SYSTEM AND METHOD FOR FILTERING NETWORK COMMUNICATIONS
First Claim
1. A system, comprising:
- a network interface capable of connecting to a wide area network;
a tunneling front end node capable of establishing a communication tunnel with a client access point, wherein packets transmitted through the communication tunnel are encapsulated, the tunneling front end node being capable of authenticating a user of a user device in communication with the client access point whereby the user is allowed access to the wide area network after a successful authentication through the communication tunnel;
a plurality of filter nodes in communication with the network interface such that the filter nodes are connected to the wide area network via the network interface;
a plurality of filtering rules associated with the authenticated user defining how transmissions between the user of the user device and wide area network are to be handled, the tunneling front end node being capable of determining how to handle transmissions to and from the authenticated user according to the filtering rules, wherein the tunneling front end node passes at least some of the transmission received from the authenticated user to at least one of the filter nodes according to the filtering rules;
the filter nodes being capable of sending transmissions of the authenticated user passed from the tunneling front end node to the wide area network according to the filtering rules, the filter nodes being capable of receiving transmissions from the wide area network destined to the authenticated user, and the filter nodes being capable of filtering the transmissions received from the wide area network according to the filtering rules and passing the transmissions to the tunneling front end node for forwarding the transmissions to the authenticated user via the communications tunnel;
a worker node capable of receiving one or more messages from one or more of nodes, the messages containing information concerning the status of the one or more nodes, the worker node being capable of generating one or more jobs in response to a received message and sending each generated job to a job dispatcher node; and
the job dispatcher node being capable of receiving the generated jobs sent by the worker node, the job dispatcher node being capable of assigning at least one of the generated jobs to one of the nodes and sending messages to that node to perform the assigned job.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments of a secure network gateway system and a filtering method using the system are disclosed. The secure network gateway system includes a tunneling front end node capable of establishing a communication tunnel with a client access point and authenticating a user to allow the user to access to a wide area network via the communication tunnel. The system also includes a plurality of filter nodes. A plurality of filtering rules are associated with the authenticated user. The tunneling front end node is capable of determining how to handle transmissions to and from the authenticated user according to these filtering rules and passing the transmissions to the appropriate filter nodes. The filter nodes are capable of filtering transmissions according to the filtering rules and passing the filtered transmissions to the tunneling front end node for forwarding to the authenticated user via the communications tunnel.
85 Citations
30 Claims
-
1. A system, comprising:
-
a network interface capable of connecting to a wide area network; a tunneling front end node capable of establishing a communication tunnel with a client access point, wherein packets transmitted through the communication tunnel are encapsulated, the tunneling front end node being capable of authenticating a user of a user device in communication with the client access point whereby the user is allowed access to the wide area network after a successful authentication through the communication tunnel; a plurality of filter nodes in communication with the network interface such that the filter nodes are connected to the wide area network via the network interface; a plurality of filtering rules associated with the authenticated user defining how transmissions between the user of the user device and wide area network are to be handled, the tunneling front end node being capable of determining how to handle transmissions to and from the authenticated user according to the filtering rules, wherein the tunneling front end node passes at least some of the transmission received from the authenticated user to at least one of the filter nodes according to the filtering rules; the filter nodes being capable of sending transmissions of the authenticated user passed from the tunneling front end node to the wide area network according to the filtering rules, the filter nodes being capable of receiving transmissions from the wide area network destined to the authenticated user, and the filter nodes being capable of filtering the transmissions received from the wide area network according to the filtering rules and passing the transmissions to the tunneling front end node for forwarding the transmissions to the authenticated user via the communications tunnel; a worker node capable of receiving one or more messages from one or more of nodes, the messages containing information concerning the status of the one or more nodes, the worker node being capable of generating one or more jobs in response to a received message and sending each generated job to a job dispatcher node; and the job dispatcher node being capable of receiving the generated jobs sent by the worker node, the job dispatcher node being capable of assigning at least one of the generated jobs to one of the nodes and sending messages to that node to perform the assigned job. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A method for filtering communications, comprising:
-
establishing a communication tunnel between a tunneling front end node and a client access point, wherein packets transmitted through the communication tunnel are encapsulated; authenticating a user of a user device in communication with the client access point whereby the user is allowed to access to the wide area network after a successful authentication through the communication tunnel; determining how to handle transmissions to and from the authenticated user according to a plurality of filtering rules associated with the authenticated user; passing at least some of the transmission received by the tunneling front end node from the user of the user device to at least one of a plurality of filter nodes according to the filtering rules; the filter nodes sending transmissions of the authenticated user to the wide area network according to the filtering rules associated with the authenticated user; the filter nodes receiving transmissions from the wide area network destined to the authenticated user; the filter nodes filtering the transmissions received from the wide area network according to the filtering rules associated with the authenticated user; and forwarding the transmissions to the authenticated user via the communications tunnel. - View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30)
-
Specification