Method and system for transmitting information across a firewall
First Claim
1. A method (300,400) of transmitting information across a firewall among a plurality of computers, at least one first of the computers being at a first side of the firewall and at least one second of the computers being at a second side of the firewall, wherein at least one first proxy and at least one second proxy are associated with the at least one first computer at the first side of the firewall and with the at least one second computer at the second side of the firewall, respectively, and wherein a pass through communication tunnel directly connects each first and second proxy, the tunnel being secured by mutual authentication of the corresponding first and second proxies, the method including the steps of:
- causing (416;
456) a transmitting one of the computers to send a firewall-incompatible message for a receiving one of the computers at the other side of the firewall to a transmitting one of the associated at least one proxy, sending (330;
470) the message from the transmitting proxy to a receiving one of the at least one proxy at the other side of the firewall through the corresponding tunnel, associating (335;
422) the message with the receiving computer, and forwarding (340;
444) the message from the receiving proxy to the receiving computer.
2 Assignments
0 Petitions
Accused Products
Abstract
A method (300;400) and system (100) for transmitting information across a firewall (130b) between multiple endpoints (120) and gateways (135), in a resource management environment (such as the TME) having characteristics that are firewall-incompatible. A gateway proxy (125g) and an endpoint proxy (125e) are associated with the endpoints and the gateways, respectively. The two proxies are connected to each other by means of a pass through communication tunnel crossing the firewall, which tunnel is secured by mutual authentication of the gateway proxy and the endpoint proxy at its ends. Each endpoint and each gateway is tricked into communication only with the respective proxy. Particularly, a listening port is allocated on the endpoint proxy on behalf of each endpoint, so that the corresponding gateway will open a connection back to the endpoint proxy on the listening port for transmitting any packet to the endpoint. A table (230) stored on the endpoint proxy associates each listening port with the corresponding endpoint for managing the routing of the packets.
72 Citations
15 Claims
-
1. A method (300,400) of transmitting information across a firewall among a plurality of computers, at least one first of the computers being at a first side of the firewall and at least one second of the computers being at a second side of the firewall, wherein at least one first proxy and at least one second proxy are associated with the at least one first computer at the first side of the firewall and with the at least one second computer at the second side of the firewall, respectively, and wherein a pass through communication tunnel directly connects each first and second proxy, the tunnel being secured by mutual authentication of the corresponding first and second proxies, the method including the steps of:
-
causing (416;
456) a transmitting one of the computers to send a firewall-incompatible message for a receiving one of the computers at the other side of the firewall to a transmitting one of the associated at least one proxy,sending (330;
470) the message from the transmitting proxy to a receiving one of the at least one proxy at the other side of the firewall through the corresponding tunnel,associating (335;
422) the message with the receiving computer, andforwarding (340;
444) the message from the receiving proxy to the receiving computer. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A system (100) for transmitting information across a firewall (130b) among a plurality of computers (120,135), at least one first (120) of the computers being at a first side of the firewall and at least one second (135) of the computers being at a second side of the firewall, the system including at least one first proxy (125g) and at least one second proxy (125e) associated with the at least one first computer at the first side of the firewall and with the at least one second computer at the second side of the firewall, respectively, a pass through communication tunnel (132) directly connecting each first and second proxy and being secured by mutual authentication of the corresponding first and second proxies, means (225-235) for causing a transmitting one of the computers to send a firewall-incompatible message for a receiving one of the computers at the other side of the firewall to a transmitting one of the associated at least one proxy, means (215;
-
255) for sending the message from the transmitting proxy to a receiving one of the at least one proxy at the other side of the firewall through the corresponding tunnel, means (210;
225-235) for associating the message with the receiving computer, and means (210,265;
225,245) for forwarding the message from the receiving proxy to the receiving computer.
-
255) for sending the message from the transmitting proxy to a receiving one of the at least one proxy at the other side of the firewall through the corresponding tunnel, means (210;
-
15. A data processing system (100) including a firewall (130b), a plurality of computers (120,135), at least one first (120) of the computers being at a first side of the firewall and at least one second (135) of the computers being at a second side of the firewall, at least one first proxy (125g) and at least one second proxy (125e) associated with the at least one first computer at the first side of the firewall and with the at least one second computer at the second side of the firewall, respectively, a pass through communication tunnel (132) directly connecting each first and second proxy and being secured by mutual authentication of the corresponding first and second proxies, means (225-235) for causing a transmitting one of the computers to send a firewall-incompatible message for a receiving one of the computers at the other side of the firewall to a receiving one of the associated at least one proxy, means (215;
-
255) for sending the message from the transmitting proxy to a receiving one of the at least one proxy at the other side of the firewall through the corresponding tunnel, means (210;
225-235) for associating the message with the receiving computer, and means (210,265;
225,245) for forwarding the message from the receiving proxy to the receiving computer.
-
255) for sending the message from the transmitting proxy to a receiving one of the at least one proxy at the other side of the firewall through the corresponding tunnel, means (210;
Specification