Personal remote firewall
First Claim
1. A method comprising:
- configuring a user database of a virtual private network gateway server that provides rules for wireless access over a secure tunnel connection to a corporate network so as to provide user specific rules for the access over the secure tunnel connection, the configuring including associating different specific users with respective sets of allowed transmission control protocol server ports, wherein the allowed transmission control protocol server ports associated with a specific user are allowed client side transmission control protocol server ports, and the configuring further includes configuring the user database to associate an allowed client side transmission control protocol server port with a server side transmission control protocol server port;
authenticating a user connecting to the secure tunnel connection; and
limiting the authenticated user'"'"'s access to the corporate network by forwarding only user data received in the secure tunnel that as a destination has a port that is included in the set of allowed transmission control protocol server ports associated with the user in the user database such that user data received in the secure tunnel is forwarded to a server side transmission control protocol server port associated with an allowed client side transmission control protocol server port over a separate transmission control protocol connection, in which connection of the gateway server acts as a client, and further such that when receiving at the gateway server at least one application request over said secure tunnel for connection to an allowed client side transmission control protocol server port, said gateway server acts as a client to establish a new separate transmission control protocol connection for each of said application requests.
1 Assignment
0 Petitions
Accused Products
Abstract
The present invention relates to a method and a virtual private network (VPN) gateway server 10 providing rules for wireless access over a secure tunnel connection to a corporate network 20. The corporate network 20 is protected by firewall functionality, with different access configurations for different remote users. The VPN gateway server 10 includes a user database 15 which provides rules specific for each user for the access to the corporate network 20 using the secure tunnel. The rules include specific sets of TCP ports associated with respective specific users. The gateway server 10 limits an authenticated user'"'"'s access to the corporate network 20, which access is performed by means of the tunnel connection provided by the gateway server 10, to the associated allowed TCP server ports.
28 Citations
17 Claims
-
1. A method comprising:
-
configuring a user database of a virtual private network gateway server that provides rules for wireless access over a secure tunnel connection to a corporate network so as to provide user specific rules for the access over the secure tunnel connection, the configuring including associating different specific users with respective sets of allowed transmission control protocol server ports, wherein the allowed transmission control protocol server ports associated with a specific user are allowed client side transmission control protocol server ports, and the configuring further includes configuring the user database to associate an allowed client side transmission control protocol server port with a server side transmission control protocol server port; authenticating a user connecting to the secure tunnel connection; and limiting the authenticated user'"'"'s access to the corporate network by forwarding only user data received in the secure tunnel that as a destination has a port that is included in the set of allowed transmission control protocol server ports associated with the user in the user database such that user data received in the secure tunnel is forwarded to a server side transmission control protocol server port associated with an allowed client side transmission control protocol server port over a separate transmission control protocol connection, in which connection of the gateway server acts as a client, and further such that when receiving at the gateway server at least one application request over said secure tunnel for connection to an allowed client side transmission control protocol server port, said gateway server acts as a client to establish a new separate transmission control protocol connection for each of said application requests. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A virtual private network gateway server providing rules for wireless access over a secure tunnel connection to a corporate network, the server comprising:
-
an addressable memory for storage of a user database, the user database providing user specific rules for the access over the secure tunnel connection by storing associations between different specific users and respective sets of allowed transmission control protocol server ports, wherein the allowed transmission control protocol server ports associated with a specific user are allowed client side transmission control protocol server ports, and the user database further associates an allowed client side transmission control protocol server port with a server side transmission control protocol server port; an authenticating unit for authenticating a user connecting to the secure tunnel connection; and a port filter for limiting the authenticated user'"'"'s access to the corporate network by forwarding only user data received in the secure tunnel that as a destination has a port that is included by the set of allowed transmission control protocol server ports associated with the user in the user database such that user data received in the secure tunnel is forwarded to a server side transmission control protocol server port associated with an allowed client side transmission control protocol server port over a separate transmission control protocol connection, in which connection the gateway server acts as a client, and further wherein when receiving at the gateway server at least one application request over said secure tunnel for connection to an allowed client side transmission control protocol server port, said gateway server acts as a client to establish a new separate transmission control protocol connection for each of said application requests. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A virtual private network gateway server providing rules for wireless access over a secure tunnel connection to a corporate network, the server comprising:
-
means for storing a user database, the user database providing user specific rules for the access over the secure tunnel connection by storing associations between different specific users and respective sets of allowed transmission control protocol server ports, wherein the allowed transmission control protocol server ports associated with a specific user are allowed client side transmission control protocol server ports, and the user database further associates an allowed client side transmission control protocol server port with a server side transmission control protocol server port; means for authenticating a user connecting to the secure tunnel connection; and means for limiting the authenticated user'"'"'s access to the corporate network by forwarding only user data received in the secure tunnel that as a destination has a port that is included by the set of allowed transmission control protocol server ports associated with the user in the user database such that user data received in the secure tunnel is forwarded to a server side transmission control protocol server port associated with an allowed client side transmission control protocol server port over a separate transmission control protocol connection, in which connection the gateway server acts as a client, and further wherein when receiving at the gateway server at least one application request over said secure tunnel for connection to an allowed client side transmission control protocol server port, said gateway server acts as a client to establish a new separate transmission control protocol connection for each of said application requests.
-
Specification