System and method to manage data to a plurality of proxy servers through a router by application level protocol and an authorized list
First Claim
1. A method for managing data traffic within an Intranet, the Intranet comprising a client computer, a router system, and at least one proxy server, the method comprising:
- transmitting a datagram to a traffic analyser in a router system, the traffic analyser determining if the datagram originated from a client computer in the Intranet, in response to the traffic analyser determining that the datagram originated from a client computer in the Intranet, transmitting the datagram to an inbound policing handler, the inbound policing handler updating a destination address for the datagram to a proxy server specified by an application level protocol used by the datagram, the proxy server specified being determined by a policing manager according to an application level protocol policing definition table;
comparing the proxy server, determined by the policing manager, to a list of authorized proxy servers, the authorized proxy servers being previously authorized to receive only datagrams using the application level protocol used by the datagram originating from the client computer; and
in response to determining that the proxy server determined by the policing manager is on the list of authorized proxy servers, transmitting the datagram to the authorized proxy server, and in response to determining that the proxy server is not on the list of authorized proxy servers, discarding the datagram.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system for managing data traffic between an intranet and the internet. The Intranet composed of client computers connected to a router system which bridges the connection to a plurality of proxy servers. The proxy servers act as a gateway to the internet and operate on a designated application level protocol. The router system redirecting packets based on application level protocols to the proxy servers while checking the destination proxy server with an authorized list. The router system blocking or transmitting based on the application level protocol and the authorized server.
-
Citations
8 Claims
-
1. A method for managing data traffic within an Intranet, the Intranet comprising a client computer, a router system, and at least one proxy server, the method comprising:
-
transmitting a datagram to a traffic analyser in a router system, the traffic analyser determining if the datagram originated from a client computer in the Intranet, in response to the traffic analyser determining that the datagram originated from a client computer in the Intranet, transmitting the datagram to an inbound policing handler, the inbound policing handler updating a destination address for the datagram to a proxy server specified by an application level protocol used by the datagram, the proxy server specified being determined by a policing manager according to an application level protocol policing definition table;
comparing the proxy server, determined by the policing manager, to a list of authorized proxy servers, the authorized proxy servers being previously authorized to receive only datagrams using the application level protocol used by the datagram originating from the client computer; and
in response to determining that the proxy server determined by the policing manager is on the list of authorized proxy servers, transmitting the datagram to the authorized proxy server, and in response to determining that the proxy server is not on the list of authorized proxy servers, discarding the datagram. - View Dependent Claims (2, 3, 4)
setting, by the router system, a maximum limit of how many client computers in the Intranet are authorized to send datagrams to the proxy server.
-
-
3. The method of claim 2, wherein the maximum limit is 500.
-
4. The method of claim 1, wherein all datagram traffic within the Intranet is policed by the steps of claim 1, such that any client computer in the Intranet can communicate with an Internet only by routing datagrams through the authorized proxy server, the proxy server being selected according to the application level protocol used by the datagram and by a physical proximity of the proxy server to the client computer.
-
5. A router system for managing data traffic within an Intranet, the router system comprising:
-
a traffic analyser that determines if a received datagram originated from a client computer in the Intranet;
an inbound policing handler that, responsive to the traffic analyser determining that the datagram originated from a client computer in the Intranet, transmits the datagram to an inbound policing handler, the inbound policing handler updating a destination address for the datagram to a proxy server specified by an application level protocol of the datagram, the proxy server specified being determined by a policing manager according to an application level protocol policing definition table;
a policing manager that compares the proxy server, determined by the policing manager, to a list of authorized proxy servers determined by the application level protocol of the datagram; and
a router that, in response to the policing manager determining that the proxy server determined by the policing manager is on the list of authorized proxy servers, transmits the datagram to the authorized proxy server, and in response to determining that the proxy server is not authorized, discarding the datagram. - View Dependent Claims (6, 7, 8)
-
Specification