Policy based content filtering
First Claim
1. A computer-implemented method for processing application-level content of network service protocols, the method comprising:
- maintaining, by a firewall device, a plurality of configuration schemes, wherein each of the plurality of configuration schemes comprises a listing of a plurality of network service protocols, and wherein each of the plurality of configuration schemes defines, for each particular network service protocol in the plurality of network service protocols, a set of administrator-configurable content filtering process settings that indicates one or more particular content filtering processes to perform;
maintaining, by the firewall device, a security policy database including information defining a plurality of firewall security policies, wherein the information defining the plurality of firewall security policies includes, for each one of the plurality of firewall security policies, information identifying an associated one of the plurality of configuration schemes and an action to take with respect to a particular network session based on a plurality of (i) a set of one or more source Internet Protocol (IP) addresses, (ii) a set of one or more destination IP addresses and (iii) a network service protocol;
receiving an incoming network connection, at a networking subsystem of the firewall device, the incoming connection being characterized by a source Internet Protocol (IP) address, a destination IP address and a network service protocol;
determining, by the networking subsystem, the network service protocol of the incoming network connection;
determining, by the networking subsystem, whether to allow or deny the incoming network connection by identifying a matching firewall policy from among the plurality of firewall security policies based on the source IP address, the destination IP address and the network service protocol and applying packet-layer firewall rules associated with the matching firewall policy;
when the incoming network connection is allowed by the action to take of the matching firewall policy, then;
redirecting the incoming network connection, by the networking subsystem, to a proxy module of a plurality of proxy modules within the firewall device that is configured to support the network service protocol;
retrieving, by the proxy module, a content processing configuration scheme of the plurality of content processing configuration schemes identified by the matching firewall policy; and
processing, by the proxy module, application-level content spanning a plurality of packets of a packet stream associated with the incoming network connection by;
reconstructing the application-level content, including extracting and buffering content from the plurality of packets; and
filtering the application-level content based on those content filtering processes of the one or more particular content filtering processes specified by the content processing configuration scheme specified by the matching firewall policy that are applicable to the determined network service protocol.
0 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems for processing application-level content of network service protocols are described. According to one embodiment, a network connection is received at a networking subsystem of a firewall. The connection is characterized by a source IP address, a destination IP address and a network service protocol. The network service protocol of the network connection is determined. A matching firewall policy is identified for the connection. When the connection is allowed, it is redirected to a proxy module that is configured to support the network service protocol. A content processing configuration scheme identified by the matching firewall policy is retrieved that includes multiple content processing configuration settings, specifying whether a particular type of content filtering is to be performed, for each of multiple network service protocols. Application-level content of a packet stream associated with the network connection is reconstructed and filtered based on the applicable content processing configuration settings.
41 Citations
16 Claims
-
1. A computer-implemented method for processing application-level content of network service protocols, the method comprising:
-
maintaining, by a firewall device, a plurality of configuration schemes, wherein each of the plurality of configuration schemes comprises a listing of a plurality of network service protocols, and wherein each of the plurality of configuration schemes defines, for each particular network service protocol in the plurality of network service protocols, a set of administrator-configurable content filtering process settings that indicates one or more particular content filtering processes to perform; maintaining, by the firewall device, a security policy database including information defining a plurality of firewall security policies, wherein the information defining the plurality of firewall security policies includes, for each one of the plurality of firewall security policies, information identifying an associated one of the plurality of configuration schemes and an action to take with respect to a particular network session based on a plurality of (i) a set of one or more source Internet Protocol (IP) addresses, (ii) a set of one or more destination IP addresses and (iii) a network service protocol; receiving an incoming network connection, at a networking subsystem of the firewall device, the incoming connection being characterized by a source Internet Protocol (IP) address, a destination IP address and a network service protocol; determining, by the networking subsystem, the network service protocol of the incoming network connection; determining, by the networking subsystem, whether to allow or deny the incoming network connection by identifying a matching firewall policy from among the plurality of firewall security policies based on the source IP address, the destination IP address and the network service protocol and applying packet-layer firewall rules associated with the matching firewall policy; when the incoming network connection is allowed by the action to take of the matching firewall policy, then; redirecting the incoming network connection, by the networking subsystem, to a proxy module of a plurality of proxy modules within the firewall device that is configured to support the network service protocol; retrieving, by the proxy module, a content processing configuration scheme of the plurality of content processing configuration schemes identified by the matching firewall policy; and processing, by the proxy module, application-level content spanning a plurality of packets of a packet stream associated with the incoming network connection by; reconstructing the application-level content, including extracting and buffering content from the plurality of packets; and filtering the application-level content based on those content filtering processes of the one or more particular content filtering processes specified by the content processing configuration scheme specified by the matching firewall policy that are applicable to the determined network service protocol. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A non-transitory computer-readable storage medium embodying instructions, which when executed by a firewall device, cause the firewall device to perform a method for processing application-level content, the method comprising:
-
maintaining a plurality of configuration schemes, wherein each of the plurality of configuration schemes comprises a listing of a plurality of network service protocols, and wherein each of the plurality of configuration schemes defines, for each particular network service protocol in the plurality of network service protocols, a set of administrator-configurable content filtering process settings that indicates one or more particular content filtering processes to perform; maintaining a security policy database including information defining a plurality of firewall security policies, wherein the information defining the plurality of firewall security policies includes, for each one of the plurality of firewall security policies, information identifying an associated one of the plurality of configuration schemes and an action to take with respect to a particular network session based on a plurality of (i) a set of one or more source Internet Protocol (IP) addresses, (ii) a set of one or more destination IP addresses and (iii) a network service protocol; receiving an incoming network connection, at a networking subsystem of the firewall device, the incoming network connection being characterized by a source Internet Protocol (IP) address, a destination IP address and a network service protocol; determining, by the networking subsystem, the network service protocol of the incoming network connection; determining, by the networking subsystem, whether to allow or deny the incoming network connection by identifying a matching firewall policy from among the plurality of firewall security policies based on the source IP address, the destination IP address and the network service protocol and applying packet-layer firewall rules associated with the matching firewall policy; when the incoming network connection is allowed by the action to take of the matching firewall policy, then; redirecting the incoming network connection, by the networking subsystem, to a proxy module of a plurality of proxy modules within the firewall device that is configured to support the network service protocol; retrieving, by the proxy module, a content processing configuration scheme of the plurality of content processing configuration schemes identified by the matching firewall policy; and processing, by the proxy module, application-level content spanning a plurality of packets of a packet stream associated with the incoming network connection by; reconstructing the application-level content, including extracting and buffering content from the plurality of packets; and filtering the application-level content based on those content filtering processes of the one or more particular content filtering processes specified by the content processing configuration scheme specified by the matching firewall policy that are applicable to the determined network service protocol. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
Specification