Policy-based content filtering

US 9,729,508 B2
Filed: 08/05/2014
Issued: 08/08/2017
Est. Priority Date: 11/22/2005
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

maintaining, by a firewall device within a user space of the firewall device, a plurality of configuration schemes, wherein each of the plurality of configuration schemes comprises a listing of a plurality of network service protocols, and wherein each of the plurality of configuration schemes defines, for each particular network service protocol in the plurality of network service protocols, a set of administrator-configurable application-level content filtering process settings that indicates one or more particular application-level content filtering processes to perform;

maintaining, by the firewall device within a kernel of the firewall device, a security policy database including information defining a plurality of firewall security policies, wherein the information defining the plurality of firewall security policies includes, for each one of the plurality of firewall security policies, information identifying an associated one of the plurality of configuration schemes and an action to take with respect to a particular network session based on one or more of a set of one or more source Internet Protocol (IP) addresses, a set of one or more destination IP addresses and a network service protocol; and

performing, by the firewall device, policy-based application-level content filtering of a plurality of network sessions by, for each network session of the plurality of network sessions;

identifying, by the kernel, a firewall security policy from among the plurality of firewall security policies that matches traffic associated with the network session;

when the action to take of the matching firewall security policy indicates the network session is allowable, then;

redirecting, by the kernel, the network session to a proxy of a plurality of proxies running within the firewall device;

identifying, by the proxy, a plurality of application-level content filtering processes to be performed on the traffic as specified by the configuration scheme specified by the matching firewall security policy; and

applying, by the proxy, the identified plurality of application-level content filtering processes to the traffic.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems for processing application-level content of network service protocols are described. According to one embodiment, a firewall maintains multiple configuration schemes, each defining a set of administrator-configurable content filtering process settings. The firewall also maintains a security policy database including multiple firewall security policies. At least one of the firewall security policies includes an associated configuration scheme and an action to take with respect to a particular network session based on a set of source Internet Protocol (IP) addresses, a set of destination IP addresses and/or a network service protocol. Policy-based content filtering of network sessions is performed by: (i) identifying a firewall security policy matching traffic associated with the network session; (ii) identifying content filtering processes to be performed on the traffic based on the configuration scheme associated with the matching firewall security policy; and (iii) applying the identified content filtering processes to the traffic.

34 Citations

View as Search Results

16 Claims

1. A computer-implemented method comprising:
- maintaining, by a firewall device within a user space of the firewall device, a plurality of configuration schemes, wherein each of the plurality of configuration schemes comprises a listing of a plurality of network service protocols, and wherein each of the plurality of configuration schemes defines, for each particular network service protocol in the plurality of network service protocols, a set of administrator-configurable application-level content filtering process settings that indicates one or more particular application-level content filtering processes to perform;
  
  maintaining, by the firewall device within a kernel of the firewall device, a security policy database including information defining a plurality of firewall security policies, wherein the information defining the plurality of firewall security policies includes, for each one of the plurality of firewall security policies, information identifying an associated one of the plurality of configuration schemes and an action to take with respect to a particular network session based on one or more of a set of one or more source Internet Protocol (IP) addresses, a set of one or more destination IP addresses and a network service protocol; and
  
  performing, by the firewall device, policy-based application-level content filtering of a plurality of network sessions by, for each network session of the plurality of network sessions;
  
  identifying, by the kernel, a firewall security policy from among the plurality of firewall security policies that matches traffic associated with the network session;
  
  when the action to take of the matching firewall security policy indicates the network session is allowable, then;
  
  redirecting, by the kernel, the network session to a proxy of a plurality of proxies running within the firewall device;
  
  identifying, by the proxy, a plurality of application-level content filtering processes to be performed on the traffic as specified by the configuration scheme specified by the matching firewall security policy; and
  
  applying, by the proxy, the identified plurality of application-level content filtering processes to the traffic.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further comprising:
    - processing application-level content of a packet stream associated with the network session byreassembling the application-level content from a plurality of packets of the packet stream; and
      
      scanning the application-level content based on the identified plurality of content filtering processes.
  - 3. The method of claim 2, wherein the network service protocol comprises at least one of a group consisting of HyperText Transfer Protocol (HTTP), File Transfer Protocol (FTP), Simple Mail Transfer Protocol (SMTP), Post Office Protocol 3 (POP3), Internet Message Access Protocol (IMAP) and Server Message Block/Common Internet File System (SMB/CIFS).
  - 4. The method of claim 3, further comprising receiving from a network administrator, by the firewall device, via a graphical user interface, selections indicative of the content filtering processes to be performed on the traffic associated with the particular network session.
  - 5. The method of claim 4, wherein content filtering options available to the network administrator via the graphical user interface include at least antivirus scanning, Uniform Resource Locator (URL) blocking and file blocking.
  - 6. The method of claim 5, wherein the content filtering options available to the network administrator via the graphical user interface further include one or more of banned word filtering and spam blocking.
  - 7. The method of claim 5, wherein the file blocking comprises blocking transmission of specific file types.
  - 8. The method of claim 1, further comprising receiving from a network administrator, by the firewall device, via a graphical user interface, selections indicative of one of the plurality of configuration schemes to be associated with one of the plurality of firewall security policies.

9. A non-transitory computer-readable storage medium embodying a set of instructions, which when executed by one or more processors of a firewall system, cause the one or more processors to perform a method comprising:
- maintaining, by a firewall device within a user space of the firewall device, a plurality of configuration schemes, wherein each of the plurality of configuration schemes comprises a listing of a plurality of network service protocols, and wherein each of the plurality of configuration schemes defines, for each particular network service protocol in the plurality of network service protocols, a set of administrator-configurable application-level content filtering process settings that indicates one or more particular application-level content filtering processes to perform;
  
  maintaining, by the firewall device within a kernel of the firewall device, a security policy database including information defining a plurality of firewall security policies, wherein the information defining the plurality of firewall security policies includes, for each one of the plurality of firewall security policies, information identifying an associated one of the plurality of configuration schemes and an action to take with respect to a particular network session based on one or more of a set of one or more source Internet Protocol (IP) addresses, a set of one or more destination IP addresses and a network service protocol; and
  
  performing, by the firewall device, policy-based application-level content filtering of a plurality of network sessions by, for each network session of the plurality of network sessions;
  
  identifying, by the kernel, a firewall security policy from among the plurality of firewall security policies that matches traffic associated with the network session;
  
  when the action to take of the matching firewall security policy indicates the network session is allowable, then;
  
  redirecting, by the kernel, the network session to a proxy of a plurality of proxies running within the firewall device;
  
  identifying, by the proxy, a plurality of application-level content filtering processes to be performed on the traffic as specified by the configuration scheme specified by the matching firewall security policy; and
  
  applying, by the proxy, the identified plurality of application-level content filtering processes to the traffic.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The computer-readable storage medium of claim 9, wherein the method further comprises:
    - processing application-level content of a packet stream associated with the network session byreassembling the application-level content from a plurality of packets of the packet stream; and
      
      scanning the application-level content based on the identified plurality of content filtering processes.
  - 11. The computer-readable storage medium of claim 10, wherein the network service protocol comprises at least one of a group consisting of HyperText Transfer Protocol (HTTP), File Transfer Protocol (FTP), Simple Mail Transfer Protocol (SMTP), Post Office Protocol 3 (POP3), Internet Message Access Protocol (IMAP) and Server Message Block/Common Internet File System (SMB/CIFS).
  - 12. The computer-readable storage medium of claim 11, wherein the method further comprises receiving from a network administrator via a graphical user interface selections indicative of the content filtering processes to be performed on the traffic associated with the particular network session.
  - 13. The computer-readable storage medium of claim 12, wherein content filtering options available to the network administrator via the graphical user interface include at least antivirus scanning, Uniform Resource Locator (URL) blocking and file blocking.
  - 14. The computer-readable storage medium of claim 13, wherein the content filtering options available to the network administrator via the graphical user interface further include one or more of banned word filtering and spam blocking.
  - 15. The computer-readable storage medium of claim 14, wherein the file blocking comprises blocking transmission of specific file types.
  - 16. The computer-readable storage medium of claim 9, wherein the method further comprises receiving from a network administrator, by the firewall device, via a graphical user interface, selections indicative of one of the plurality of configuration schemes to be associated with one of the plurality of firewall security policies.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fortinet Inc.
Original Assignee
Fortinet Inc.
Inventors
Crawford, William J.
Primary Examiner(s)
Edwards, Linglan
Assistant Examiner(s)
BECHTEL, KEVIN M

Application Number

US14/452,292
Publication Number

US 20140351918A1
Time in Patent Office

1,099 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/02   for separating internal fro...

H04L 63/0236   Filtering by address, proto...

H04L 63/0245   Filtering by information in...

H04L 63/0281   Proxies

H04L 63/20   for managing network securi...

Policy-based content filtering

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

34 Citations

16 Claims

Specification

Use Cases

Quick Links

Others

Policy-based content filtering

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

34 Citations

16 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others