Method, apparatus and computer program product for a network firewall
DCFirst Claim
Patent Images
1. An apparatus comprising:
- a firewall engine including;
a first engine including a first set of rules for sorting incoming IP packets into initially allowed packets and initially denied packets; and
a filter including a second set of rules for receiving and further sorting the initially denied packets into allowed packets and denied packets.
2 Assignments
Litigations
0 Petitions
Reexamination
Accused Products
Abstract
Systems and methods for network security including a firewall. One firewall includes a firewall engine. The firewall engine includes a first engine including a first set of rules for sorting incoming IP packets into initially allowed packets and initially denied packets. The firewall engine also includes a filter including a second set of rules for receiving and further sorting the initially denied packets into allowed packets and denied packets.
204 Citations
24 Claims
-
1. An apparatus comprising:
-
a firewall engine including;
a first engine including a first set of rules for sorting incoming IP packets into initially allowed packets and initially denied packets; and
a filter including a second set of rules for receiving and further sorting the initially denied packets into allowed packets and denied packets. - View Dependent Claims (2, 3, 4, 5, 6, 7)
a second engine for receiving and further processing the initially allowed packets.
-
-
5. The apparatus of claim 4, wherein the second engine is capable of modifying some subset of the initially allowed packets.
-
6. The apparatus of claim 5, wherein the second engine comprises:
-
a dynamic analyzer for identifying initially allowed packets requiring network address translation; and
a handler for providing network address translation.
-
-
7. The apparatus of claim 5, wherein the second engine comprises a dynamic analyzer for sending a “
- reset”
packet to a source IP address.
- reset”
-
8. A computer software product, tangibly stored on a computer-readable medium, for providing a network security, comprising instructions operable to cause a programmable processor to:
-
process incoming IP packets into initially allowed packets and initially denied packets;
extract matching criteria from incoming IP packets;
dynamically generate rules using the extracted matching criteria; and
further process the initially denied packets using the dynamically-generated rules. - View Dependent Claims (9, 10, 11, 12, 13)
further process the initially allowed packets into allowed packets and packets requiring modification.
-
-
11. The computer software product of claim 10, further comprising instructions to:
modify control packets.
-
12. The computer software product of claim 11, wherein the instructions to modify control packets include instructions for network address translation.
-
13. The computer software product of claim 10, further comprising instructions to:
generate and transmit a “
reset”
packet in response to a denied packet.
-
14. A method for providing network computer security, comprising:
-
receiving incoming packets at a firewall;
sorting the incoming packets into initially allowed packets and initially denied packets; and
further sorting the initially denied packets into allowed and denied packets using rules. - View Dependent Claims (15, 16, 17, 18, 19)
-
-
20. A method for providing network computer security, comprising:
-
receiving incoming IP packets at a firewall;
sorting the incoming IP packets into initially allowed packets and initially denied packets using a set of fixed rules;
extracting parameters from the incoming IP packets;
using the extracted parameters to generate a set of dynamically-generated rules; and
further sorting the initially denied packets into allowed and denied packets using the dynamically-generated rules. - View Dependent Claims (21, 22)
-
-
23. An apparatus comprising:
-
an ASIC including a firewall engine including;
a first engine including a first set of rules for processing incoming IP packets into initially allowed packets and initially denied packets; and
a filter including a second set of rules for receiving and further processing the initially denied packets into allowed packets and denied packets.
-
-
24. A method for providing network computer security, comprising:
-
receiving incoming packets at a firewall;
processing the incoming packets into initially allowed packets and initially denied packets; and
further processing the initially denied packets into allowed and denied packets using rules.
-
Specification