System and method for redirected firewall discovery in a network environment
First Claim
1. One or more computer-readable non-transitory media comprising one or more instructions that, when executed on at least one processors, configure the processor to perform one or more operations for redirected firewall discovery, the one or more operations comprising:
- transmitting a network flow from a source node to a first firewall;
transmitting, from the source node to a second firewall, metadata associated with the network flow;
receiving, from the first firewall at the source node, a discovery redirect comprising information identifying the first firewall; and
in response to receiving the discovery redirect, transmitting, from the source node to the first firewall, the metadata associated with the network flow, wherein the metadata is associated with a network policy applicable to the network flow at the first firewall.
9 Assignments
0 Petitions
Accused Products
Abstract
A method is provided in one example embodiment that includes receiving metadata from a host over a metadata channel. The metadata may be correlated with a network flow and a network policy may be applied to the connection. In other embodiments, a network flow may be received from a host without metadata associated with the flow, and a discovery redirect may be sent to the host. Metadata may then be received and correlated with the flow to identify a network policy action to apply to the flow.
-
Citations
20 Claims
-
1. One or more computer-readable non-transitory media comprising one or more instructions that, when executed on at least one processors, configure the processor to perform one or more operations for redirected firewall discovery, the one or more operations comprising:
-
transmitting a network flow from a source node to a first firewall; transmitting, from the source node to a second firewall, metadata associated with the network flow; receiving, from the first firewall at the source node, a discovery redirect comprising information identifying the first firewall; and in response to receiving the discovery redirect, transmitting, from the source node to the first firewall, the metadata associated with the network flow, wherein the metadata is associated with a network policy applicable to the network flow at the first firewall. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. One or more computer-readable non-transitory media comprising one or more instructions that, when executed on at least one processors, configure the processor to perform one or more operations for redirected firewall discovery, the one or more operations comprising:
-
intercepting, at a firewall, a connection establishing packet of a network flow being transmitted over a network environment from a source node; determining whether the firewall has metadata associated with the network flow in a metadata cache of the firewall; in response to determining that the firewall does not have metadata associated with the network flow, transmitting, from the firewall to the source node, a discovery redirect comprising information allowing the source node to identify the firewall; and receiving, at the firewall from the source node, the metadata associated with the network flow after transmitting the discovery redirect to the source node. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification