公开(公告)号：US20230114774A1

公开(公告)日：2023-04-13

申请号：US17498338

申请日：2021-10-11

Applicant: Cisco Technology, Inc.

Inventor： Vivek Santuka ,  Yeneneh Elfaged Gobena ,  Hazim Hashim Dahir ,  Dhiren Tailor

IPC: H04L29/06

Abstract: A server may receive, from a virtual private network (VPN) client of a client device, a message which indicates a request for a policy rule for communications with a network-based application (e.g. provided via a data center or cloud computing services). The server may obtain source attributes of the client device and a user thereof based on source identifiers, and destination attributes of the application based on a destination identifier, and select a policy rule associated with the attributes (e.g. indicative of security, risk, cost, load, and/or business function). The server may send a message which indicates a response and includes the policy rule for application at the VPN client. The policy rule may indicate a policy action for selecting a path, of a plurality of paths, identified by a path identifier, and specify conditions such as a location and/or a date, day, and/or time of the client device.

公开(公告)号：US11818101B2

公开(公告)日：2023-11-14

申请号：US17498338

申请日：2021-10-11

Applicant: Cisco Technology, Inc.

Inventor： Vivek Santuka ,  Yeneneh Elfaged Gobena ,  Hazim Hashim Dahir ,  Dhiren Tailor

IPC: H04L9/40

CPC classification number: H04L63/0272 ,  H04L63/029 ,  H04L63/0876 ,  H04L63/107 ,  H04L63/108

Abstract: A server may receive, from a virtual private network (VPN) client of a client device, a message which indicates a request for a policy rule for communications with a network-based application (e.g. provided via a data center or cloud computing services). The server may obtain source attributes of the client device and a user thereof based on source identifiers, and destination attributes of the application based on a destination identifier, and select a policy rule associated with the attributes (e.g. indicative of security, risk, cost, load, and/or business function). The server may send a message which indicates a response and includes the policy rule for application at the VPN client. The policy rule may indicate a policy action for selecting a path, of a plurality of paths, identified by a path identifier, and specify conditions such as a location and/or a date, day, and/or time of the client device.

公开(公告)号：US20220103597A1

公开(公告)日：2022-03-31

申请号：US17037105

申请日：2020-09-29

Applicant: Cisco Technology, Inc.

Inventor： Yeneneh Elfaged Gobena ,  Hazim Hashim Dahir ,  Timothy Rowley ,  Ibrahim Amir Darwish

IPC: H04L29/06 ,  H04L29/12

Abstract: A network optimization controller (NOC) performs operations including obtaining, from a secure access service edge (SASE) device executing a security service, a first data set defining a security performance metric provided by the security service, and obtaining, from the SASE, a second data set defining a network performance metric associated with a network device. The operations further include defining a policy based at least in part on the first data set and the second data set, determining if the policy has been violated, and changing a first access modality provided for the network device to access an end host to a second access modality based at least in part on the policy being violated. The first access modality and the second access modality define different methods of access to the end host.