying the access request to include an address of an interface of the internal device. The method continues with receiving a response to the modified access request from the internal device and then modifying the response to remove any identification information for the internal device included in the response.
-
Citations
22 Claims
-
1. A method for providing an external client with selective access to a computer device protected behind a firewall and a host, comprising:
-
providing a tunnel mechanism between the host and the computer device, wherein the tunnel mechanism is in communication with the host and the computer device;
receiving with the tunnel mechanism an access request to the computer device from the external client;
verifying the external client currently has authorized access to the host; and
after successful completion of the verifying, routing the access request to the computer device with the tunnel mechanism. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for controlling access to a device on an internal network by a client device on an external data communications network, a firewall being installed between the internal network and the external data communications network, the method comprising:
-
receiving with a tunnel mechanism an access request from the external client device to the internal network device, the tunnel mechanism being communicatively linked to the firewall and an interface of the internal device;
modifying the access request to include an address of the interface of the internal device;
operating the tunnel mechanism to route the modified access request to the interface of the internal device;
receiving a response to the modified access request from the internal device at the tunnel mechanism, the response including identification information for the internal device; and
modifying the response with the tunnel mechanism to remove the identification information prior to transmittal of the modified response to the external client device. - View Dependent Claims (11, 12, 13, 14, 15, 17, 18, 20, 21, 22)
-
-
16. A network access system for controlling access to a computer device protected by a firewall, comprising:
-
a host server on an interior side of the firewall, the host server being linked to the firewall and configured for receiving a request from a client device located exterior to the firewall; and
a tunnel mechanism linked to the computer device adapted for;
modifying the request to include an address of an interface of the computer device;
routing the modified request to the computer device;
receiving a response from the computer device including identification information; and
modifying the response to remove the identification information.
-
-
19. A computer program for providing a device on an exterior side of a firewall selective access to a device on the interior side of the firewall, a host being positioned between the firewall and the interior device, comprising:
-
first computer code devices configured to cause a computer to receive a request from the exterior device to access the interior device;
second computer code devices configured to cause a computer to verify the that the exterior device is presently authorized to access the host; and
third computer code devices configured to cause a computer to route the request to an interface of the interior device based on the verified authorization.
-
Specification