Systems and methods of fine grained interception of network communications on a virtual private network
First Claim
1. A method for intercepting a communication of a client to a destination on a virtual private network based on a network destination description of an application authorized to be accessed via the virtual private network, the method comprising the steps of:
- (a) receiving, by an agent of a client on a first network, a routing table comprising a network destination description of an application authorized for access as a destination on a second network via a virtual private network;
(b) intercepting, by the agent, a network communication of the client, the agent establishing a virtual private network connection via an appliance from the first network to the second network;
(c) determining, by the agent, that the network communication identifies a destination with a network identifier and a port that matches the network destination description of the application authorized for access as a destination on the second network via the virtual private network; and
(d) transmitting, by the agent in response to the identification of the authorized application, the network communication via the virtual private network connection.
7 Assignments
0 Petitions
Accused Products
Abstract
A method for intercepting communication of a client to a destination on a virtual private network includes an agent executing on the client that intercepts a network communication of the client. The agent provides a virtual private network connection from a first network to a second network. The decision to intercept is based on a network destination description or an identification of an application authorized to be accessed via the virtual private network. In one case, the agent determines that a destination specified by the intercepted communication corresponds to a network identifier and a port of a network destination description of an application on the second network authorized for access via the virtual private network. In response to this determination, the agent transmits the intercepted communication.
105 Citations
23 Claims
-
1. A method for intercepting a communication of a client to a destination on a virtual private network based on a network destination description of an application authorized to be accessed via the virtual private network, the method comprising the steps of:
-
(a) receiving, by an agent of a client on a first network, a routing table comprising a network destination description of an application authorized for access as a destination on a second network via a virtual private network; (b) intercepting, by the agent, a network communication of the client, the agent establishing a virtual private network connection via an appliance from the first network to the second network; (c) determining, by the agent, that the network communication identifies a destination with a network identifier and a port that matches the network destination description of the application authorized for access as a destination on the second network via the virtual private network; and (d) transmitting, by the agent in response to the identification of the authorized application, the network communication via the virtual private network connection. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system for intercepting a communication of a client to a destination on a virtual private network based on a network destination description of an application authorized to be accessed via the virtual private network, the system comprising:
-
a means for receiving, by agent of a client on a first network, a routing table comprising a network destination description of an application authorized for access as a destination on a second network via a virtual private network; a means for intercepting, by the agent, a network communication of the client, the agent establishing a virtual private network connection via an appliance from the first network to the second network; a means for determining, by the agent, that the network communication identifies a destination with a network identifier and a port that matches the network destination description of the application authorized for access as a destination on the second network via the virtual private network; and a means for transmitting, by the agent in response to the identification of the authorized application, the network communication via the virtual private network connection. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A method for intercepting a communication of a client to a destination on a virtual private network (VPN) based on a network destination description of an application authorized for access as a destination via the VPN, the method comprising the steps of:
-
(a) establishing, by an agent of a client on a first network, a VPN connection from the first network via an appliance to a second network; (b) receiving, by the agent, a routing table comprising a network destination description of an application authorized for access as a destination on the second network; (c) intercepting, by the agent, a first network communication of the client; (d) determining, by the agent, that the first network communication identifies a destination with a network identifier and a port that matches the network destination description in the routing table corresponding to the application authorized for access as a destination on the second network; (e) transmitting, by the agent in response to the identification of the authorized application, the first network communication via the VPN connection; (f) intercepting, by the agent, a second network communication of the client; (g) determining, by the agent, that the second network communication identifies a destination with a network identifier and a port that does not match the network destination description in the routing table corresponding to the application authorized for access as a destination on the second network; and (h) determining, by the agent in response to the identification of the non-matching application, not to transmit the second network communication via the VPN connection. - View Dependent Claims (22, 23)
-
Specification