System and method for redirected firewall discovery in a network environment

摘要

A method is provided in one example embodiment that includes receiving metadata from a host over a metadata channel. The metadata may be correlated with a network flow and a network policy may be applied to the connection. In other embodiments, a network flow may be received from a host without metadata associated with the flow, and a discovery redirect may be sent to the host. Metadata may then be received and correlated with the flow to identify a network policy action to apply to the flow.

主权项

1. One or more computer-readable non-transitory media comprising one or more instructions that, when executed on at least one processors, configure the processor to perform one or more operations for redirected firewall discovery, the one or more operations comprising:
transmitting a network flow from a source node to a first firewall; transmitting, from the source node to a second firewall, metadata associated with the network flow; receiving, from the first firewall at the source node, a discovery redirect comprising information identifying the first firewall; and in response to receiving the discovery redirect, transmitting, from the source node to the first firewall, the metadata associated with the network flow, wherein the metadata is associated with a network policy applicable to the network flow at the first firewall.