Cross network layer correlation-based firewalls
First Claim
1. A method of permitting data packets through a firewall, comprising:
- establishing communication between a first participant and a second participant, a communication path for the communication passing through a firewall;
receiving a packet of information to the firewall;
comparing the packet of information to information stored for the established communication; and
allowing the packet to pass through the firewall to the second participant when the packet agrees with the session information.
1 Assignment
0 Petitions
Accused Products
Abstract
Lower layer traffic such as RTP streams or UDP packets that typically are not allowed through a firewall are permitted through the firewall by correlating the traffic with higher level communications already established, or messages exchanged, at a higher level layer such as for SIP sessions. Communication information and policies can be made available to the firewall, such that the firewall can allow through any packets for an active communication between authorized addresses through an authorized port. Such an approach can allow data such as streamed data and VoIP data to be passed through a firewall without weakening firewall policies.
107 Citations
30 Claims
-
1. A method of permitting data packets through a firewall, comprising:
-
establishing communication between a first participant and a second participant, a communication path for the communication passing through a firewall; receiving a packet of information to the firewall; comparing the packet of information to information stored for the established communication; and allowing the packet to pass through the firewall to the second participant when the packet agrees with the session information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A system for permitting data packets through a firewall, comprising:
-
a communication component operable to receive a request from a first participant and forward the request to a second participant, the communication component further operable to receive a response from the second participant and forward the response to the first participant, the communication component further operable to establish a communication for the first and second participant devices and store information for the established communication in response thereto; a firewall operable to receive a packet of information and compare the packet to the information for the established communication, the firewall being further operable to allow the packet to pass through the firewall to the second participant where the packet agrees with the information for the established communication and to block the packet where the packet does not agree with the information for the established communication. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28)
-
-
29. A computer program product embedded in a computer readable medium, comprising:
-
computer code for establishing a communication between a first participant and a second participant, a communication path for the established communication passing through a firewall; computer code for receiving a packet of information to the firewall; computer code for comparing the packet of information to information for the established communication; and computer code for allowing the packet to pass through the firewall to the second participant where the packet agrees with the information for the established communication. - View Dependent Claims (30)
-
Specification