SYSTEMS AND METHODS FOR CONFIGURING HANDLING OF UNDEFINED POLICY EVENTS
First Claim
1. A method of configuring a policy used by a network device by specifying an action to be taken in the event an element of the policy is undefined, the method comprising:
- (a) providing a configuration interface for configuring a policy of a network device;
(b) identifying, by the configuration interface, a policy comprising a first action to be taken based on an evaluation of an expression;
(c) receiving, via the configuration interface, information identifying a second action for the policy, the second action to be taken if an element of the policy is undefined.
8 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for configuring and evaluating policies that direct processing of one or more data streams are described. A configuration interface is described for allowing users to specify object oriented policies. These object oriented policies may allow any data structures to be applied with respect to a payload of a received packet stream, including any portions of HTTP traffic. A configuration interface may also allow the user to control the order in which policies and policy groups are executed, in addition to specifying actions to be taken if one or more policies are undefined. Systems and methods for processing the policies may allow efficient processing of object-oriented policies by applying potentially complex data structures to unstructured data streams. A device may also interpret and process a number of flow control commands and policy group invocation statements to determine an order of execution among a number of policies and policy groups. These policy configurations and processing may allow configuration and processing of complex network behaviors relating to load balancing, VPNs, SSL offloading, content switching, application security, acceleration, and caching.
-
Citations
38 Claims
-
1. A method of configuring a policy used by a network device by specifying an action to be taken in the event an element of the policy is undefined, the method comprising:
-
(a) providing a configuration interface for configuring a policy of a network device; (b) identifying, by the configuration interface, a policy comprising a first action to be taken based on an evaluation of an expression; (c) receiving, via the configuration interface, information identifying a second action for the policy, the second action to be taken if an element of the policy is undefined. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. In an appliance, a method of applying a policy specifying an action to be taken in the event an element of the policy is undefined, the method comprising:
-
(a) identifying, by an appliance, a policy to evaluate with respect to a payload of a received packet stream, the policy specifying (i) an expression, (ii) a first action to be taken based on an evaluation of the expression and (iii) a second action to be taken if an element of the policy is undefined; (b) determining, by the appliance, an element of the policy is undefined with respect to the payload; and (c) taking, by the appliance in response to the determination, the second action. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
-
-
28. An appliance which enables users to specify an action to be taken in the event an expression contained in a policy cannot be evaluated by the appliance, the appliance comprising:
-
a packet processor which receives a packet stream; and a policy engine which identifies a policy to evaluate with respect to the payload of the received packet stream, the policy specifying (i) an expression, (ii) a first action to be taken based on an evaluation of the expression and (iii) a second action to be taken if the expression is not successfully evaluated;
determines the expression cannot be successfully evaluated with respect to the packet stream; and
takes the second action. - View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36, 37, 38)
-
Specification