Network security device
First Claim
1. A system comprising:
- a network device to;
determine whether a data packet is a first data packet in a session associated with the data packet;
determine whether information regarding the session, associated with the data packet, is stored in a data structure after determining whether the data packet is the first data packet in the session,the data structure storing information regarding sessions;
selectively transmit the data packet to one or more first components, of the network device, or to one or more second components of the network device,the one or more second components being different than the one or more first components,the data packet being transmitted to the one or more first components when the information regarding the session, associated with the data packet, is not stored in the data structure, orthe data packet being transmitted to the one or more second components, without being transmitted to the one or more first components, when the information regarding the session,associated with the data packet, is stored in the data structure; and
selectively process the data packet by one of;
the one or more first components, orthe one or more second components.
2 Assignments
0 Petitions
Accused Products
Abstract
Methods and apparatus, including computer program products, implementing and using techniques for processing a data packet. An input port receives a data packet, a switching board classifies the data packet, determines whether the data packet should be accepted, and switches the data packet to a management board if the data packet is a first data packet in a session, and to a processing board if the data packet is not a first data packet in a session. A management board receives a data packet from the switching board, examines the data packet and forwards the data packet to one of the processing boards. One or more processing boards receives non-first data packets from the switching board and data packets from the management board and processes the data packets. A firewall and a secure gateway with firewall and virtual private network functionality for processing a data packet are also described.
40 Citations
20 Claims
-
1. A system comprising:
a network device to; determine whether a data packet is a first data packet in a session associated with the data packet; determine whether information regarding the session, associated with the data packet, is stored in a data structure after determining whether the data packet is the first data packet in the session, the data structure storing information regarding sessions; selectively transmit the data packet to one or more first components, of the network device, or to one or more second components of the network device, the one or more second components being different than the one or more first components, the data packet being transmitted to the one or more first components when the information regarding the session, associated with the data packet, is not stored in the data structure, or the data packet being transmitted to the one or more second components, without being transmitted to the one or more first components, when the information regarding the session, associated with the data packet, is stored in the data structure; and selectively process the data packet by one of; the one or more first components, or the one or more second components. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
9. A method comprising:
-
determining, by a network device, whether a data packet is a first data packet in a session associated with the data packet; determining, by the network device, whether information regarding the session, associated with the data packet, is stored in a data structure based on determining whether the data packet is the first data packet in the session, the data structure storing information regarding sessions; selectively transmitting, by the network device, the data packet to one or more first components of the network device, or to one or more second components of the network device, the one or more second components being different than the one or more first components, the data packet being transmitted to the one or more first components when the information regarding the session, associated with the data packet, is not stored in the data structure, or the data packet being transmitted to the one or more second components, without being transmitted to the one or more first components, when the information regarding the session, associated with the data packet, is stored in the data structure; and selectively processing, by the network device, the data packet by one of; the one or more first components, or the one or more second components. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A non-transitory computer-readable medium storing instructions, the instructions comprising:
-
one or more instructions which, when executed by a device, cause the device to determine whether a data packet is a first data packet in a session associated with the data packet; one or more instructions which, when executed by the device, cause the device to determine whether information regarding the session, associated with the data packet, is stored in a data structure after determining whether the data packet is the first data packet in the session, the data structure storing information regarding sessions; one or more instructions which, when executed by the device, cause the device to selectively transmit the data packet to one or more first components, of the device, or to one or more second components of the device, the one or more second components being different than the one or more first components, the data packet being transmitted to the one or more first components when the information regarding the session, associated with the data packet, is not stored in the data structure, or the data packet being transmitted to the one or more second components, without being transmitted to the one or more first components, when the information regarding the session, associated with the data packet, is stored in the data structure; and one or more instructions which, when executed by the device, cause the device to selectively process the data packet by one of; the one or more first components, or the one or more second components. - View Dependent Claims (17, 18, 19, 20)
-
Specification