Computerized system and method for policy-based content filtering

  • US 7,966,654 B2
  • Filed: 11/22/2005
  • Issued: 06/21/2011
  • Est. Priority Date: 11/22/2005
  • Status: Active Grant
First Claim
Patent Images

1. A computer-implemented method for processing application-level content of network service protocols, the method comprising:

  • receiving an incoming network connection, at a networking subsystem of a firewall device, the incoming connection being characterized by a source network address, a destination network address and a network service protocol;

    determining, by the networking subsystem, the network service protocol of the incoming network connection;

    determining, by the networking subsystem, whether to allow or deny the incoming connection by identifying a matching firewall policy based on the source network address, the destination network address and the network service protocol and applying packet-layer firewall rules associated with the matching firewall policy;

    if the incoming connection is allowed, then;

    redirecting the incoming network connection, by the networking subsystem, to a proxy module of one or more proxy modules within the firewall device that is configured to support the network service protocol;

    retrieving, by the proxy module, one or more content processing configuration schemes associated with the matching firewall policy, the one or more content processing configuration schemes each including a plurality of content processing configuration settings for each of one or more network service protocols; and

    processing, by the proxy module, application-level content of a packet stream associated with the incoming network connection byreconstructing the application-level content, including extracting and buffering content from a plurality of packets of the packet stream; and

    scanning the application-level content based on the retrieved one or more content processing configuration schemes.

View all claims
    ×
    ×

    Thank you for your feedback

    ×
    ×