公开(公告)号：US20210306338A1

公开(公告)日：2021-09-30

申请号：US16836410

申请日：2020-03-31

Applicant: Juniper Networks, Inc.

Inventor： Prasad Miriyala ,  Sajeesh Mathew ,  Kannan Varadhan

IPC: H04L29/06 ,  G06F21/62

Abstract: In some examples, an access control policy controller in a computer network may receive a request to create an access control policy that permits a role to perform one or more functions in the computer network. The access control policy controller may determine one or more operations performed on one or more objects in the computer network to perform the one or more functions based at least in part on tracking performance of the one or more functions in the computer network. The access control policy controller may create the access control policy for the role that permits the role to perform the one or more operations on the one or more objects in the computer network.

公开(公告)号：US09191366B2

公开(公告)日：2015-11-17

申请号：US14262593

申请日：2014-04-25

Applicant: Juniper Networks, Inc.

Inventor： Kannan Varadhan ,  Jean-Marc Frailong ,  Anjan Venkatramani

IPC: H04L29/06 ,  H04L12/725 ,  H04L12/18 ,  H04L12/701 ,  H04L12/761

CPC classification number: H04L63/0227 ,  H04L12/18 ,  H04L45/00 ,  H04L45/16 ,  H04L45/30 ,  H04L63/0254 ,  H04L63/104

Abstract: A multicast-capable firewall allows firewall security policies to be applied to multicast traffic. The multicast-capable firewall may be integrated within a routing device, thus allowing a single device to provide both routing functionality, including multicast support, as well as firewall services. The routing device provides a user interface by which a user specifies one or more zones to be recognized by the integrated firewall when applying stateful firewall services to multicast packets. The user interface supports a syntax that allows the user to define subsets of the plurality of interfaces associated with the zones, and define a single multicast policy to be applied to multicast sessions associated with a multicast group. The multicast policy identifies common services to be applied pre-replication, and exceptions specifying additional services to be applied post-replication to copies of the multicast packets for the one or more zones.

Abstract translation: 具有组播功能的防火墙允许将防火墙安全策略应用于组播流量。 可组播的防火墙可以集成在路由设备内，从而允许单个设备提供包括组播支持在内的路由功能以及防火墙服务。 路由设备提供一个用户界面，用户通过该用户界面指定一个或多个区域，以便在向组播数据包应用状态防火墙服务时由集成防火墙识别。 用户界面支持语法，允许用户定义与区域相关联的多个接口的子集，并且定义要应用于与多播组相关联的多播会话的单个组播策略。 多播策略标识要应用预复制的常用服务，以及将要复制后应用的其他服务指定给一个或多个区域的多播数据包副本的异常。

公开(公告)号：US20140237541A1

公开(公告)日：2014-08-21

申请号：US14262593

申请日：2014-04-25

Applicant: Juniper Networks, Inc.

Inventor： Kannan Varadhan ,  Jean-Marc Frailong ,  Anjan Venkatramani

IPC: H04L29/06 ,  H04L12/18

CPC classification number: H04L63/0227 ,  H04L12/18 ,  H04L45/00 ,  H04L45/16 ,  H04L45/30 ,  H04L63/0254 ,  H04L63/104

Abstract: A multicast-capable firewall allows firewall security policies to be applied to multicast traffic. The multicast-capable firewall may be integrated within a routing device, thus allowing a single device to provide both routing functionality, including multicast support, as well as firewall services. The routing device provides a user interface by which a user specifies one or more zones to be recognized by the integrated firewall when applying stateful firewall services to multicast packets. The user interface supports a syntax that allows the user to define subsets of the plurality of interfaces associated with the zones, and define a single multicast policy to be applied to multicast sessions associated with a multicast group. The multicast policy identifies common services to be applied pre-replication, and exceptions specifying additional services to be applied post-replication to copies of the multicast packets for the one or more zones.

Abstract translation: 具有组播功能的防火墙允许将防火墙安全策略应用于组播流量。 可组播的防火墙可以集成在路由设备内，从而允许单个设备提供包括组播支持在内的路由功能以及防火墙服务。 路由设备提供一个用户界面，用户通过该用户界面指定一个或多个区域，以便在向组播数据包应用状态防火墙服务时由集成防火墙识别。 用户界面支持语法，允许用户定义与区域相关联的多个接口的子集，并且定义要应用于与多播组相关联的多播会话的单个组播策略。 多播策略标识要应用预复制的常用服务，以及将要复制后应用的其他服务指定给一个或多个区域的多播数据包副本的异常。

公开(公告)号：US12107859B2

公开(公告)日：2024-10-01

申请号：US18166893

申请日：2023-02-09

Applicant: Juniper Networks, Inc.

Inventor： Prasad Miriyala ,  Sajeesh Mathew ,  Kannan Varadhan

IPC: H04L9/40 ,  G06F21/62 ,  H04L29/06

CPC classification number: H04L63/101 ,  G06F21/6209 ,  H04L63/20

Abstract: In some examples, an access control policy controller in a computer network may receive a request to create an access control policy that permits a role to perform one or more functions in the computer network. The access control policy controller may determine one or more operations performed on one or more objects in the computer network to perform the one or more functions based at least in part on tracking performance of the one or more functions in the computer network. The access control policy controller may create the access control policy for the role that permits the role to perform the one or more operations on the one or more objects in the computer network.

公开(公告)号：US20130074177A1

公开(公告)日：2013-03-21

申请号：US13669303

申请日：2012-11-05

Applicant: JUNIPER NETWORKS, INC.

Inventor： Kannan Varadhan ,  Joao Campelo F.N. Gomes

IPC: H04L29/06

CPC classification number: H04L63/0272 ,  H04L12/4633 ,  H04L12/4641 ,  H04L45/04 ,  H04L45/50 ,  H04L45/60 ,  H04L63/0227

Abstract: An MPLS-aware firewall allows firewall security policies to be applied to MPLS traffic. The firewall, which may be integrated within a routing device, can be configured into multiple virtual security systems. The routing device provides a user interface by which a user specifies one or more zones to be recognized by the integrated firewall when applying stateful firewall services to the packets. The user interface allows the user to define different zones and policies for different ones of the virtual security systems. In addition, the user interface supports a syntax that allows the user to define the zones for the firewall by specifying the customer VPNs as interfaces associated with the zones. The routing device generates mapping information for the integrated firewall to map the customer VPNs to specific MPLS labels for the MPLS tunnels carrying the customer's traffic.

Abstract translation: 支持MPLS的防火墙允许将防火墙安全策略应用于MPLS流量。 可以集成在路由设备中的防火墙可以被配置成多个虚拟安全系统。 路由设备提供用户界面，当用户界面向应用状态的防火墙服务应用时，用户指定一个或多个被集成防火墙识别的区域。 用户界面允许用户为不同的虚拟安全系统定义不同的区域和策略。 此外，用户界面支持语法，允许用户通过将客户VPN指定为与区域相关联的接口来定义防火墙的区域。 路由设备生成集成防火墙的映射信息，将客户VPN映射到承载客户流量的MPLS隧道的特定MPLS标签。

公开(公告)号：US12143385B2

公开(公告)日：2024-11-12

申请号：US18166893

申请日：2023-02-09

Applicant: Juniper Networks, Inc.

Inventor： Prasad Miriyala ,  Sajeesh Mathew ,  Kannan Varadhan

IPC: H04L9/40 ,  G06F21/62 ,  H04L29/06

Abstract: In some examples, an access control policy controller in a computer network may receive a request to create an access control policy that permits a role to perform one or more functions in the computer network. The access control policy controller may determine one or more operations performed on one or more objects in the computer network to perform the one or more functions based at least in part on tracking performance of the one or more functions in the computer network. The access control policy controller may create the access control policy for the role that permits the role to perform the one or more operations on the one or more objects in the computer network.

公开(公告)号：US20230188526A1

公开(公告)日：2023-06-15

申请号：US18166893

申请日：2023-02-09

Applicant: Juniper Networks, Inc,

Inventor： Prasad Miriyala ,  Sajeesh Mathew ,  Kannan Varadhan

IPC: H04L9/40 ,  G06F21/62

CPC classification number: H04L63/101 ,  G06F21/6209

Abstract: In some examples, an access control policy controller in a computer network may receive a request to create an access control policy that permits a role to perform one or more functions in the computer network. The access control policy controller may determine one or more operations performed on one or more objects in the computer network to perform the one or more functions based at least in part on tracking performance of the one or more functions in the computer network. The access control policy controller may create the access control policy for the role that permits the role to perform the one or more operations on the one or more objects in the computer network.

公开(公告)号：US11595393B2

公开(公告)日：2023-02-28

申请号：US16836410

申请日：2020-03-31

Applicant: Juniper Networks, Inc.

Inventor： Prasad Miriyala ,  Sajeesh Mathew ,  Kannan Varadhan

IPC: H04L9/40 ,  G06F21/62 ,  H04L29/06

Abstract: In some examples, an access control policy controller in a computer network may receive a request to create an access control policy that permits a role to perform one or more functions in the computer network. The access control policy controller may determine one or more operations performed on one or more objects in the computer network to perform the one or more functions based at least in part on tracking performance of the one or more functions in the computer network. The access control policy controller may create the access control policy for the role that permits the role to perform the one or more operations on the one or more objects in the computer network.

公开(公告)号：US09762622B2

公开(公告)日：2017-09-12

申请号：US14587935

申请日：2014-12-31

Applicant: Juniper Networks, Inc.

Inventor： Qingming Ma ,  Kannan Varadhan ,  Rohini Kasturi

IPC: G06F15/16 ,  H04L29/06 ,  H04L12/801 ,  H04L12/28 ,  H04L12/815 ,  H04L12/807 ,  H04L12/841

CPC classification number: H04L65/105 ,  H04L12/2858 ,  H04L47/10 ,  H04L47/22 ,  H04L47/27 ,  H04L47/283

Abstract: A method includes a proxy device receiving from a source device a request to establish a flow to a destination device; generating, based on the request, a meta-packet that indicates that the flow to the destination device is to be proxied; determining whether a pre-established flow connecting the proxy device to another proxy device that leads toward the destination device exists; sending the meta-packet on the pre-established flow, when it is determined that the pre-established flow exists; receiving by the other proxy device, the meta-packet, and establishing the flow to the destination device based on the meta-packet, where the proxy devices assign one or more of a source address, a source port, a destination address, or a destination port, associated with the source device and the destination device, to the pre-established flow.

公开(公告)号：US08955100B2

公开(公告)日：2015-02-10

申请号：US13669303

申请日：2012-11-05

Applicant: Juniper Networks, Inc.

Inventor： Kannan Varadhan ,  Joao Campelo F. N. Gomes

IPC: H04L29/06 ,  H04L12/46 ,  H04L12/715 ,  H04L12/723 ,  H04L12/773

CPC classification number: H04L63/0272 ,  H04L12/4633 ,  H04L12/4641 ,  H04L45/04 ,  H04L45/50 ,  H04L45/60 ,  H04L63/0227

Abstract: An MPLS-aware firewall allows firewall security policies to be applied to MPLS traffic. The firewall, which may be integrated within a routing device, can be configured into multiple virtual security systems. The routing device provides a user interface by which a user specifies one or more zones to be recognized by the integrated firewall when applying stateful firewall services to the packets. The user interface allows the user to define different zones and policies for different ones of the virtual security systems. In addition, the user interface supports a syntax that allows the user to define the zones for the firewall by specifying the customer VPNs as interfaces associated with the zones. The routing device generates mapping information for the integrated firewall to map the customer VPNs to specific MPLS labels for the MPLS tunnels carrying the customer's traffic.

Abstract translation: 支持MPLS的防火墙允许将防火墙安全策略应用于MPLS流量。 可以集成在路由设备中的防火墙可以被配置成多个虚拟安全系统。 路由设备提供用户界面，当用户界面向应用状态的防火墙服务应用时，用户指定一个或多个被集成防火墙识别的区域。 用户界面允许用户为不同的虚拟安全系统定义不同的区域和策略。 此外，用户界面支持语法，允许用户通过将客户VPN指定为与区域相关联的接口来定义防火墙的区域。 路由设备生成集成防火墙的映射信息，将客户VPN映射到承载客户流量的MPLS隧道的特定MPLS标签。