Systems and methods for network address translation
First Claim
1. A method of processing network packets comprising:
- receiving a network packet at a network management system, said network packet corresponding to a connection between a first computer having a first destination IP address in a first network and a second computer on a second network that is external to the first network;
determining, using the network management system, whether the connection poses a security risk based at least in part on content associated with the network packet; and
translating the network packet to a second destination IP address different than the first destination IP destination address based at least on said determination that the connection poses a security risk, thereby hiding the first IP address from the second computer.
8 Assignments
0 Petitions
Accused Products
Abstract
An intelligent network address translation system and methods for intelligent network address translation. In one embodiment, a network packet is received from a host device, and a stored record associated with the host device is identified. The stored record includes information relating to connection parameters associated with the host device. Using the stored record, a processor determines whether the network packet should be assigned a dedicated address. If so, then the network packet is transmitted using communication parameters including a dedicated IP address. If the packet should not be assigned a dedicated address, then the packet is transmitted using connection parameters including a default public IP address and a port number.
-
Citations
19 Claims
-
1. A method of processing network packets comprising:
-
receiving a network packet at a network management system, said network packet corresponding to a connection between a first computer having a first destination IP address in a first network and a second computer on a second network that is external to the first network; determining, using the network management system, whether the connection poses a security risk based at least in part on content associated with the network packet; and translating the network packet to a second destination IP address different than the first destination IP destination address based at least on said determination that the connection poses a security risk, thereby hiding the first IP address from the second computer. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A network management system comprising:
-
a network port processor configured for receiving a network packet, said network packet corresponding to a connection between a first computer having a first destination IP address in a first network and a second computer on a second network that is external to the first network; a storage device configured to store a plurality of IP addresses including a second destination IP address; and a hardware processor configured for; determining whether the connection poses a security risk based at least in part on content associated with the network packet; and translating the network packet to the second destination IP address different than the first destination IP destination address based at least on said determination that the connection poses a security risk, thereby hiding the first IP address from the second computer. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A network management system comprising:
-
a network port processor configured for receiving a plurality of network packets, said plurality of network packets corresponding to a connection between a first computer having a first destination IP address in a first network and a second computer on a second network that is external to the first network; a storage device configured to store a plurality of IP addresses including a second destination IP address different from the first destination IP address; and a hardware processor configured for; determining based at least on content of one or more of the plurality of network packets whether the connection requires network address translation; transmitting the plurality of network packets to the second computer using the first destination IP address based at least on said determination that the connection does not require network address translation; and transmitting the plurality of network packets to the second computer using the second destination IP address based at least on said determination that the connection requires network address translation.
-
Specification