SYSTEMS AND METHODS FOR IMPLEMENTING A PROTOCOL-AWARE NETWORK FIREWALL
2 Assignments
0 Petitions
Accused Products
Abstract
A method may include receiving a first packet; determining, in a first processor, whether the first packet meets a criterion to be forwarded to a destination indicated in the first packet; receiving a second packet; determining whether the second packet is of a type for changing the criterion and sending the second packet to a second processor if the second packets is of the type for changing the criterion; receiving instructions, based on the second packet sent to the second processor, to change the criterion; and changing the criterion.
14 Citations
21 Claims
-
1. (canceled)
-
2. A method comprising:
-
receiving packets in a first network device; storing a first table including first criteria, wherein the first criteria identify session initiation packets used to create a session or session termination packets used to terminate the session; storing a second table including second criteria, wherein the second criteria identify packets in the session created by the session initiation packets; determining whether each of the received packets meets the first criteria in the first table and transmitting each of the packets determined to meet the first criteria to a second network device; and determining, only for each of the received packets determined not to meet the first criteria in the first table, whether the received packet meets the second criteria in the second table and transmitting each of the packets determined to meet the second criteria toward a destination. - View Dependent Claims (3, 4, 5, 6, 7, 8)
-
-
9. A system comprising:
-
an input port to receive a packet; a memory to store criteria for determining whether the packet should be forwarded to a destination on a network, wherein the memory includes a first table including static criteria for determining whether the packet should be forwarded to the destination, and a second table including dynamic criteria for determining whether the packet should be forwarded to the destination; a processor to determine whether the packet matches the static criteria and, only when the packet does not match the static criteria, to determine whether the packet matches the dynamic criteria; and an output port to forward the packet to the destination when the packet matches the static criteria or the dynamic criteria. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A method comprising:
-
receiving packets on an input port from a first network comprising a first device; transmitting packets on an output port to a second network comprising a second device; storing a first table and a second table in a memory, wherein the first table includes static criteria for determining whether the received packets should be forwarded to destinations, and wherein the second table includes dynamic criteria for determining whether the received packets should be forwarded to destinations; determining whether each of the received packets matches the static criteria and, only for packets that do not match the static criteria, determining whether one or more of the received packets matches the dynamic criteria; transmitting the received packets that match the first criteria or the second criteria toward their destinations; and determining that one or more of the received packets establishes or terminates a session between the first device and the second device and changing the dynamic criteria based on the one or more of the received packets determined to establish or terminate the session between the first device and the second device. - View Dependent Claims (19, 20, 21)
-
Specification