Systems and methods for application based interception SSI/VPN traffic
First Claim
1. A method for an agent of a client to intercept communications from the client to be transmitted via a virtual private network connection based on identification of the application, the method comprising the steps of:
- (a) receiving, by an agent of a client of a first network, an application routing table identifying a first application authorized for access to a second network via a virtual private network connection established by an appliance and from which to intercept network communications for transmission via the virtual private network connection to the second network based on the application routing table, the first application identified via a name of an executable of the first application;
(b) determining, by the agent responsive to the identification, that a network communication from a plurality of network communications transmitted by the client originates from the first application identified by the name of the executable;
(c) intercepting, by the agent responsive to the determination, the network communication of the first application;
(d) transmitting, by the agent, the network communication of the first application via the virtual private network connection to the second network based on the application routing table;
(e) determining, by the agent, that at least one network communication from the plurality of network communications transmitted by the client originates from a second application not identified in the application routing table via a name of an executable of the second application; and
(f) allowing, by the agent, the at least one network communication to pass via a network stack of the client instead of the virtual private network connection.
7 Assignments
0 Petitions
Accused Products
Abstract
A method for intercepting, by an agent of a client, communications from the client to be transmitted via a virtual private network connection includes the step of intercepting communications based on identification of an application from which the communication originates. The agent receives information identifying a first application. The agent determines a network communication transmitted by the client originates from the first application and intercepts that communication. The agent transmits the intercepted communication via the virtual private network connection.
249 Citations
18 Claims
-
1. A method for an agent of a client to intercept communications from the client to be transmitted via a virtual private network connection based on identification of the application, the method comprising the steps of:
-
(a) receiving, by an agent of a client of a first network, an application routing table identifying a first application authorized for access to a second network via a virtual private network connection established by an appliance and from which to intercept network communications for transmission via the virtual private network connection to the second network based on the application routing table, the first application identified via a name of an executable of the first application; (b) determining, by the agent responsive to the identification, that a network communication from a plurality of network communications transmitted by the client originates from the first application identified by the name of the executable; (c) intercepting, by the agent responsive to the determination, the network communication of the first application; (d) transmitting, by the agent, the network communication of the first application via the virtual private network connection to the second network based on the application routing table; (e) determining, by the agent, that at least one network communication from the plurality of network communications transmitted by the client originates from a second application not identified in the application routing table via a name of an executable of the second application; and (f) allowing, by the agent, the at least one network communication to pass via a network stack of the client instead of the virtual private network connection. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system for an agent of a client to intercept communications from the client to be transmitted via a virtual private network connection based on identification of the application, the system comprising:
-
a means for receiving, by an agent of a client of a first network, an application routing table identifying a first application authorized for access to a second network via a virtual private network connection established by an appliance and from which to intercept network communications for transmission via the virtual private network connection to the second network based on the application routing table, the first application identified via a name of an executable of the first application; a means for determining, by the agent responsive to the identification, that a network communication from a plurality of network communications transmitted by the client originates from the first application identified by the name of the executable; a means for intercepting, by the agent, responsive to the determination the network communication of the first application; a means for transmitting, by the agent, the network communication of the first application via the virtual private network connection to the second network based on the application routing table; a means for determining, by the agent, that at least one network communication from the plurality of network communications transmitted by the client originates from a second application not identified in the application routing table via a name of an executable of the second application; and a means for allowing, by the agent, the at least one network communication to pass via a network stack of the client instead of the virtual private network connection. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
Specification