Policy-based content filtering
First Claim
1. A computer-implemented method comprising:
- maintaining, by a firewall device within a user space of the firewall device, a plurality of configuration schemes, wherein each of the plurality of configuration schemes comprises a listing of a plurality of network service protocols, and wherein each of the plurality of configuration schemes defines, for each particular network service protocol in the plurality of network service protocols, a set of administrator-configurable application-level content filtering process settings that indicates one or more particular application-level content filtering processes to perform;
maintaining, by the firewall device within a kernel of the firewall device, a security policy database including information defining a plurality of firewall security policies, wherein the information defining the plurality of firewall security policies includes, for each one of the plurality of firewall security policies, information identifying an associated one of the plurality of configuration schemes and an action to take with respect to a particular network session based on one or more of a set of one or more source Internet Protocol (IP) addresses, a set of one or more destination IP addresses and a network service protocol; and
performing, by the firewall device, policy-based application-level content filtering of a plurality of network sessions by, for each network session of the plurality of network sessions;
identifying, by the kernel, a firewall security policy from among the plurality of firewall security policies that matches traffic associated with the network session;
when the action to take of the matching firewall security policy indicates the network session is allowable, then;
redirecting, by the kernel, the network session to a proxy of a plurality of proxies running within the firewall device;
identifying, by the proxy, a plurality of application-level content filtering processes to be performed on the traffic as specified by the configuration scheme specified by the matching firewall security policy; and
applying, by the proxy, the identified plurality of application-level content filtering processes to the traffic.
0 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems for processing application-level content of network service protocols are described. According to one embodiment, a firewall maintains multiple configuration schemes, each defining a set of administrator-configurable content filtering process settings. The firewall also maintains a security policy database including multiple firewall security policies. At least one of the firewall security policies includes an associated configuration scheme and an action to take with respect to a particular network session based on a set of source Internet Protocol (IP) addresses, a set of destination IP addresses and/or a network service protocol. Policy-based content filtering of network sessions is performed by: (i) identifying a firewall security policy matching traffic associated with the network session; (ii) identifying content filtering processes to be performed on the traffic based on the configuration scheme associated with the matching firewall security policy; and (iii) applying the identified content filtering processes to the traffic.
34 Citations
16 Claims
-
1. A computer-implemented method comprising:
-
maintaining, by a firewall device within a user space of the firewall device, a plurality of configuration schemes, wherein each of the plurality of configuration schemes comprises a listing of a plurality of network service protocols, and wherein each of the plurality of configuration schemes defines, for each particular network service protocol in the plurality of network service protocols, a set of administrator-configurable application-level content filtering process settings that indicates one or more particular application-level content filtering processes to perform; maintaining, by the firewall device within a kernel of the firewall device, a security policy database including information defining a plurality of firewall security policies, wherein the information defining the plurality of firewall security policies includes, for each one of the plurality of firewall security policies, information identifying an associated one of the plurality of configuration schemes and an action to take with respect to a particular network session based on one or more of a set of one or more source Internet Protocol (IP) addresses, a set of one or more destination IP addresses and a network service protocol; and performing, by the firewall device, policy-based application-level content filtering of a plurality of network sessions by, for each network session of the plurality of network sessions; identifying, by the kernel, a firewall security policy from among the plurality of firewall security policies that matches traffic associated with the network session; when the action to take of the matching firewall security policy indicates the network session is allowable, then; redirecting, by the kernel, the network session to a proxy of a plurality of proxies running within the firewall device; identifying, by the proxy, a plurality of application-level content filtering processes to be performed on the traffic as specified by the configuration scheme specified by the matching firewall security policy; and applying, by the proxy, the identified plurality of application-level content filtering processes to the traffic. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A non-transitory computer-readable storage medium embodying a set of instructions, which when executed by one or more processors of a firewall system, cause the one or more processors to perform a method comprising:
-
maintaining, by a firewall device within a user space of the firewall device, a plurality of configuration schemes, wherein each of the plurality of configuration schemes comprises a listing of a plurality of network service protocols, and wherein each of the plurality of configuration schemes defines, for each particular network service protocol in the plurality of network service protocols, a set of administrator-configurable application-level content filtering process settings that indicates one or more particular application-level content filtering processes to perform; maintaining, by the firewall device within a kernel of the firewall device, a security policy database including information defining a plurality of firewall security policies, wherein the information defining the plurality of firewall security policies includes, for each one of the plurality of firewall security policies, information identifying an associated one of the plurality of configuration schemes and an action to take with respect to a particular network session based on one or more of a set of one or more source Internet Protocol (IP) addresses, a set of one or more destination IP addresses and a network service protocol; and performing, by the firewall device, policy-based application-level content filtering of a plurality of network sessions by, for each network session of the plurality of network sessions; identifying, by the kernel, a firewall security policy from among the plurality of firewall security policies that matches traffic associated with the network session; when the action to take of the matching firewall security policy indicates the network session is allowable, then; redirecting, by the kernel, the network session to a proxy of a plurality of proxies running within the firewall device; identifying, by the proxy, a plurality of application-level content filtering processes to be performed on the traffic as specified by the configuration scheme specified by the matching firewall security policy; and applying, by the proxy, the identified plurality of application-level content filtering processes to the traffic. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
Specification