Intelligent sorting for N-way secure split tunnel
First Claim
1. A method comprising:
- sorting outgoing datagrams into one of at least three categories, wherein the three categories include a first category of datagrams addressed to a central network location, a second category of datagrams addressed to destinations on a white list, and a third category of datagrams addressed to other destinations absent from the white list;
sending datagrams in the first category to the central network location along an N-way split virtual private network tunnel, wherein N is a multiple of three;
sending datagrams in the second category to the destinations on the white list along the N-way split virtual private network tunnel;
sending datagrams in the third category to a scanning service website along the N-way split virtual private network tunnel, the scanning service website configured to provide a first scrubbing service for HTTP datagrams and a second scrubbing service for SMTP, POP, and IMAP datagrams.
5 Assignments
0 Petitions
Accused Products
Abstract
A method of intelligently sorting packets/datagrams for sending through appropriate branches of a N-way split VPN tunnel according to embodiments of the present invention allow for efficient movement of network traffic to and from a remote network location. Intelligent sorting may be based on a wide range of criteria in order to implement different policies. For example, datagrams may be sorted for sending through the branches of a 3-way split tunnel so that all traffic from a remote network location ultimately destined to servers at a central location may be sent via a secure VPN tunnel, all traffic that matches a “white-list” of trusted external sites may be sent directly to and from these sites to the remote network location, and all other traffic may be redirected through a Web service that scrubs and filters the traffic to/from questionable sites. Furthermore, the VPN tunnel may be chosen to minimize latency, to detour around network failures, or to conserve energy by minimizing the number of routers a datagram passes through.
33 Citations
10 Claims
-
1. A method comprising:
-
sorting outgoing datagrams into one of at least three categories, wherein the three categories include a first category of datagrams addressed to a central network location, a second category of datagrams addressed to destinations on a white list, and a third category of datagrams addressed to other destinations absent from the white list; sending datagrams in the first category to the central network location along an N-way split virtual private network tunnel, wherein N is a multiple of three; sending datagrams in the second category to the destinations on the white list along the N-way split virtual private network tunnel; sending datagrams in the third category to a scanning service website along the N-way split virtual private network tunnel, the scanning service website configured to provide a first scrubbing service for HTTP datagrams and a second scrubbing service for SMTP, POP, and IMAP datagrams. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
Specification