SYSTEMS AND METHODS FOR FINE GRAIN POLICY DRIVEN CLIENTLESS SSL VPN ACCESS

US 20150074751A1
Filed: 11/12/2014
Published: 03/12/2015
Est. Priority Date: 01/26/2008
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

a) establishing, by a device intermediary to a client and a server, a secure socket layer virtual private network (SSL VPN) session for the client to access the server;

b) identifying, by the device, an access profile for the SSL VPN session based on an application of the server providing content to the client, the access profile specifying one or more rewrite policies for modifying content from the application;

c) receiving, by the device, content of the application to be communicated to the client; and

d) modifying, by the device, the content of the application based on the one or more rewrite policies.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present disclosure provides solutions that may enable an enterprise providing services to a number of clients to determine whether to establish a client based SSL VPN session or a clientless SSL VPN session with a client based on an information associated with the client. An intermediary establishing SSL VPN sessions between clients and servers may receive a request from a client to access a server. The intermediary may identify a session policy based on the request. The session policy may indicate whether to establish a client based SSL VPN session or clientless SSL VPN session with the server. The intermediary may determine, responsive to the policy, to establish a clientless or client based SSL VPN session between the client and the server.

8 Citations

View as Search Results

20 Claims

1. A method comprising:
- a) establishing, by a device intermediary to a client and a server, a secure socket layer virtual private network (SSL VPN) session for the client to access the server;
  
  b) identifying, by the device, an access profile for the SSL VPN session based on an application of the server providing content to the client, the access profile specifying one or more rewrite policies for modifying content from the application;
  
  c) receiving, by the device, content of the application to be communicated to the client; and
  
  d) modifying, by the device, the content of the application based on the one or more rewrite policies.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein (a) further comprises receiving, by the device, a request from the client to access an application provided by the server.
  - 3. The method of claim 1, wherein (a) further comprises identifying, by the device, a session policy based on a request from the client, the session policy indicating whether to establish a client based SSL VPN session or clientless SSL VPN session with the server.
  - 4. The method of claim 1, wherein the SSL VPN session is a clientless SSL VPN session.
  - 5. The method of claim 1, wherein (b) further comprises identifying, by the device based on the application and a user of the client, the access profile from a plurality of access profiles configured on the device.
  - 6. The method of claim 1, wherein the one or more rewrite policies includes one or more pattern classes for detecting one or more uniform resource locators (URLs) within content of the application.
  - 7. The method of claim 6, further comprising detecting, by the device, a URL in the content of the application based on the one or more pattern classes.
  - 8. The method of claim 7, further comprising modifying the content of the application by rewriting the URL based on the one or more rewrite policies.
  - 9. The method of claim 1, further comprising receiving, by the device, a second request from the client to access a second application and identifying a second access profile specifying one or more rewrite policies for modifying content from the second application.
  - 10. The method of claim 1, further comprising communicating, by the device, the modified content of the application to the client.

11. A system comprising:
- a device intermediary to a client and a server, the device comprising a hardware processor and configured to establish a secure socket layer virtual private network (SSL VPN) session for the client to access the server;
  
  a policy engine configured to execute on the device and to identify an access profile for the SSL VPN session based on an application of the server providing content to the client, the access profile specifying one or more rewrite policies for modifying content from the application;
  
  wherein the device is configured to receive content of the application to be communicated to the client and modify the content of the application based on the one or more rewrite policies.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The system of claim 11, wherein the device is further configured to receive a request from the client to access an application provided by the server.
  - 13. The system of claim 11, wherein the device is further configured to identify a session policy based on a request from the client, the session policy indicating whether to establish a client based SSL VPN session or clientless SSL VPN session with the server.
  - 14. The system of claim 11, wherein the SSL VPN session is a clientless SSL VPN session.
  - 15. The system of claim 11, wherein the device is further configured to identify, based on the application and a user of the client, the access profile from a plurality of access profiles configured on the device.
  - 16. The system of claim 11, wherein the one or more rewrite policies includes one or more pattern classes for detecting one or more uniform resource locators (URLs) within content of the application.
  - 17. The system of claim 16, wherein the device is further configured to detect a URL in the content of the application based on the one or more pattern classes.
  - 18. The system of claim 17, wherein the device is further configured to modify the content of the application by rewriting the URL based on the one or more rewrite policies.
  - 19. The system of claim 11, wherein the device is further configured to receive a second request from the client to access a second application and identifying a second access profile specifying one or more rewrite policies for modifying content from the second application.
  - 20. The system of claim 11, wherein the device is further configured to communicate the modified content of the application to the client.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
Agarwal, Puneet, Thirunarayanan, Srinivasan, Adhya, Saibal Kumar, Choudhary, Akshat

Granted Patent

US 9,571,456 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

H04L 63/0272   Virtual private networks

H04L 63/0281   Proxies

H04L 63/105   Multiple levels of security

H04L 63/166   at the transport layer

H04L 63/20   for managing network securi...

H04L 67/02   based on web technology, e....

H04L 67/14   Session management for real...

H04L 67/563   Data redirection of data ne...

H04L 67/59   Providing operational suppo...

SYSTEMS AND METHODS FOR FINE GRAIN POLICY DRIVEN CLIENTLESS SSL VPN ACCESS

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

8 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEMS AND METHODS FOR FINE GRAIN POLICY DRIVEN CLIENTLESS SSL VPN ACCESS

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

8 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links