| 发明名称 |
TUNNEL INTERFACE FOR SECURING TRAFFIC OVER A NETWORK |
| 摘要 |
Methods and systems for a flexible, scalable hardware and software platform that allows a managed security service provider to easily provide security services to multiple customers are provided. According to one embodiment, a method is provided for delivering customized network services to subscribers of the service provider. A request is received, at a service management system (SMS) of the service provider, to establish an Internet Protocol (IP) connection between a first and second location of a first subscriber of the managed security service provider. Responsive to the request, the SMS causes a tunnel to be established between a first and second service processing switch of the service provider which are coupled in communication via a public network and associated with the first location and the second location, respectively. |
| 申请公布号 |
US2017093808(A1) |
申请公布日期 |
2017.03.30 |
| 申请号 |
US201615184897 |
申请日期 |
2016.06.16 |
| 申请人 |
Fortinet, Inc. |
发明人 |
Sun Chih-Tiang;Yum Kiho;Matthews Abraham R. |
| 分类号 |
H04L29/06;H04L12/46 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A method comprising:
instantiating, within each of a plurality of service processing switches of a service provider, a plurality of virtual routers (VRs), wherein each VR of the plurality of VRs is supported by an object group and each object of the object group supports a network service; assigning one or more VRs of the plurality of VRs to a subscriber of a plurality of subscribers of the service provider; receiving, by a service management system (SMS) of the service provider, a request to establish a Virtual Private Network (VPN) connection between a first premises of the subscriber and a second premises of the subscriber; and establishing a tunnel in support of the VPN connection between a first service processing switch of the plurality of service processing switches and a second service processing switch of the plurality of service processing switches coupled in communication with the first service processing switch through a public Internet Protocol (IP) network, including:
configuring a first packet routing node of the first service processing switch, for as long as the VPN connection is maintained, (i) to cause all packets transmitted via the tunnel from the first premises to the second premises to be encrypted prior to transmission through the public IP network and (ii) to cause all packets received via the tunnel from the second premises to be decrypted; andconfiguring a second packet routing node of the second service processing switch, for as long as the VPN connection is maintained, (i) to cause all packets transmitted via the tunnel from the second premises to the first premises to be encrypted prior to transmission through the public IP network and (ii) to cause all packets received via the tunnel from the first premises to be decrypted. |
| 地址 |
Sunnyvale CA US |
