System and method for distributed multi-processing security gateway
First Claim
Patent Images
1. A method for providing a network gateway, comprising:
- receiving by the network gateway a session request for a session between a host and a server, the session request comprising a host network address and a server network address;
establishing by the network gateway a host side session between the network gateway and the host, the network gateway comprising a plurality of processors;
selecting by the network gateway a proxy network address for the host based on network information, the network information comprising the host network address and a network gateway network address,wherein the proxy network address is selected such that a calculated first processor identity by the network gateway is the same as a calculated second processor identity by the network gateway;
establishing by the network gateway a server side session between the network gateway and the server using the selected proxy network address;
in response to receiving a first data packet from the host side session, calculating by the network gateway the first processor identity, comprising;
assigning a first processor with the first processor identity to process the first data packet,modifying the first data packet by substituting the host network address in the first data packet with the selected proxy network address, andsending the modified first data packet to the server side session; and
in response to receiving a second data packet from the server side session, calculating by the network gateway the second processor identity, comprising;
assigning a second processor with the second processor identity to process the second data packet.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method for a distributed multi-processing security gateway establishes a host side session, selects a proxy network address for a server based on network information, and using the proxy network address to establish a server side session. The proxy network address is selected such that a same processing element is assigned to process data packets from the server side session and the host side session. The network information includes a security gateway network address and a host network address. By assigning processing elements in this manner, higher capable security gateways are provided.
102 Citations
22 Claims
-
1. A method for providing a network gateway, comprising:
-
receiving by the network gateway a session request for a session between a host and a server, the session request comprising a host network address and a server network address; establishing by the network gateway a host side session between the network gateway and the host, the network gateway comprising a plurality of processors; selecting by the network gateway a proxy network address for the host based on network information, the network information comprising the host network address and a network gateway network address, wherein the proxy network address is selected such that a calculated first processor identity by the network gateway is the same as a calculated second processor identity by the network gateway; establishing by the network gateway a server side session between the network gateway and the server using the selected proxy network address; in response to receiving a first data packet from the host side session, calculating by the network gateway the first processor identity, comprising; assigning a first processor with the first processor identity to process the first data packet, modifying the first data packet by substituting the host network address in the first data packet with the selected proxy network address, and sending the modified first data packet to the server side session; and in response to receiving a second data packet from the server side session, calculating by the network gateway the second processor identity, comprising; assigning a second processor with the second processor identity to process the second data packet. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A computer program product comprising a non-transitory computer readable medium having a computer readable program, wherein the computer readable program when executed on a computer causes the computer to:
-
receive a session request for a session between a host and a server, the session request comprising a host network address and a server network address; establish a host side session between a network gateway and the host, the network gateway comprising a plurality of processors; select a proxy network address for the host based on network information, the network information comprising the host network address and a network gateway network address, wherein the proxy network address is selected such that a calculated first processor identity by the network gateway is the same as a calculated second processor identity by the network gateway; establish a server side session between the network gateway and the server using the selected proxy network address; in response to receiving a first data packet from the host side session, calculate the first processor identity, comprising; assign a first processor with the first processor identity to process the first data packet, modify the first data packet by substituting the host network address in the first data packet with the selected network address, and send the modified first data packet to the server side session; and in response to receiving a second data packet from the server side session, calculate the second processor identity, comprising; assign a second processor with the second processor identity to process the second data packet. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
Specification