Distributed application awareness
First Claim
1. A system, comprising:
- an edge device, of a plurality of edge devices in communication with a security device, the security device being included in a network,the edge device being positioned at an edge of the network between the security device and a user device attempting to access the network via the edge device, andthe edge device being to;
receive network traffic, generated by an application executing on the user device;
determine, based on information included in the network traffic, a flow associated with the network traffic;
determine an application identifier associated with the flow,the application identifier identifying the application;
determine whether the application identifier matches one of a first plurality of application identifiers stored by the edge device,the first plurality of application identifiers including one or more application identifiers that are not included in a second plurality of application identifiers stored by the security device and are not included in a third plurality of application identifiers stored by another edge device of the plurality of edge devices;
when the application identifier matches the one of the first plurality of application identifiers;
identify a policy associated with the one of the first plurality of application identifiers;
when the application identifier does not match the one of the first plurality of application identifiers;
send information associated with the network traffic to the security device, andreceive the policy from the security device; and
apply the policy to the network traffic.
1 Assignment
0 Petitions
Accused Products
Abstract
A network device is configured to receive network traffic associated with an application executing on a user device; identify, based on the network traffic, an application identifier associated with the application; determine whether the application identifier matches one of a set of application identifiers stored by the network device; identify a policy based on the application identifier when the application identifier matches one of the set of application identifiers; and apply the policy to the network traffic associated with the application. The policy may be obtained from another network device, in communication with the network device, when the application identifier does not match one of the set of application identifiers.
-
Citations
20 Claims
-
1. A system, comprising:
an edge device, of a plurality of edge devices in communication with a security device, the security device being included in a network, the edge device being positioned at an edge of the network between the security device and a user device attempting to access the network via the edge device, and the edge device being to; receive network traffic, generated by an application executing on the user device; determine, based on information included in the network traffic, a flow associated with the network traffic; determine an application identifier associated with the flow, the application identifier identifying the application; determine whether the application identifier matches one of a first plurality of application identifiers stored by the edge device, the first plurality of application identifiers including one or more application identifiers that are not included in a second plurality of application identifiers stored by the security device and are not included in a third plurality of application identifiers stored by another edge device of the plurality of edge devices; when the application identifier matches the one of the first plurality of application identifiers; identify a policy associated with the one of the first plurality of application identifiers; when the application identifier does not match the one of the first plurality of application identifiers; send information associated with the network traffic to the security device, and receive the policy from the security device; and apply the policy to the network traffic. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
8. A non-transitory computer-readable medium storing instructions, the instructions comprising:
one or more instructions which, when executed by one or more processors, of an edge device, of a plurality of edge devices in communication with a security device, cause the one or more processors to; receive network traffic generated by an application executing on a user device, the edge device being positioned at an edge of a network between the user device and the security device, the plurality of edge devices and the security device being included in the network, and the user device attempting to access the network via the edge device; determine, based on information included in the network traffic, a flow associated with the network traffic; determine an application identifier associated with the flow, the application identifier identifying the application; determine whether the application identifier matches one of a first plurality of application identifiers stored by the edge device, the first plurality of application identifiers including one or more application identifiers that are not included in a second plurality of application identifiers stored by the security device and are not included in a third plurality of application identifiers stored by another edge device of the plurality of edge devices; when the application identifier matches the one of the first plurality of application identifiers; identify a policy associated with the one of the first plurality of application identifiers; when the application identifier does not match the one of the first plurality of application identifiers; obtain the policy from the security device; and apply the policy. - View Dependent Claims (9, 10, 11, 12, 13)
-
14. A method, comprising:
-
receiving, by an edge device of a plurality of edge devices, network traffic generated by an application executing on a user device, the user device attempting to access a network via the edge device, and the edge device being positioned at an edge of the network between the user device and a security device that is included in the network; determining, by the edge device and based on the network traffic, a flow associated with the network traffic; determining, by the edge device and based on the flow, an application identifier associated with the flow, the application identifier identifying the application; determining, by the edge device, whether the application identifier matches one of a first plurality of application identifiers stored by the edge device, the first plurality of application identifiers including one or more application identifiers that are not included in a second plurality of application identifiers stored by the security device and are not included in a third plurality of application identifiers stored by another edge device of the plurality of edge devices; identifying, by the edge device, a policy associated with the one of the first plurality of application identifiers when the application identifier matches the one of the first plurality of application identifiers; and applying, by the edge device, the policy to the network traffic, the policy being obtained from the security device when the application identifier does not match the one of the first plurality of application identifiers. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification