Systems and methods for managing application security profiles
First Claim
1. A method for executing by an application firewall an application security profile for a type of network traffic, the method comprising:
- (a) identifying, by an application firewall executing on a device intermediary to a plurality of clients and one or more servers, an application security profile specifying a type of network traffic the firewall profile applies to and one or more application firewall security checks selected from a plurality of application firewall security checks to apply to the type of network traffic;
(b) identifying, by the application firewall, a firewall policy that specifies the application security profile from a plurality of application security profiles instead of an action to take as a result of evaluating a rule of the firewall policy;
(c) applying, by the application firewall, the firewall policy to a packet received by the device corresponding to the type of network traffic; and
(d) processing, by the application firewall responsive to evaluation of the rule of the firewall policy, the one or more application firewall security checks of the application security profile to the packet.
7 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for configuring and evaluating policies that direct processing of one or more data streams are described. A configuration interface is described for allowing users to specify object oriented policies. These object oriented policies may allow any data structures to be applied with respect to a payload of a received packet stream, including any portions of HTTP traffic. A configuration interface may also allow the user to control the order in which policies and policy groups are executed, in addition to specifying actions to be taken if one or more policies are undefined. Systems and methods for processing the policies may allow efficient processing of object-oriented policies by applying potentially complex data structures to unstructured data streams. A device may also interpret and process a number of flow control commands and policy group invocation statements to determine an order of execution among a number of policies and policy groups. These policy configurations and processing may allow configuration and processing of complex network behaviors relating to load balancing, VPNs, SSL offloading, content switching, application security, acceleration, and caching.
197 Citations
20 Claims
-
1. A method for executing by an application firewall an application security profile for a type of network traffic, the method comprising:
-
(a) identifying, by an application firewall executing on a device intermediary to a plurality of clients and one or more servers, an application security profile specifying a type of network traffic the firewall profile applies to and one or more application firewall security checks selected from a plurality of application firewall security checks to apply to the type of network traffic; (b) identifying, by the application firewall, a firewall policy that specifies the application security profile from a plurality of application security profiles instead of an action to take as a result of evaluating a rule of the firewall policy; (c) applying, by the application firewall, the firewall policy to a packet received by the device corresponding to the type of network traffic; and (d) processing, by the application firewall responsive to evaluation of the rule of the firewall policy, the one or more application firewall security checks of the application security profile to the packet. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system for executing by an application firewall an application security profile for a type of network traffic, the system comprising:
-
a device intermediary to a plurality of clients and one or more servers; an application firewall executable on the device and configured to identify an application security profile specifying a type of network traffic the firewall profile applies to and one or more application firewall security checks selected from a plurality of application firewall security checks to apply to the type of network traffic, and to identify a firewall policy that specifies the application security profile from a plurality of application security profiles instead of an action to take as a result of evaluating a rule of the firewall policy; wherein the application firewall is configured to apply the firewall policy to a packet received by the device corresponding to the type of network traffic and responsive to evaluation of the rule of the firewall policy process the one or more application firewall security checks of the application security profile to the packet. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification