Wireless network having multiple security interfaces
First Claim
Patent Images
1. A method comprising:
- identifying, by a network device and upon receipt of network traffic at the network device, a source zone and a destination zone,the network device being associated with the source zone, the destination zone, and another source zone,the network traffic being received from the source zone and being intended for a network resource associated with the destination zone,the network resource being identified using a destination address included in the network traffic,the source zone being associated with a first wireless network and the destination zone being associated with a second wireless network, andthe first wireless network and the second wireless network being established between the network device and a plurality of devices prior to the network traffic being received;
identifying, by the network device, a first security policy and a second security policy to be applied to the network traffic,the first security policy being associated with the identified source zone,the second security policy being associated with the identified destination zone,the first security policy being different than the second security policy,a third security policy being associated with the other source zone;
applying, by the network device, the identified first security policy and the identified second security policy to the network traffic to determine whether to permit access to the network resource,the third security policy being applied to additional network traffic, associated with the other source zone and the destination zone, to determine whether the additional network traffic is to be forwarded to the network resource when the additional network traffic is received; and
selectively forwarding the network traffic to the network resource based on applying the identified first security policy and the identified second security policy to the network traffic.
0 Assignments
0 Petitions
Accused Products
Abstract
A number of wireless networks are established by a network device, each wireless network having an identifier. Requests are received from client devices to establish wireless network sessions via the wireless networks using the identifiers. Network privileges of the client devices are segmented into discrete security interfaces based on the identifier used to establish each wireless network session.
-
Citations
20 Claims
-
1. A method comprising:
-
identifying, by a network device and upon receipt of network traffic at the network device, a source zone and a destination zone, the network device being associated with the source zone, the destination zone, and another source zone, the network traffic being received from the source zone and being intended for a network resource associated with the destination zone, the network resource being identified using a destination address included in the network traffic, the source zone being associated with a first wireless network and the destination zone being associated with a second wireless network, and the first wireless network and the second wireless network being established between the network device and a plurality of devices prior to the network traffic being received; identifying, by the network device, a first security policy and a second security policy to be applied to the network traffic, the first security policy being associated with the identified source zone, the second security policy being associated with the identified destination zone, the first security policy being different than the second security policy, a third security policy being associated with the other source zone; applying, by the network device, the identified first security policy and the identified second security policy to the network traffic to determine whether to permit access to the network resource, the third security policy being applied to additional network traffic, associated with the other source zone and the destination zone, to determine whether the additional network traffic is to be forwarded to the network resource when the additional network traffic is received; and selectively forwarding the network traffic to the network resource based on applying the identified first security policy and the identified second security policy to the network traffic. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A non-transitory computer-readable medium storing instructions, the instructions comprising:
-
one or more instructions which, when executed by a device, cause the device to receive data; one or more instructions which, when executed by the device, cause the device to identify, after receiving the data, a source zone and a destination zone, the data being received from the source zone and being intended for a network resource associated with the destination zone, the device being associated with the source zone, the destination zone, and another source zone, and the network resource being identified using a destination address included in the data; one or more instructions which, when executed by the device, cause the device to identify a first security policy and a second security policy to be applied to the data, the first security policy being associated with the identified source zone, the second security policy being associated with the identified destination zone, the first security policy being different than the second security policy, and a third security policy being associated with the other source zone; one or more instructions which, when executed by the device, cause the device to apply the identified first security policy and the identified second security policy to the data to determine whether to permit access to the network resource, the third security policy being applied to additional data, associated with the other source zone and the destination zone, to determine whether the additional data is to be forwarded to the network resource when the additional data is received; and one or more instructions which, when executed by the device, cause the device to selectively forward the data to the network resource based on applying the identified first security policy and the identified second security policy to the data. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A device comprising:
-
a memory to store instructions; and a processor to execute the instructions to; receive data; identify, after receiving the data, a source zone and a destination zone, the data being received from the source zone and being intended for a network resource associated with the destination zone, the source zone being associated with a first security policy, the destination zone being associated with a second security policy that is different than the first security policy, a third security policy being associated with another source zone, and the network resource being identified using a destination address included in the data; identify the first security policy and the second security policy, the first security policy being identified based on the identified source zone, the second security policy being identified based on the identified destination zone; apply at least one of the identified first security policy or the identified second security policy to the data to determine whether to permit access to the network resource, the third security policy being applied to additional data, associated with the other source zone and the destination zone, to determine whether the additional data is to be forwarded to the network resource when the additional data is received; and selectively forward the data to the network resource based on applying the at least one of the identified first security policy or the identified second security policy to the data. - View Dependent Claims (18, 19, 20)
-
Specification