logo

For the Inventor, By the Inventor

The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.

The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.

Patent No.:

US 7562389 B1

PDFFull Text
Date of Patent:
Jul. 14, 2009

Filed:

Jul. 30, 2004

Method and system for network security

Applicants:

Rajan Goyal, Sunnyvale, CA (US);

Virgil N. Mihailovici, San Jose, CA (US);

Rahul Gupta, Sunnyvale, CA (US);

Pere Monclus, San Jose, CA (US);

Ahsan Habib, Los Gatos, CA (US);

Kirtikumar L. Prabhu, San Jose, CA (US);

Christophe J. Paggen, Plainevaux, BE;

Shyamasundar S. Kaluve, Bangalore, IN;

Inventors:

Rajan Goyal, Sunnyvale, CA (US);

Virgil N. Mihailovici, San Jose, CA (US);

Rahul Gupta, Sunnyvale, CA (US);

Pere Monclus, San Jose, CA (US);

Ahsan Habib, Los Gatos, CA (US);

Kirtikumar L. Prabhu, San Jose, CA (US);

Christophe J. Paggen, Plainevaux, BE;

Shyamasundar S. Kaluve, Bangalore, IN;

Assignee:

Cisco Technology, Inc., San Jose, CA (US);

Attorney:

Baker Botts L.L.P.

Primary Examiner:

Minh Dieu Nguyen

Int. Cl.
CPC ...
G06F 11/00 (2006.01); H04L 9/00 (2006.01);
U.S. Cl.
CPC ...
Abstract

In accordance with one embodiment of the present invention, a method includes receiving a packet at a physical interface of a network security gateway. The packet is tagged with a first VLAN identifier associated with an external network. The method also includes communicating a copy of the packet to a first processor, analyzing the copy of the packet at the first processor to determine whether the packet violates a security condition, and communicating a reply message from the first processor to the interface. The reply message indicates whether the packet violates a security condition. If the packet does not violate a security condition, the method includes re-tagging the packet with a second VLAN identifier associated with a protected network by using a second processor at the physical interface. The method further includes communicating the re-tagged packet to the protected network if the packet does not violate a security condition.

Find Patent Forward Citations

Loading…