System and method to apply forwarding policy to an application session
First Claim
1. A method for applying a forwarding policy by a network gateway comprising:
- recognizing an application session between a first host having a first host identity and an application server;
determining an application identifier, application session time, and first user identity associated with the application session;
providing the first host identity and the application session time;
receiving a second user identity in response to the first host identity corresponding to a second host identity and the application session time corresponding to an access session time, the second host identity and the access session time being in an access session record, the second host identity associated with a second host, the access session record further including a second user identity;
associating the second user identity with the first user identity;
sending the application identifier and the first user identity;
receiving a forwarding policy; and
applying the forwarding policy to the application session.
2 Assignments
0 Petitions
Accused Products
Abstract
Method for applying a security policy to an application session, includes: recognizing the application session between a network and an application via a security gateway; determining by the security gateway a user identity of the application session using information about the application session; obtaining by the security gateway the security policy comprising network parameters mapped to the user identity; and applying the security policy to the application session by the security gateway. The user identity may be a network user identity or an application user identity recognized from packets of the application session. The security policy may comprise a network traffic policy mapped and/or a document access policy mapped to the user identity, where the network traffic policy is applied to the application session. The security gateway may further generate a security report concerning the application of the security policy to the application session.
259 Citations
30 Claims
-
1. A method for applying a forwarding policy by a network gateway comprising:
-
recognizing an application session between a first host having a first host identity and an application server; determining an application identifier, application session time, and first user identity associated with the application session; providing the first host identity and the application session time; receiving a second user identity in response to the first host identity corresponding to a second host identity and the application session time corresponding to an access session time, the second host identity and the access session time being in an access session record, the second host identity associated with a second host, the access session record further including a second user identity; associating the second user identity with the first user identity; sending the application identifier and the first user identity; receiving a forwarding policy; and applying the forwarding policy to the application session. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system for applying a forwarding policy by a network gateway comprising:
-
a network gateway that; recognizes an application session between a first host having a first host identity and an application server; determines an application identifier, application session time, and first user identity associated with the application session; provides the first host identity and the application session time; receives a second user identity in response to the first host identity corresponding to a second host identity and the application session time corresponding to an access session time, the second host identity and the access session time being in an access session record, the second host identity associated with a second host, the access session record further including a second user identity; associates the second user identity with the first user identity; sends the application identifier and the first user identity; receives a forwarding policy; and applies the forwarding policy to the application session. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A non-transitory computer-readable medium having instructions stored thereon, the instructions being executable by at least one processor to perform a method, the method comprising:
-
recognizing an application session between a first host having a first host identity and an application server; determining an application identifier, application session time, and first user identity associated with the application session; providing the first host identity and the application session time; receiving a second user identity in response to the first host identity corresponding to a second host identity and the application session time corresponding to an access session time, the second host identity and the access session time being in an access session record, the second host identity associated with a second host, the access session record further including a second user identity; associating the second user identity with the first user identity; sending the application identifier and the first user identity; receiving a forwarding policy; and applying the forwarding policy to the application session. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
-
Specification