INTERNET SECURITY SYSTEM
2 Assignments
0 Petitions
Accused Products
Abstract
Methods and apparatus, including computer program products, implementing and using techniques for processing a data packet in a packet forwarding device. A data packet is received. A virtual local area network destination is determined for the received data packet, and a set of rules associated with the virtual local area network destination is identified. The rules are applied to the data packet. If a virtual local area network destination has been determined for the received data packet, the data packet is output to the destination, using the result from the application of the rules. If no destination has been determined, the data packet is dropped. A security system for partitioning security system resources into a plurality of separate security domains that are configurable to enforce one or more policies and to allocate security system resources to the one or more security domains, is also described.
-
Citations
65 Claims
-
1-27. -27. (canceled)
-
28. A data processing system for processing data packets transferred over a network, the data processing system comprising:
-
a firewall engine, the firewall engine being operable to;
receive a set of firewall policies; and
apply the firewall policies to a data packet;
an authentication engine, the authentication engine being operable to;
receive a set of authentication policies; and
authenticate a data packet in accordance with the authentication policies;
one or more virtual private networks, each virtual private network having an associated destination address and policies; and
a controller being operable to;
detect an incoming data packet;
examine the incoming data packet for a virtual private network destination address;
identify the policies associated with the virtual private network destination;
if the policies include firewall policies, then call the firewall engine and apply the set of firewall policies corresponding to the virtual private network destination to the data packet;
if the policies include authentication policies, then call the authentication engine and apply the set of authentication policies corresponding to the virtual private network destination to the data packet; and
route the data packet to the virtual private network containing the data packet'"'"'s destination address. - View Dependent Claims (29, 30, 31, 32)
-
-
33. A method for screening data packets transferred over a network, the method comprising:
-
connecting to one or more virtual local area networks;
associating a set of firewall configuration settings with each of the one or more virtual local area networks;
receiving an incoming data packet;
screening the incoming data packet in accordance with a set of firewall configuration settings; and
outputting the screened data packet to a particular virtual local area network among the one or more virtual local area networks, based on the result of the screening. - View Dependent Claims (34, 35, 36, 37, 38)
-
-
39-49. -49. (canceled)
-
50. A security system, comprising:
-
security system resources including firewall services; and
a controller operable to partition the security system resources into a plurality of separate security domains, each security domain being configurable to enforce one or more policies relating to a specific subsystem, and to allocate security system resources to the one or more security domains. - View Dependent Claims (51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65)
-
Specification