Apparatus and method for firewall traversal
First Claim
1. A method for traversing a firewall device to maintain a registration between a first device and a second device separated by the firewall device, the method comprising:
- intercepting a registration message from the first device to the second device;
determining, after intercepting the registration message, whether it is time to renew the first device'"'"'s registration by determining whether another registration message from the first device will be intercepted prior to an expiration of a first timeout period defined by the second device;
forwarding the registration message to the second device if it is time to renew the first device'"'"'s registration;
sending a substitute response to the first device without forwarding the registration message to the second device if it is not time to renew the first device'"'"'s registration, wherein the substitute response includes the second timeout period;
intercepting a response message from the second device to the first device, wherein the response message includes the first timeout period; and
replacing the first timeout period in the intercepted response message with a second timeout period based on a binding lifetime of the firewall device before forwarding the response message to the first device.
3 Assignments
0 Petitions
Accused Products
Abstract
An apparatus and method for traversing a network address translation/firewall device to maintain a registration between first and second devices separated by the firewall device are provided. In one example, the method includes intercepting a registration message from the first device to the second device. A determination is made based on a first timeout period defined by the second device as to whether it is time to renew the first device'"'"'s registration. If it is time to renew the first device'"'"'s registration, the registration message is forwarded to the second device. A response message that includes the first timeout period is intercepted, and the first timeout period is replaced with a second timeout period based on a binding lifetime of the firewall device before forwarding the response message to the first device.
-
Citations
18 Claims
-
1. A method for traversing a firewall device to maintain a registration between a first device and a second device separated by the firewall device, the method comprising:
-
intercepting a registration message from the first device to the second device;
determining, after intercepting the registration message, whether it is time to renew the first device'"'"'s registration by determining whether another registration message from the first device will be intercepted prior to an expiration of a first timeout period defined by the second device;forwarding the registration message to the second device if it is time to renew the first device'"'"'s registration; sending a substitute response to the first device without forwarding the registration message to the second device if it is not time to renew the first device'"'"'s registration, wherein the substitute response includes the second timeout period; intercepting a response message from the second device to the first device, wherein the response message includes the first timeout period; and replacing the first timeout period in the intercepted response message with a second timeout period based on a binding lifetime of the firewall device before forwarding the response message to the first device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system providing for firewall traversal, the system comprising:
-
a first device positioned in a private network; a firewall device accessible to the private network and a public network; a second device in the public network configured to register the first device; and a session controller positioned in the public network between the firewall device and the second device, the session controller comprising a plurality of software executable instructions including; instructions for intercepting a registration message from the first device to the second device; instructions for determining, after intercepting the registration message, whether to renew the first device'"'"'s registration by determining whether another registration message from the first device will be intercepted prior to an expiration of a first timeout period defined by the second device; instructions for forwarding the registration message to the second device if it is time to renew the first device'"'"'s registration, instructions for sending a substitute response to the first device without forwarding the registration message to the second device if it is not time to renew the first device'"'"'s registration, wherein the substitute response includes the second timeout period; instructions for intercepting a registration response message from the second device to the first device, wherein the response message includes the first timeout period defined by the second device; and instructions for replacing the first timeout period in the response message with the second timeout period before forwarding the response message to the first device. - View Dependent Claims (13, 14, 15, 16)
-
-
17. An apparatus for enabling a network edge device to maintain a registration between a first device and a second device separated by the edge device, the apparatus comprising:
-
an interface accessible to the edge device and the second device; and means for intercepting a registration message from the first device to the second device; means for determining, after intercepting the registration message, whether it is time to renew the first device'"'"'s registration by determining whether another registration message from the first device will be intercepted prior to an expiration of a first timeout period defined by the second device; means for forwarding the registration message to the second device if it is time to renew the first device'"'"'s registration; means for sending a substitute response to the first device without forwarding the registration message to the second device if it is not time to renew the first device'"'"'s registration, wherein the substitute response includes the second timeout period; means for intercepting a response message from the second device to the first device, wherein the response message includes the first timeout period; and means for replacing the first timeout period in the response message with a second timeout period based on a binding lifetime of the edge device before forwarding the response message to the first device. - View Dependent Claims (18)
-
Specification