ROUTING A PACKET BY A DEVICE
First Claim
1. An L2 device in a packet switched communication system, the packet switched communication system having plural zones, each zone representing a distinct security domain and having an associated policy for use in inspecting packets entering/exiting an associated zone, the L2 device comprising:
- at least one port coupled to a terminal unit included in a first security zone;
at least one port coupled to a terminal unit included in a second security zone;
a controller determining for each packet received whether the received packet is destined for another zone;
a firewall engine inspecting and filtering inter-zone packets using a zone specific policy; and
an L2 switching engine immediately transferring to a port all intra-zone packets passing through the L2 device using a table of MAC addresses and corresponding ports, and only transferring to a port inter-zone packets that are retained after the inspection by the firewall engine.
2 Assignments
0 Petitions
Accused Products
Abstract
Methods and apparatus for transferring packets in a packet switched communication system. A system is provided that includes an L2 device including a controller determining for each packet received whether the received packet is to be inspected, an inspection device operable to inspect and filter packets identified by the controller including using a zone specific policy and an L2 controller for transferring inspected packets in accordance with L2 header information using L2 protocols.
-
Citations
4 Claims
-
1. An L2 device in a packet switched communication system, the packet switched communication system having plural zones, each zone representing a distinct security domain and having an associated policy for use in inspecting packets entering/exiting an associated zone, the L2 device comprising:
-
at least one port coupled to a terminal unit included in a first security zone; at least one port coupled to a terminal unit included in a second security zone; a controller determining for each packet received whether the received packet is destined for another zone; a firewall engine inspecting and filtering inter-zone packets using a zone specific policy; and an L2 switching engine immediately transferring to a port all intra-zone packets passing through the L2 device using a table of MAC addresses and corresponding ports, and only transferring to a port inter-zone packets that are retained after the inspection by the firewall engine.
-
-
2. An L2 device in a packet switched communication system, the packet switched communication system having plural zones, each zone representing a distinct security domain and having an associated policy for use in inspecting packets entering/exiting an associated zone, the L2 device comprising:
-
a controller determining for each packet received whether the received packet is to be transferred intra-zone or inter-zone; a firewall engine inspecting and filtering inter-zone packets using a zone specific policy; and an L2 switching engine operable to immediately route to a port all intra-zone packets passing through the L2 device using a table of MAC addresses and corresponding ports, and only route to a port inter-zone packets that are retained after the inspection by the firewall engine.
-
-
3. An L2 device in a packet switched communication system, the packet switched communication system having plural zones, each zone representing a distinct security domain, the L2 device comprising:
-
a controller determining for each packet received whether the received packet is to be transferred inter-zone; and a firewall engine inspecting and filtering inter-zone packets using a zone specific policy prior to routing using L2 protocols.
-
-
4-27. -27. (canceled)
Specification