System and method for host-initiated firewall discovery in a network environment
First Claim
1. A method, comprising:
- intercepting, on a source node, a network flow to a destination node having a network address;
determining a discovery action associated with the network address in a firewall cache;
sending, from the source node, a discovery query to identify a firewall to be used in a route for sending the network flow to the destination node, wherein the discovery query is based on the discovery action associated with the network address in the firewall cache;
receiving, at the source node, a discovery result from the firewall, the discovery result including a firewall address and a firewall port of the firewall;
authenticating the discovery result;
updating the discovery action in the firewall cache with the firewall address and the firewall port when the discovery result is authenticated;
sending metadata associated with the network flow to the firewall; and
releasing the network flow from the source node.
10 Assignments
0 Petitions
Accused Products
Abstract
A method is provided in one example embodiment that includes intercepting a network flow to a destination node having a network address and sending a discovery query based on a discovery action associated with the network address in a firewall cache. A discovery result may be received and metadata associated with the flow may be sent to a firewall before releasing the network flow. In other embodiments, a discovery query may be received from a source node and a discovery result sent to the source node, wherein the discovery result identifies a firewall for managing a route to a destination node. Metadata may be received from the source node over a metadata channel. A network flow from the source node to the destination node may be intercepted, and the metadata may be correlated with the network flow to apply a network policy to the network flow.
-
Citations
24 Claims
-
1. A method, comprising:
-
intercepting, on a source node, a network flow to a destination node having a network address; determining a discovery action associated with the network address in a firewall cache; sending, from the source node, a discovery query to identify a firewall to be used in a route for sending the network flow to the destination node, wherein the discovery query is based on the discovery action associated with the network address in the firewall cache; receiving, at the source node, a discovery result from the firewall, the discovery result including a firewall address and a firewall port of the firewall; authenticating the discovery result; updating the discovery action in the firewall cache with the firewall address and the firewall port when the discovery result is authenticated; sending metadata associated with the network flow to the firewall; and releasing the network flow from the source node. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. At least one non-transitory computer readable medium having instructions stored thereon for discovering a firewall, the instructions when executed by at least one processor cause the processor to:
-
intercept, on a source node, a network flow to a destination node having a network address; determine a discovery action associated with the network address in a firewall cache; send, from the source node, a discovery query to identify a firewall to be used in a route to send the network flow to the destination node, wherein the discovery query is based on the discovery action associated with the network address in the firewall cache; receive, at the source node, a discovery result from the firewall, the discovery result including a firewall address and a firewall port of the firewall; authenticate the discovery result; update the discovery action in the firewall cache with the firewall address and the firewall port when the discovery result is authenticated; send metadata associated with the network flow to the firewall; and release the network flow from the source node. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
Specification