| 发明名称 | Firewall security between network devices | ||
| 摘要 | A security device may be interconnected, via multiple links, between multiple network devices in a network. The firewall device may include multiple input interfaces that receive data units from a first network device destined for a second network device of the multiple network devices, identify a session associated with each of the data units, and process the data units in accordance with the identified sessions and a security policy. | ||
| 申请公布号 | US8839352(B2) | 申请公布日期 | 2014.09.16 |
| 申请号 | US201213571544 | 申请日期 | 2012.08.10 |
| 申请人 | Juniper Networks, Inc. | 发明人 | Liu Changming;Cheung Lee Chik |
| 分类号 | H04L29/08;G06F15/16;H04L29/06;G06F21/60 | 主分类号 | H04L29/08 |
| 代理机构 | Harrity & Harrity, LLP | 代理人 | Harrity & Harrity, LLP |
| 主权项 | 1. A method comprising: establishing, by a first network device, a dedicated interconnection between a particular interface of a second network device and a particular interface of a third network device, the dedicated interconnection causing data received at a first interface of the first network device to be output from the first network device via a second interface of the first network device; receiving, at the first interface of the first network device, data transmitted by the second network device toward the third network device; processing, by the first network device, the data based on a security policy associated with the data, processing the data including: determining that the data includes a data unit for establishing a data session between a source device and a destination device,storing session information associated with the data session based on the data including the data unit, the session information including an identifier that identifies the data session and a sequence number that identifies a position of the data relative to other data associated with the data session, andforwarding the session information to a fourth network device, the fourth network device including a dedicated interconnection between a pair of interfaces for forwarding data received from the third network device to a fifth network device; and outputting, by the first network device, the data to the third network device via the second interface of the first network device, the data being output via the second interface based on the dedicated interconnection being established, andthe dedicated interconnection preserving a routing associated with transmitting the data between the second network device and the third network device that existed prior to the first network device being inserted between the second network device and the third network device. | ||
| 地址 | Sunnyvale CA US | ||