Computerized system and method for advanced network content processing
First Claim
1. A computer-implemented method comprising:
- receiving a plurality of packets at a first interface of a multi-purpose network protection firewall device including one or more processors and a memory;
identifying a first transmission protocol according to which network content distributed among a first subset of packets of the plurality of packets is formatted;
using information regarding the identified first transmission protocol to redirect the first subset of packets to a first proxy module integrated within the multi-purpose protection firewall device;
extracting the network content from the first subset of packets and buffering at least a portion of the network content by the first proxy module;
processing, by the first proxy module, the buffered portion of the network content in accordance with at least one content processing rule selected from a plurality of content processing rules based on the identified first transmission protocol, wherein the plurality of content processing rules includes one or more content filtering rules;
identifying a second transmission protocol distinct from the first transmission protocol according to which network content distributed among a second subset of packets of the plurality of packets is formatted; and
using information regarding the identified second transmission protocol to redirect the second subset of packets to a second proxy module integrated within the multi-purpose protection firewall device,wherein the first and second proxy modules are implemented at least in part by the one or more processors and the memory, the memory having instructions tangibly embodied therein representing at least a portion of the first and second proxy modules that are executable by the one or more processors.
0 Assignments
0 Petitions
Accused Products
Abstract
A computerized system and method for processing network content in accordance with at least one content processing rule. In accordance with the inventive method, the network content is received at a first interface. The inventive system identifies a transmission protocol information of the received network content and uses the identified transmission protocol information to intercept at least a portion of the received network content formatted in accordance with a transmission protocol. The intercepted portion of the network content is redirected to a proxy, which buffers the redirected portion of network content. The buffered network content is scanned in accordance with a scanning criterion and processed in accordance with the at least one content processing rule based on the result of the scanning. The processed portion of network content may be forwarded using the second interface.
-
Citations
20 Claims
-
1. A computer-implemented method comprising:
-
receiving a plurality of packets at a first interface of a multi-purpose network protection firewall device including one or more processors and a memory; identifying a first transmission protocol according to which network content distributed among a first subset of packets of the plurality of packets is formatted; using information regarding the identified first transmission protocol to redirect the first subset of packets to a first proxy module integrated within the multi-purpose protection firewall device; extracting the network content from the first subset of packets and buffering at least a portion of the network content by the first proxy module; processing, by the first proxy module, the buffered portion of the network content in accordance with at least one content processing rule selected from a plurality of content processing rules based on the identified first transmission protocol, wherein the plurality of content processing rules includes one or more content filtering rules; identifying a second transmission protocol distinct from the first transmission protocol according to which network content distributed among a second subset of packets of the plurality of packets is formatted; and using information regarding the identified second transmission protocol to redirect the second subset of packets to a second proxy module integrated within the multi-purpose protection firewall device, wherein the first and second proxy modules are implemented at least in part by the one or more processors and the memory, the memory having instructions tangibly embodied therein representing at least a portion of the first and second proxy modules that are executable by the one or more processors. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A multi-purpose network protection firewall device comprising:
-
a first interface operable to receive a plurality of packets formatted in accordance with a plurality of transmission protocols; a first proxy module and a second proxy module, each integrated within the multi-purpose network protection firewall device and coupled in communication with the first interface; and a networking subsystem, coupled in communication with the first proxy module and the second proxy module, operable to; identify a first transmission protocol of the plurality of transmission protocols according to which network content distributed among a first subset of packets of the plurality of packets is formatted, use information regarding the identified first transmission protocol to redirect the first subset of packets to the first proxy module; identify a second transmission protocol distinct from the first transmission protocol according to which network content distributed among a second subset of packets of the plurality of packets is formatted; use information regarding the identified second transmission protocol to redirect the second subset of packets to a second proxy module, wherein the first proxy module is configured to extract the network content from the first subset of packets, buffer at least a portion of the network content, and process the buffered portion of the network content in accordance with the at least one content processing rule selected from a plurality of content processing rules including one or more content filtering rules based on the identified transmission protocol. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A non-transitory computer-readable storage medium tangibly embodying one or more sequences of instructions, which when executed by one or more processors of a multi-purpose network protection firewall device, causes the one or more processors to perform a method comprising:
-
receiving a plurality of packets formatted in accordance with a plurality of transmission protocols at a first interface of the multi-purpose network protection firewall device; identifying a first transmission protocol according to which network content distributed among a first subset of packets of the plurality of packets is formatted; using information regarding the identified first transmission protocol to redirect the first subset of packets to a first proxy module integrated within the multi-purpose protection firewall device; extracting the network content from the first subset of packets and buffering at least a portion of the network content by the first proxy module; processing, by the first proxy module, the buffered portion of the network content in accordance with the at least one content processing rule selected from a plurality of content processing rules based on the identified transmission protocol, wherein the plurality of content processing rules includes one or more content filtering rules; identifying a second transmission protocol distinct from the first transmission protocol according to which network content distributed among a second subset of packets of the plurality of packets is formatted; and using information regarding the identified second transmission protocol to redirect the second subset of packets to a second proxy module integrated within the multi-purpose protection firewall device.
-
Specification