| 发明名称 |
SCALABLE SECURITY SERVICES FOR MULTICAST IN A ROUTER HAVING INTEGRATED ZONE-BASED FIREWALL |
| 摘要 |
A multicast-capable firewall allows firewall security policies to be applied to multicast traffic. The multicast-capable firewall may be integrated within a routing device, thus allowing a single device to provide both routing functionality, including multicast support, as well as firewall services. The routing device provides a user interface by which a user specifies one or more zones to be recognized by the integrated firewall when applying stateful firewall services to multicast packets. The user interface supports a syntax that allows the user to define subsets of the plurality of interfaces associated with the zones, and define a single multicast policy to be applied to multicast sessions associated with a multicast group. The multicast policy identifies common services to be applied pre-replication, and exceptions specifying additional services to be applied post-replication to copies of the multicast packets for the one or more zones. |
| 申请公布号 |
US2014237541(A1) |
申请公布日期 |
2014.08.21 |
| 申请号 |
US201414262593 |
申请日期 |
2014.04.25 |
| 申请人 |
Juniper Networks, Inc. |
发明人 |
Varadhan Kannan;Frailong Jean-Marc;Venkatramani Anjan |
| 分类号 |
H04L29/06;H04L12/18 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A network device comprising:
a plurality of interfaces configured to send and receive multicast packets; a firewall integrated within the network device, wherein the network device is configured with one or more zones to be recognized by the firewall when applying stateful firewall services to the multicast packets; a user interface that supports a syntax that allows a user to define a single multicast policy to be applied to multicast sessions associated with a multicast group, wherein the multicast policy specifies one or more stateful firewall services to be applied by the firewall to the multicast packets destined for one or more specified zones of the one or more zones; and a services component executing on the firewall, wherein the services component is configured to determine, based on the single multicast policy and interfaces associated with the specified zones, one or more of the stateful firewall services to be applied by the firewall prior to replication of the multicast packets and one or more of the stateful firewall services to be applied by the firewall after replication of the multicast packets, wherein the firewall is configured to apply the stateful firewall services to the multicast packets as determined by the services component. |
| 地址 |
Sunnyvale CA US |
