Integrated firewall, IPS, and virus scanner system and method
First Claim
Patent Images
1. A security system, comprising:
- a pair of parallel security systems that each include a router, wherein each router includes a security sub-system, wherein the security sub-system includes one or more of a virtual firewall, a virtual intrusion prevention system (IPS), an anti-spam module, and a virtual virus scanner; and
a set of redundant switches coupled to the pair of parallel security systems, wherein the set of redundant switches can exchange state information including an active status or a standby status per port, and wherein a respective status of each security sub-system for a port is renegotiated if the exchange state information indicates that both the security sub-systems are active for the port.
9 Assignments
0 Petitions
Accused Products
Abstract
A system, method and computer program product are provided including a router and a security sub-system coupled to the router. Such security sub-system includes a plurality of virtual firewalls, a plurality of virtual intrusion prevention systems (IPSs), and a plurality of virtual virus scanners. Further, each of the virtual firewalls, IPSs, and virus scanners is assigned to at least one of a plurality of user and is configured in a user-specific.
168 Citations
20 Claims
-
1. A security system, comprising:
-
a pair of parallel security systems that each include a router, wherein each router includes a security sub-system, wherein the security sub-system includes one or more of a virtual firewall, a virtual intrusion prevention system (IPS), an anti-spam module, and a virtual virus scanner; and a set of redundant switches coupled to the pair of parallel security systems, wherein the set of redundant switches can exchange state information including an active status or a standby status per port, and wherein a respective status of each security sub-system for a port is renegotiated if the exchange state information indicates that both the security sub-systems are active for the port. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method, comprising:
-
assigning one or more of a virtual firewall, a virtual intrusion prevention system (IPS), an anti-spam module, and a virtual virus scanner in a security sub-system to at least one of a plurality of users, wherein a pair of parallel security systems includes routers, and each router includes the security sub-system; and coupling a set of redundant switches to the pair of parallel security systems, wherein the set of redundant switches can exchange state information including an active status or a standby status per port, and wherein a respective status of each security sub-system for a port is renegotiated if the exchange state information indicates that both the security sub-systems are active for the port. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. Logic encoded in non-transitory media that includes code for execution and when executed by a processor operable to perform operations comprising:
-
assigning one or more of a virtual firewall, a virtual intrusion prevention system (IPS), an anti-spam module, and a virtual virus scanner in a security sub-system to at least one of a plurality of users, wherein a pair of parallel security systems includes virtual redundancy router protocol (VRRP) routers, and each VRRP router includes the security sub-system; and coupling a set of redundant switches to the pair of parallel security systems, wherein the set of redundant switches can exchange state information including an active status or a standby status per port, and wherein a respective status of each security sub-system for a port is renegotiated if the exchange state information indicates that both the security sub-systems are active for the port. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification