Computerized system and method for advanced network content processing
First Claim
1. A computer-implemented method comprising:
- receiving a plurality of packets at a first interface of a firewall device;
identifying, by the firewall device, a first transmission protocol according to which network content distributed among a first subset of packets of the plurality of packets is formatted;
redirecting, by the firewall device, the first subset of packets to a first proxy module executing on the firewall device based on the identified first transmission protocol;
extracting the network content from the first subset of packets and buffering at least a portion of the network content by the first proxy module;
processing, by the first proxy module, the buffered portion of the network content in accordance with at least one content processing rule selected from a plurality of content processing rules based on the identified first transmission protocol, wherein the plurality of content processing rules includes one or more content filtering rules;
identifying, by the firewall device, a second transmission protocol, distinct from the first transmission protocol, according to which network content distributed among a second subset of packets of the plurality of packets is formatted; and
redirecting, by the firewall device, the second subset of packets to a second proxy module executing on the firewall device based on the identified second transmission protocol.
0 Assignments
0 Petitions
Accused Products
Abstract
A computerized system and method for processing network content in accordance with at least one content processing rule is provided. According to one embodiment, the network content is received at a first interface. A transmission protocol according to which the received network content is formatted is identified and used to intercept at least a portion of the received network content. The intercepted portion of the network content is redirected to a proxy, which buffers the redirected portion of network content. The buffered network content is scanned in accordance with a scanning criterion and processed in accordance with the at least one content processing rule based on the result of the scanning. The processed portion of network content may be forwarded using a second interface.
53 Citations
19 Claims
-
1. A computer-implemented method comprising:
-
receiving a plurality of packets at a first interface of a firewall device; identifying, by the firewall device, a first transmission protocol according to which network content distributed among a first subset of packets of the plurality of packets is formatted; redirecting, by the firewall device, the first subset of packets to a first proxy module executing on the firewall device based on the identified first transmission protocol; extracting the network content from the first subset of packets and buffering at least a portion of the network content by the first proxy module; processing, by the first proxy module, the buffered portion of the network content in accordance with at least one content processing rule selected from a plurality of content processing rules based on the identified first transmission protocol, wherein the plurality of content processing rules includes one or more content filtering rules; identifying, by the firewall device, a second transmission protocol, distinct from the first transmission protocol, according to which network content distributed among a second subset of packets of the plurality of packets is formatted; and redirecting, by the firewall device, the second subset of packets to a second proxy module executing on the firewall device based on the identified second transmission protocol. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A firewall device comprising:
-
a first physical interface operable to receive a plurality of packets formatted in accordance with a plurality of transmission protocols; a first proxy module and a second proxy module, each executing on the firewall device and coupled in communication with the first physical interface; and a networking subsystem, coupled in communication with the first proxy module and the second proxy module, operable to; identify a first transmission protocol of the plurality of transmission protocols according to which network content distributed among a first subset of packets of the plurality of packets is formatted, redirect the first subset of packets to the first proxy module based on the identified first transmission protocol; identify a second transmission protocol, distinct from the first transmission protocol, according to which network content distributed among a second subset of packets of the plurality of packets is formatted; redirect the second subset of packets to the second proxy module based on the identified second transmission protocol; wherein the first proxy module is configured to extract the network content from the first subset of packets, buffer at least a portion of the network content, and process the buffered portion of the network content in accordance with the at least one content processing rule selected from a plurality of content processing rules including one or more content filtering rules based on the identified transmission protocol. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. A non-transitory computer-readable storage medium embodying one or more sequences of instructions, which when executed by one or more processors of a firewall device, causes the one or more processors to perform a method comprising:
-
receiving a plurality of packets at a first interface of a firewall device; identifying a first transmission protocol according to which network content distributed among a first subset of packets of the plurality of packets is formatted; redirecting the first subset of packets to a first proxy module executing on the firewall device based on the identified first transmission protocol; extracting the network content from the first subset of packets and buffering at least a portion of the network content by the first proxy module; processing, by the first proxy module, the buffered portion of the network content in accordance with at least one content processing rule selected from a plurality of content processing rules based on the identified first transmission protocol, wherein the plurality of content processing rules includes one or more content filtering rules; identifying a second transmission protocol, distinct from the first transmission protocol, according to which network content distributed among a second subset of packets of the plurality of packets is formatted; and redirecting the second subset of packets to a second proxy module executing on the firewall device based on the identified second transmission protocol. - View Dependent Claims (19)
-
Specification