Intelligent integrated network security device
DCFirst Claim
Patent Images
1. A method for inspecting data packets associated with a flow in a computer network, the computer network including two or more security devices for processing the data packets, each data packet having associated header data, the method comprising:
- receiving the data packet;
examining the data packet;
determining a single flow record associated with the data packet, where the determining includes;
determining a packet identifier using at least the associated header data;
evaluating a flow table for a matching flow record entry using the packet identifier;
when there is a matching flow record entry, retrieving the matching flow record;
when there is no matching flow record entry, creating a new flow record; and
storing the new flow record in the flow table;
extracting flow instructions, a session ID and flow information, for the two or more security devices, from the single flow record and forwarding the flow instructions, the session ID and the flow information to the respective ones of the two or more security devices to facilitate processing of the data packet;
receiving, from each of the two or more security devices, evaluation information, the evaluation information being generated by a respective one of the two or more security devices when processing the data packet; and
processing the data packet using the evaluation information.
2 Assignments
Litigations
0 Petitions
Reexamination
Accused Products
Abstract
Methods, computer program products and apparatus for processing data packets are described. Methods include receiving the data packet, examining the data packet, determining a single flow record associated with the packet and extracting flow instructions for two or more devices from the single flow record.
101 Citations
41 Claims
-
1. A method for inspecting data packets associated with a flow in a computer network, the computer network including two or more security devices for processing the data packets, each data packet having associated header data, the method comprising:
-
receiving the data packet; examining the data packet; determining a single flow record associated with the data packet, where the determining includes; determining a packet identifier using at least the associated header data; evaluating a flow table for a matching flow record entry using the packet identifier; when there is a matching flow record entry, retrieving the matching flow record; when there is no matching flow record entry, creating a new flow record; and storing the new flow record in the flow table; extracting flow instructions, a session ID and flow information, for the two or more security devices, from the single flow record and forwarding the flow instructions, the session ID and the flow information to the respective ones of the two or more security devices to facilitate processing of the data packet; receiving, from each of the two or more security devices, evaluation information, the evaluation information being generated by a respective one of the two or more security devices when processing the data packet; and processing the data packet using the evaluation information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A computer-readable memory device incorporating instructions for inspecting data packets associated with a flow in a computer network, the computer network including two or more security devices for processing data packets, each data packet having associated header data, the instructions to:
-
receive the data packet; examine the data packet; determine a single flow record associated with the data packet, where the instruction to determine the single flow packet include instructions to; determine a packet identifier using at least the associated header data; evaluate a flow table for a matching flow record entry using the packet identifier; retrieve a matching flow record when there is a matching flow record entry; and create a new flow record when there is no matching flow record entry, where the new flow record is stored in the flow record table; extract flow instructions, a session ID and flow information, for the two or more security devices, from the single flow record and forward the flow instructions, the session ID and the flow information to the respective ones of the two or more security devices to facilitate processing of the data packet; receive, from each of the two or more security devices, evaluation information, the evaluation information being generated by a respective one of the two or more security devices when processing the data packet; and processing the data packet using the evaluation information. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
-
-
37. An apparatus for processing data packets, having associated header data, comprising:
-
a session module to determine flow information for each received data packet and evaluate a packet identifier, associated with the header data, identifying a particular flow associated with a given data packet; a flow table that includes flow records for each flow having information determined by the session module, each flow record including flow information for a plurality of security devices coupled to the apparatus, where the session module is further to; to locate a flow record, in the flow table, associated with the identified particular flow and retrieve the located flow record; transmit device specific flow information, including flow instructions associated with the located flow record, a session ID associated with the located flow record and flow information associated with the located flow record, to each of the plurality of security devices via communication interfaces; receive, from each of the plurality of security devices, evaluation information, the evaluation information being generated by a respective one of the plurality of security devices in processing the data packets; and process the data packets using the evaluation information. - View Dependent Claims (38, 39, 40, 41)
-
Specification