System and method for redirected firewall discovery in a network environment
First Claim
1. A computer-readable non-transitory medium comprising one or more instructions that when executed on a processor configure the processor to perform one or more operations for redirected firewall discovery, the one or more operations comprising:
- intercepting, at a first firewall in a network environment, a network flow from a source node;
when the first firewall does not have metadata associated with the network flow in a metadata cache of the first firewall or the first firewall is unable to retrieve the metadata associated with the network flow, sending a discovery redirect from a host manager to cause a firewall cache at the source node to include a second firewall;
receiving the metadata associated with the network flow at the second firewall; and
correlating, at the second firewall, the metadata with the network flow to apply a network policy at the second firewall to the network flow.
10 Assignments
0 Petitions
Accused Products
Abstract
A method is provided in one example embodiment that includes receiving metadata from a host over a metadata channel. The metadata may be correlated with a network flow and a network policy may be applied to the connection. In other embodiments, a network flow may be received from a host without metadata associated with the flow, and a discovery redirect may be sent to the host. Metadata may then be received and correlated with the flow to identify a network policy action to apply to the flow.
346 Citations
21 Claims
-
1. A computer-readable non-transitory medium comprising one or more instructions that when executed on a processor configure the processor to perform one or more operations for redirected firewall discovery, the one or more operations comprising:
-
intercepting, at a first firewall in a network environment, a network flow from a source node; when the first firewall does not have metadata associated with the network flow in a metadata cache of the first firewall or the first firewall is unable to retrieve the metadata associated with the network flow, sending a discovery redirect from a host manager to cause a firewall cache at the source node to include a second firewall; receiving the metadata associated with the network flow at the second firewall; and correlating, at the second firewall, the metadata with the network flow to apply a network policy at the second firewall to the network flow. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer-readable non-transitory medium comprising one or more instructions that when executed on a processor configure the processor to perform one or more operations, the one or more operations, comprising:
-
intercepting a network flow from a source node to a destination node at a firewall agent of the source node; holding a first packet of the network flow at the firewall agent of the source node; identifying, in a firewall cache by the firewall agent, a firewall for managing a route to the destination node; opening a metadata connection with the firewall; sending metadata associated with the network flow from the firewall agent to the firewall over the metadata connection while holding the first packet of the network flow; and releasing the network flow by sending the first packet of the network flow from the firewall agent to the firewall. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
Specification