Patent application number | Description | Published |
20090037763 | Systems and Methods for Providing IIP Address Stickiness in an SSL VPN Session Failover Environment - The SSL VPN session failover solution of the appliance and/or client agent described herein provides an environment for handling IP address assignment and end point re-authorization upon failover. The appliances may be deployed to provide a session failover environment in which a second appliance is a backup to a first appliance when a failover condition is detected, such as failure in operation of the first appliance. The backup appliance takes over responsibility for SSL VPN sessions provided by the first appliance. In the failover environment, the first appliance propagates SSL VPN session information including user IP address assignment and end point authorization information to the backup appliance. The backup appliance maintains this information. Upon detection of failover of the first appliance, the backup appliance activates the transferred SSL VPN session and maintains the user assigned IP addresses. The backup appliance may also re-authorize the client for the transferred SSL VPN session. | 02-05-2009 |
20090037998 | Systems and Methods for Authorizing a Client in an SSL VPN Session Failover Environment - The SSL VPN session failover solution of the appliance and/or client agent described herein provides an environment for handling IP address assignment and end point re-authorization upon failover. The appliances may be deployed to provide a session failover environment in which a second appliance is a backup to a first appliance when a failover condition is detected, such as failure in operation of the first appliance. The backup appliance takes over responsibility for SSL VPN sessions provided by the first appliance. In the failover environment, the first appliance propagates SSL VPN session information including user IP address assignment and end point authorization information to the backup appliance. The backup appliance maintains this information. Upon detection of failover of the first appliance, the backup appliance activates the transferred SSL VPN session and maintains the user assigned IP addresses. The backup appliance may also re-authorize the client for the transferred SSL VPN session. | 02-05-2009 |
20090193498 | SYSTEMS AND METHODS FOR FINE GRAIN POLICY DRIVEN CLIENTLESS SSL VPN ACCESS - The present disclosure provides solutions that may enable an enterprise providing services to a number of clients to determine whether to establish a client based SSL VPN session or a clientless SSL VPN session with a client based on an information associated with the client. An intermediary establishing SSL VPN sessions between clients and servers may receive a request from a client to access a server. The intermediary may identify a session policy based on the request. The session policy may indicate whether to establish a client based SSL VPN session or clientless SSL VPN session with the server. The intermediary may determine, responsive to the policy, to establish a clientless or client based SSL VPN session between the client and the server. | 07-30-2009 |
20100242092 | SYSTEMS AND METHODS FOR SELECTING AN AUTHENTICATION VIRTUAL SERVER FROM A PLURALITY OF VIRTUAL SERVERS - The present invention provides a system and method for dynamically selecting an authentication virtual server from a plurality of authentication virtual servers. A traffic management virtual server may determine from a request received from a client to access content of a server that the client has not been authenticated. The traffic management virtual server can identify a policy for selecting an authentication virtual server to provide authentication of the client. Responsive to the identification, the traffic management virtual server can select, via the policy, an authentication virtual server of the plurality of authentication virtual servers to authenticate the client. Responsive to the request, the traffic management virtual server may transmit a response to the client The response includes an instruction to redirect to the selected authentication virtual server. | 09-23-2010 |
20100242105 | SYSTEMS AND METHODS FOR SELECTIVE AUTHENTICATION, AUTHORIZATION, AND AUDITING IN CONNECTION WITH TRAFFIC MANAGEMENT - The present invention provides a system and method for authentication of network traffic managed by a traffic management virtual server. A traffic management virtual server may determine that a client has not been authenticated from a request of the client to access a server. Responsive to the request, the traffic management virtual server may transmit a response to the client with instructions to redirect to an authentication virtual server. The authentication virtual server may receive a second request from the client. The authentication virtual server may then authenticate credentials received from the client and establish an authentication session for the client. Further, the authentication virtual server may transmit a second response to redirect the client to the traffic management virtual server. The second response identifies the authentication session. The traffic management virtual server then receives a request from the client with an identifier to the authentication session. | 09-23-2010 |
20100242106 | SYSTEMS AND METHODS FOR USING END POINT AUDITING IN CONNECTION WITH TRAFFIC MANAGEMENT - The present invention provides a system and method of managing traffic traversing an intermediary based on a result of end point auditing. An authentication virtual server of an intermediary may determine a result of an end point analysis scan of a client. Responsive to the determination, the traffic management virtual server can obtain the result from the authentication virtual server. Further, the traffic management virtual server may apply the result in one or more traffic management policies to manage network traffic of a connection of the client traversing the intermediary. In some embodiments, the authentication virtual server may receive one or more expressions evaluated by the client. The one or more expressions identifies one or more attributes of the client. The traffic management virtual server can also determine a type of compression or encryption for the connection based on applying the one or more traffic management policies using the result. | 09-23-2010 |
20110153721 | SYSTEMS AND METHODS FOR POLICY BASED INTEGRATION TO HORIZONTALLY DEPLOYED WAN OPTIMIZATION APPLIANCES - The present disclosure presents systems and methods for policy based redirection of network traffic, by an intermediary device, to a horizontally deployed WAN device. An intermediary receives a request from a client to access a server. The request was previously modified by a first WAN device to include information in a first option field of a transport layer. The intermediary may determine, responsive to a redirection policy, to send the request to a second WAN optimization device deployed horizontally from the intermediary, instead of the server. The intermediary transmits the request to the second WAN optimization device, while maintaining the information from the first option field. The intermediary device receives the request including the information in the first option field identifying the first WAN optimization device to the second WAN optimization device. The intermediary receives a modified request from the second WAN device, the modified request determined by the intermediary to be sent to the destination server. | 06-23-2011 |
20110153722 | SYSTEMS AND METHODS FOR POLICY BASED TRANSPARENT CLIENT IP INSERTION - The present disclosure presents systems and methods for maintaining an original source IP address of a request by an intermediary network device despite the source IP address being modified by a cache server during an unfulfilled cache request. An intermediary receives a request from a client to access a destination server via a first transport layer connection. The client request identifies the client's IP address as a source IP address. The intermediary transmits to a cache server, via a second transport layer connection, the client request as a second request modified to include the client IP address of the first request in a header. The intermediary device receives, via a third connection, the second request as a third request from the cache server. The intermediary device obtains the client IP address from the header of the third request and transmits to the server identified in the first request the third request as a fourth request identifying the client IP address as the source IP address. | 06-23-2011 |
20110153937 | SYSTEMS AND METHODS FOR MAINTAINING TRANSPARENT END TO END CACHE REDIRECTION - The present disclosure presents systems and methods for maintaining original source and destination IP addresses of a request while performing intermediary cache redirection. An intermediary receives a request from a client destined to a server identifying a client IP address as a source IP address and a server IP address as a destination IP address. The intermediary transmits the request to a cache server, the request maintaining original IP addresses and identifying a MAC address of the cache server as the destination MAC address. The intermediary receives the request from the cache server responsive to a cache miss, the received request maintaining the original source and destination IP addresses. The intermediary identifying that the third request is coming from the cache server via one or more data link layer properties of the third transport layer connection. The intermediary transmits to the server the request identifying the client IP address as the source IP address and the server IP address as the destination IP address. | 06-23-2011 |
20110277026 | Systems and Methods for Providing Single Sign On Access to Enterprise SAAS and Cloud Hosted Applications - The solution of the present application addresses the problem of authentication across disparately hosted systems by providing a single authentication domain across SaaS and cloud hosted applications as well as traditional enterprise hosted applications. An application delivery controller intermediary to a plurality of clients and the disparately hosted applications providing single sign on management, integration and control. A user may log in via an interface provided, controlled or managed by the ADC, which in turns, authenticates the user to the application in accordance with policy and the host of the application. As such, the user may login once to gain access to a plurality of disparately hosted applications. From the user's perspective, the user seamlessly and transparently gains access to different hosted systems with different passwords and authentication via the remote access provided by the system of the present solution | 11-10-2011 |
20120036178 | SYSTEMS AND METHODS FOR COOKIE PROXY JAR MANAGEMENT ACROSS CORES IN A MULTI-CORE SYSTEM - The present solution is directed towards systems and methods for managing cookies by a multi-core device. The device is intermediary to a client and one or more servers. A first core of a multi-core device receives a response from a server to a request of the client through a user session. The response comprises a cookie. The first core removes the cookie from the response and stores the cookie in a corresponding storage for the session. The first core forwards the response without the cookie to the client. A second core then receives via a session, a second request from the client. The second core determines the identification of the first core as owner of the session from the second request. The second core then communicates to the first core a third request for cookie information for the session. | 02-09-2012 |
20120036244 | SYSTEMS AND METHODS FOR IIP ADDRESS SHARING ACROSS CORES IN A MULTI-CORE SYSTEM - In a multi-core system, multiple packet engines across corresponding cores may be working concurrently processing data packets from data flows of SSL VPN sessions. For example, a first core may establish a SSL VPN session with a client. Any one of the other cores, such as a second core, may received packets related to the session owned by the first core. Embodiments of the systems and method described below provide management of IIP addresses for the multi-core/multi-packet engine approach to providing SSL VPN service. In some embodiments, the approach to managing IIP addresses is to have one packet engine on a core act as a master or controller of the IIPs for the remaining packet engines and cores. The packet engines/cores use a protocol for communications regarding IIP management. | 02-09-2012 |
20120166483 | Systems and Methods for Database Proxy Request Switching - The present application is directed towards systems and methods for selecting a database from a plurality of databases to forward a SQL query request based on a property of the SQL request. A device intermediary to a plurality of clients and databases may establish a plurality of connections to the plurality of databases. The device may receive, from a client of the plurality of clients, a request to execute a SQL query. The device may evaluate one or more properties of the request to execute the SQL query responsive to a policy. The device may select a database from the plurality of databases based on a result of evaluation of the one or more properties of the request to execute the SQL query. The device may forward the request to execute the SQL query to the selected database via a connection of the plurality of connections. | 06-28-2012 |
20120173759 | Systems and Methods for Policy Based Integration to Horizontally Deployed WAN Optimization Appliances - The present disclosure presents systems and methods for policy-based redirection of network traffic, by an intermediary device, to a horizontally deployed WAN device. An intermediary receives a request from a client to access a server. The request was previously modified by a first WAN device to include information in an option field of a transport layer. The intermediary may determine, responsive to a redirection policy, to send the request to a second WAN device deployed horizontally from the intermediary, instead of the server. The intermediary transmits the request to the second WAN device, while maintaining the information from the option field. The intermediary device receives the request including the information identifying the first WAN optimization device to the second WAN device. The intermediary receives a modified request from the second WAN device, the modified request determined by the intermediary to be sent to the destination server. | 07-05-2012 |
20120203825 | SYSTEMS AND METHODS FOR NTIER CACHE REDIRECTION - The present disclosure describes systems and methods for load balancing multiple application delivery controllers (ADCs) in multiple tiers. An upper layer of the tier comprises ADCs that load balance the plurality of ADCs of a lower layer of the tier. In order to appropriately share and maintain client IPs for transparent cache redirection scenarios, the transport layer (Transport Control Protocol (TCP)) port range is split among the ADCs of the lower tier. The lower tier ADCs would then create a connection only using a source port assigned to them. The response from the origin will then be sent to the upper level ADC which looks at the destination port and forward the packet to the correct lower tier ADC. Hence, the ADCs at two levels will work in conjunction to provide transparent cache direction. | 08-09-2012 |
20140143394 | SYSTEMS AND METHODS FOR IIP ADDRESS SHARING ACROSS CORES IN A MULTI-CORE SYSTEM - In a multi-core system, multiple packet engines across corresponding cores may be working concurrently processing data packets from data flows of SSL VPN sessions. For example, a first core may establish a SSL VPN session with a client. Any one of the other cores, such as a second core, may received packets related to the session owned by the first core. Embodiments of the systems and method described below provide management of IIP addresses for the multi-core/multi-packet engine approach to providing SSL VPN service. In some embodiments, the approach to managing IIP addresses is to have one packet engine on a core act as a master or controller of the IIPs for the remaining packet engines and cores. The packet engines/cores use a protocol for communications regarding IIP management. | 05-22-2014 |
20140258390 | SYSTEMS AND METHODS FOR MAINTAINING TRANSPARENT END TO END CACHE REDIRECTION - The present disclosure presents systems and methods for maintaining original source and destination IP addresses of a request while performing intermediary cache redirection. An intermediary receives a request from a client destined to a server identifying a client IP address as a source IP address and a server IP address as a destination IP address. The intermediary transmits the request to a cache server, the request maintaining original IP addresses and identifying a MAC address of the cache server as the destination MAC address. The intermediary receives the request from the cache server responsive to a cache miss, the received request maintaining the original source and destination IP addresses. The intermediary identifying that the third request is coming from the cache server via one or more data link layer properties of the third transport layer connection. The intermediary transmits to the server the request identifying the client IP address as the source IP address and the server IP address as the destination IP address. | 09-11-2014 |
20150074751 | SYSTEMS AND METHODS FOR FINE GRAIN POLICY DRIVEN CLIENTLESS SSL VPN ACCESS - The present disclosure provides solutions that may enable an enterprise providing services to a number of clients to determine whether to establish a client based SSL VPN session or a clientless SSL VPN session with a client based on an information associated with the client. An intermediary establishing SSL VPN sessions between clients and servers may receive a request from a client to access a server. The intermediary may identify a session policy based on the request. The session policy may indicate whether to establish a client based SSL VPN session or clientless SSL VPN session with the server. The intermediary may determine, responsive to the policy, to establish a clientless or client based SSL VPN session between the client and the server. | 03-12-2015 |
20150244781 | SYSTEMS AND METHODS FOR POLICY BASED INTEGRATION TO HORIZONTALLY DEPLOYED WAN OPTIMIZATION APPLIANCES - The present disclosure presents systems and methods for policy based redirection of network traffic, by an intermediary device, to a horizontally deployed WAN device. An intermediary receives a request from a client to access a server. The request was previously modified by a first WAN device to include information in a first option field of a transport layer. The intermediary may determine, responsive to a redirection policy, to send the request to a second WAN optimization device deployed horizontally from the intermediary, instead of the server. The intermediary transmits the request to the second WAN optimization device, while maintaining the information from the first option field. The intermediary device receives the request including the information in the first option field identifying the first WAN optimization device to the second WAN optimization device. The intermediary receives a modified request from the second WAN device, the modified request determined by the intermediary to be sent to the destination server. | 08-27-2015 |
Patent application number | Description | Published |
20150087301 | GEO-LOCATION ASSISTED CELLULAR NETWORK DISCOVERY - A mobile device includes a global navigation satellite system (GNSS) module, a modem, a memory, and an application processor. The GNSS module is configured to determine geographical location information of the mobile device. The memory is configured to store the geographical location information and associated cell information including previously camped cell information entries associated with respective geographical location information. The modem is coupled to the GNSS module and configured to perform a cell search based on previously camped cell information associated with the geographical location information. The modem may retrieve one of the previously camped cell information entries from the memory based on corresponding geographical location information. The application processor is coupled to the GNSS module and modem, and configured to store association data in the memory. The association data includes the geographical location information from the GNSS module and associated cell information from the modem. | 03-26-2015 |
20150092540 | System and Method for Traffic Offload - Embodiments of the disclosure generally relate to a system and method for traffic offload from a first access technology to a second access technology. For example, packets originally destined for transmission over a bearer channel associated with Long Term Evaluation (LTE) can be offloaded to a Wi-FI bearer channel in a seamless manner when available, or a non-seamless manner. | 04-02-2015 |
20150092675 | SYSTEM AND METHOD FOR TRANSMISSION ADAPTION TO AVOID RECEPTION INTERFERENCE IN A DEVICE THAT IMPLMENENTS MORE THAN ONE WIRELESS TECHNOLOGY - Example embodiments generally relate to adapting a transmission via first wireless technology to avoid interference with a reception via a second wireless technology. For example, a user equipment (e.g. cell phone) can include radios operating according to first and second wireless radio technologies, which can include Long Term Evolution (LTE) and a technology using the industrial, scientific and medical (ISM) frequency band. When a priority request is asserted by a radio operating in the ISM frequency band, the LTE radio may abort a scheduled transmission when certain “transmission abort criteria” are satisfied. | 04-02-2015 |
20150181437 | System and Method for Reception Adaption to Reduce Transmission Interference in a Device That Implements More Than One Wireless Technology - Example embodiments generally relate to adapting a reception via first wireless technology to reduce or avoid interference with a transmission via a second wireless technology. For example, a user equipment (e.g. cell phone) can include radios operating according to first and second wireless radio technologies, which can include Long Term Evolution (LTE) and a technology using the industrial, scientific and medical (ISM) frequency band. In this example, the LTE radio may adapt, delay, or avoid the reception of certain scheduled system information from the network to reduce or avoid interference with transmission from the ISM radio. | 06-25-2015 |