Intelligent integrated network security device for high-availability applications
First Claim
Patent Images
1. A method comprising:
- storing, by a first device and in a memory of the first device, first information for processing one or more first flows of packets to detect a network security intrusion;
storing, by the first device and in the memory of the first device, second information for processing one or more second flows of packets to detect a network security intrusion,the one or more second flows of packets being processed by a second device,the second device being different than the first device,the first device including one of a firewall or an intrusion prevention system,the second device including another one of the firewall or the intrusion prevention system;
determining, by the first device, that a failure associated with the second device is detected;
processing, by the first device and using the first information, one or more packets of the one or more first flows of packets; and
processing, by the first device and using the second information, one or more packets, of the one or more second flows of packets, when the failure associated with the second device is detected,the one or more packets, of the one or more second flows of packets, being associated with a session,the second information including information regarding a security policy for packets associated with the session.
0 Assignments
0 Petitions
Accused Products
Abstract
Methods and apparatuses for inspecting packets are provided. A primary security system may be configured for processing packets. The primary security system may be operable to maintain flow information for a group of devices to facilitate processing of the packets. A secondary security system may be designated for processing packets upon a failover event. Flow records may be shared from the primary security system with the secondary security system.
79 Citations
20 Claims
-
1. A method comprising:
-
storing, by a first device and in a memory of the first device, first information for processing one or more first flows of packets to detect a network security intrusion; storing, by the first device and in the memory of the first device, second information for processing one or more second flows of packets to detect a network security intrusion, the one or more second flows of packets being processed by a second device, the second device being different than the first device, the first device including one of a firewall or an intrusion prevention system, the second device including another one of the firewall or the intrusion prevention system; determining, by the first device, that a failure associated with the second device is detected; processing, by the first device and using the first information, one or more packets of the one or more first flows of packets; and processing, by the first device and using the second information, one or more packets, of the one or more second flows of packets, when the failure associated with the second device is detected, the one or more packets, of the one or more second flows of packets, being associated with a session, the second information including information regarding a security policy for packets associated with the session. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system comprising:
one or more processors to; store, in a memory associated with the one or more processors, first information for processing one or more first flows of packets to detect a network security intrusion; store, in the memory, second information for processing one or more second flows of packets to detect a network security intrusion, the one or more second flows of packets being processed by one or more other processors, the one or more other processors being different than the one or more processors, the one or more processors being included in one of a firewall or an intrusion prevention system, the one or more other processors being included in another one of the firewall or the intrusion prevention system, the one or more second flows of packets being associated with a session, the second information including information regarding a security policy for packets associated with the session; determine that a failure, relating to the one or more other processors, is detected; process, using the first information, one or more packets of the one or more first flows of packets; and process, using the second information, one or more packets, of the one or more second flows of packets, when the failure is detected. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
14. A non-transitory computer-readable medium storing instructions, the instructions comprising:
a plurality of instructions which, when executed by one or more processors, cause the one or more processors to; store, in a memory associated with the one or more processors, first information for processing one or more first flows of packets to detect a network security intrusion; store, in the memory, second information for processing one or more second flows of packets to detect a network security intrusion, the one or more second flows of packets being processed by one or more other processors, the one or more other processors being different than the one or more processors, the one or more processors being included in one of a firewall or an intrusion prevention system, the one or more other processors being included in another one of the firewall or the intrusion prevention system; determine that a failure, relating to the one or more other processors, is detected; process, using the first information, one or more packets of the one or more first flows of packets; and process, using the second information, one or more packets, of the one or more second flows of packets, when the failure is detected, the one or more packets, of the one or more second flows of packets, being associated with a session, the second information including information regarding a security policy for packets associated with the session. - View Dependent Claims (15, 16, 17, 18, 19, 20)
Specification