Patent application number | Description | Published |
20090193129 | Systems and Methods for Fine Grain Policy Driven Cookie Proxying - The present solution enables a client that is not configured to use cookies to access resources of the server that uses cookies for communications with the clients. An intermediary deployed between a client and a server intercepts and modifies transmissions between the client and the server to compensate for the mismatch in configuration of the cookies between the client and the server. The present disclosure relates to a method for managing cookies by an intermediary for a client. An intermediary receives a response from a server to a request of a client. The response may comprise a uniform resource locator (URL) and a cookie. The intermediary may modify the response by removing the cookie from the response and inserting a unique client identifier into the URL. The intermediary may store the removed cookie in association with the unique client identifier and forward the modified response to the client. | 07-30-2009 |
20090193498 | SYSTEMS AND METHODS FOR FINE GRAIN POLICY DRIVEN CLIENTLESS SSL VPN ACCESS - The present disclosure provides solutions that may enable an enterprise providing services to a number of clients to determine whether to establish a client based SSL VPN session or a clientless SSL VPN session with a client based on an information associated with the client. An intermediary establishing SSL VPN sessions between clients and servers may receive a request from a client to access a server. The intermediary may identify a session policy based on the request. The session policy may indicate whether to establish a client based SSL VPN session or clientless SSL VPN session with the server. The intermediary may determine, responsive to the policy, to establish a clientless or client based SSL VPN session between the client and the server. | 07-30-2009 |
20090199285 | Systems and Methods for For Proxying Cookies for SSL VPN Clientless Sessions - The present application enables the enterprise to configure various policies to address various subsets of the traffic based on various information relating the client, the server, or the details and nature of the interactions between the client and the server. An intermediary deployed between clients and servers may establish an SSL VPN session between a client and a server. The intermediary may receiving a response from a server to a request of a client via the clientless SSL VPN session. The response may comprise one or more cookies. The intermediary may identify an access profile for the clientless SSL VPN session. The access profile may identify one or more policies for proxying cookies. The intermediary may determine, responsive to the one or more policies of the access profile, whether to proxy or bypass proxying for the client the one or more cookies. | 08-06-2009 |
20140298410 | SYSTEMS AND METHODS FOR PROXYING COOKIES FOR SSL VPN CLIENTLESS SESSIONS - The present application enables the enterprise to configure various policies to address various subsets of the traffic based on various information relating the client, the server, or the details and nature of the interactions between the client and the server. An intermediary deployed between clients and servers may establish an SSL VPN session between a client and a server. The intermediary may receiving a response from a server to a request of a client via the clientless SSL VPN session. The response may comprise one or more cookies. The intermediary may identify an access profile for the clientless SSL VPN session. The access profile may identify one or more policies for proxying cookies. The intermediary may determine, responsive to the one or more policies of the access profile, whether to proxy or bypass proxying for the client the one or more cookies. | 10-02-2014 |
20150074751 | SYSTEMS AND METHODS FOR FINE GRAIN POLICY DRIVEN CLIENTLESS SSL VPN ACCESS - The present disclosure provides solutions that may enable an enterprise providing services to a number of clients to determine whether to establish a client based SSL VPN session or a clientless SSL VPN session with a client based on an information associated with the client. An intermediary establishing SSL VPN sessions between clients and servers may receive a request from a client to access a server. The intermediary may identify a session policy based on the request. The session policy may indicate whether to establish a client based SSL VPN session or clientless SSL VPN session with the server. The intermediary may determine, responsive to the policy, to establish a clientless or client based SSL VPN session between the client and the server. | 03-12-2015 |
Patent application number | Description | Published |
20130103836 | Centralized Configuration with Dynamic Distributed Address Management - The present disclosure discloses a network device and/or method for centralized configuration with dynamic distributed address management. The disclosed network device receives, at a first network node, a range of sub network addresses and a specified size for a sub network. The disclosed network device then divides the range of sub network addresses into a plurality of sub-ranges of sub network addresses based on the specified size. Further, the network device allocates the plurality of sub-ranges of sub network addresses to a plurality of sub networks, and transmits an allocated sub-range of sub network addresses to a corresponding sub network at a second network node through an established secure communication channel. Moreover, the network device can retrieve a profile template that includes the range of sub network addresses and the specified size of the sub network; and create a profile based on the profile template. | 04-25-2013 |
20150222540 | DISTRIBUTED GATEWAY FOR LOCAL SUBNET - A computer readable medium storing instructions with functionality for: receiving a first request, from a first client device in a particular IP subnet, to identify a MAC address that corresponds to a particular IP address in the particular IP subnet; transmitting a first response to the first client device that identifies a first MAC address, of a first network device in the particular IP subnet, as the MAC address that corresponds to the particular IP address; receiving a second request, from a second client device in the particular IP subnet, to identify the MAC address that corresponds to the particular IP address; transmitting a second response to the second client device that identifies a second MAC address, of a second network device in the particular IP subnet, as the MAC address that corresponds to the particular IP address, the second MAC address being different than the first MAC address. | 08-06-2015 |
20150237002 | Centralized Configuration with Dynamic Distributed Address Management - The present disclosure discloses a network device and/or method for centralized configuration with dynamic distributed address management. The disclosed network device receives, at a first network node, a range of sub network addresses and a specified size for a sub network. The disclosed network device then divides the range of sub network addresses into a plurality of sub-ranges of sub network addresses based on the specified size. Further, the network device allocates the plurality of sub-ranges of sub network addresses to a plurality of sub networks, and transmits an allocated sub-range of sub network addresses to a corresponding sub network at a second network node through an established secure communication channel. Moreover, the network device can retrieve a profile template that includes the range of sub network addresses and the specified size of the sub network; and create a profile based on the profile template. | 08-20-2015 |
20160036700 | DISTRIBUTED VIRTUAL PRIVATE NETWORK - A system includes: multiple access points, the multiple access points including at least a first access point and a second access point; the system performs operations including: receiving, by the second access point from a client device, a data packet to be transmitted to a device outside of the system; forwarding the data packet by the second access point to the first access point; assigning, by the first access point, a first sequence number to the data packet to be used for transmitting the data packet outside of the system; transmitting the data packet with the first sequence number to the device outside of the system. | 02-04-2016 |