Method and system for network security
First Claim
1. A method, comprising:
- receiving a packet at a physical interface of a network security gateway, wherein the packet is tagged with a first virtual local area network (VLAN) identifier associated with an external network;
communicating a copy of the packet to a first processor;
analyzing the copy of the packet at the first processor to determine whether the packet violates a security condition;
communicating a reply message from the first processor to the interface indicating whether the packet violates a security condition; and
if the packet does not violate a security condition;
at the physical interface, re-tagging the packet with a second VLAN identifier associated with a protected network; and
communicating the re-tagged packet to the protected network.
1 Assignment
0 Petitions
Accused Products
Abstract
In accordance with one embodiment of the present invention, a method includes receiving a packet at a physical interface of a network security gateway. The packet is tagged with a first VLAN identifier associated with an external network. The method also includes communicating a copy of the packet to a first processor, analyzing the copy of the packet at the first processor to determine whether the packet violates a security condition, and communicating a reply message from the first processor to the interface. The reply message indicates whether the packet violates a security condition. If the packet does not violate a security condition, the method includes re-tagging the packet with a second VLAN identifier associated with a protected network by using a second processor at the physical interface. The method further includes communicating the re-tagged packet to the protected network if the packet does not violate a security condition.
-
Citations
29 Claims
-
1. A method, comprising:
-
receiving a packet at a physical interface of a network security gateway, wherein the packet is tagged with a first virtual local area network (VLAN) identifier associated with an external network; communicating a copy of the packet to a first processor; analyzing the copy of the packet at the first processor to determine whether the packet violates a security condition; communicating a reply message from the first processor to the interface indicating whether the packet violates a security condition; and if the packet does not violate a security condition; at the physical interface, re-tagging the packet with a second VLAN identifier associated with a protected network; and communicating the re-tagged packet to the protected network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. Logic embodied in a computer-readable storage medium operable to perform steps comprising:
-
receiving a packet at a physical interface of a network security gateway, wherein the packet is tagged with a first virtual local area network (VLAN) identifier associated with an external network; communicating a copy of the packet to a first processor; analyzing the copy of the packet at the first processor to determine whether the packet violates a security condition; communicating a reply message from the first processor to the interface indicating whether the packet violates a security condition; and if the packet does not violate a security condition; at the physical interface, re-tagging the buffered copy of the packet with a second VLAN identifier associated with a protected network; and communicating the re-tagged packet to the protected network. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A system, comprising:
-
means for receiving a packet at a physical interface of a network security gateway, wherein the packet is tagged with a first VLAN identifier associated with an external network; means for communicating a copy of the packet to a first processor; means for analyzing the copy of the packet at the first processor to determine whether the packet violates a security condition; means for communicating a reply message from the first processor to the interface indicating whether the packet violates a security condition; means at the physical interface operable for re-tagging the buffered copy of the packet with a second VLAN identifier associated with a protected network if the packet does not violate a security condition; and means for communicating the re-tagged packet to the protected network. - View Dependent Claims (18, 19, 20, 21)
-
-
22. A system, comprising:
-
an interface operable to; receive a packet, wherein the packet is tagged with a first virtual local area network (VLAN) identifier associated with an external network; communicate a copy of the packet to a processor; re-tag the packet with a second VLAN identifier associated with a protected network; and communicate the packet to the protected network; and the processor operable to; analyze the copy of the packet to determine if it violates a security condition; and communicate a reply message to the interface indicating whether the packet violates a security condition, wherein the interface re-tags and communicates the packet if the reply message indicates that the packet does not violate a security condition. - View Dependent Claims (23, 24, 25, 26, 27, 28, 29)
-
Specification