POLICY-BASED CONTENT FILTERING
First Claim
1. A computer-implemented method for processing application-level content of network service protocols, the method comprising:
- redirecting a network connection, by a networking subsystem implemented within a kernel of an operating system of a firewall device, to a proxy module of one or more proxy modules within the firewall device that is configured to support a network service protocol associated with the network connection;
retrieving, by the proxy module, one or more content processing configuration schemes associated with a matching firewall policy for the network service protocol and the network connection, the one or more content processing configuration schemes each including a plurality of content processing configuration settings for each of one or more network service protocols; and
processing, by the proxy module, application-level content of a packet stream associated with the network connection byreassembling the application-level content from a plurality of packets of the packet stream; and
scanning the application-level content based on the retrieved one or more content processing configuration schemes.
0 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems for processing application-level content of network service protocols are described. According to one embodiment, a network connection is redirected by a networking subsystem implemented within a kernel of an operating system of a firewall device to a proxy module within the firewall device that is configured to support a network service protocol associated with the network connection. The proxy module retrieves one or more content processing configuration schemes associated with a matching firewall policy for the network service protocol and the network connection. The content processing configuration schemes each include multiple content processing configuration settings for each of one or more network service protocols. Application-level content of a packet stream associated with the network connection is then processed by the proxy module reassembling the application-level content from multiple packets of the packet stream and scanning the application-level content based on the retrieved content processing configuration schemes.
91 Citations
34 Claims
-
1. A computer-implemented method for processing application-level content of network service protocols, the method comprising:
-
redirecting a network connection, by a networking subsystem implemented within a kernel of an operating system of a firewall device, to a proxy module of one or more proxy modules within the firewall device that is configured to support a network service protocol associated with the network connection; retrieving, by the proxy module, one or more content processing configuration schemes associated with a matching firewall policy for the network service protocol and the network connection, the one or more content processing configuration schemes each including a plurality of content processing configuration settings for each of one or more network service protocols; and processing, by the proxy module, application-level content of a packet stream associated with the network connection by reassembling the application-level content from a plurality of packets of the packet stream; and scanning the application-level content based on the retrieved one or more content processing configuration schemes. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A firewall system for processing application-level content of network service protocols, the firewall system comprising:
-
a non-transitory memory having stored therein a configuration database including a plurality of firewall policies and a plurality of content processing configuration schemes, each content processing configuration scheme of the plurality of content processing configuration schemes including a plurality of content processing configuration settings for each of a plurality of network protocols; a networking interface operable to receive a network connection; one or more proxy modules each operable to support one or more network protocols of the plurality of network protocols; and a networking subsystem operable to (i) receive the network connection from the networking interface, (ii) identify a firewall policy of the plurality of firewall policies that is appropriate for the network connection and (ii) redirect the network connection to a proxy module of the one or more proxy modules based on a network protocol associated with the network connection; and wherein the proxy module processes application-level content of a packet stream associated with the network connection by reassembling the application-level content from a plurality of packets of the packet stream; and scanning the application-level content based on one or more content processing configuration schemes of the plurality of content processing configuration schemes that have been associated with the firewall policy by an administrator of the firewall system. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25)
-
-
26. A non-transitory computer-readable storage medium tangibly embodying instructions, which when executed by a firewall system, cause the firewall system to perform a method for processing application-level content, the method comprising:
-
redirecting a network connection, by a networking subsystem implemented within a kernel of an operating system of the firewall system, to a proxy module of one or more proxy modules within the firewall system that is configured to support a network service protocol associated with the network connection; retrieving, by the proxy module, one or more content processing configuration schemes associated with a matching firewall policy for the network service protocol and the network connection, the one or more content processing configuration schemes each including a plurality of content processing configuration settings for each of one or more network service protocols; and processing, by the proxy module, application-level content of a packet stream associated with the network connection by reassembling the application-level content from a plurality of packets of the packet stream; and scanning the application-level content based on the retrieved one or more content processing configuration schemes. - View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34)
-
Specification