Methods and apparatus for a computer network firewall with proxy reflection

Patent 6098172 Issued on August 1, 2000. Estimated Expiration Date:

September 12, 2017. Estimated Expiration Date is calculated based on simple USPTO term provisions. It does not account for terminal disclaimers, term adjustments, failure to pay maintenance fees, or other factors which might affect the term of a patent.

Abstract Claims Description Full Text

Patent References

Apparatus and method for providing a secure gateway for communication and data exchanges between networks
Patent #: 5623601
Issued on: 04/22/1997
Inventor: Vu

System and method for providing protocol translation and filtering to access the world wide web from wireless or low-bandwidth networks
Patent #: 5673322
Issued on: 09/30/1997
Inventor: Pepe, et al.

Network with secure communications sessions
Patent #: 5689566
Issued on: 11/18/1997
Inventor: Nguyen

Transparent and secure network gateway
Patent #: 5781550
Issued on: 07/14/1998
Inventor: Templin, et al.

Security system for network address translation systems
Patent #: 5793763
Issued on: 08/11/1998
Inventor: Mayes, et al.

Method and system for allowing remote procedure calls through a network firewall
Patent #: 5828833
Issued on: 10/27/1998
Inventor: Belville, et al.

System for securing the flow of and selectively modifying packets in a computer network
Patent #: 5835726
Issued on: 11/10/1998
Inventor: Shwed, et al.

Multilevel security port methods, apparatuses, and computer program products
Patent #: 5845068
Issued on: 12/01/1998
Inventor: Winiger

Method and apparatus for dynamic packet filter assignment
Patent #: 5848233
Issued on: 12/08/1998
Inventor: Radia, et al.

System for packet filtering of data packet at a computer network interface
Patent #: 5884025
Issued on: 03/16/1999
Inventor: Baehr, et al.

More ...

Inventors

Application

No. 928797 filed on 09/12/1997

Examiners

Primary: Beausoliel, Robert W. Jr.
Assistant: Elmore, Stephen C.

Foreign Patent References

0 743 777 A2 EP. 11/20/1996
0 856 974 A2 EP. 08/20/1998
WO 97/00471 WO. 01/20/1997
WO 97/02734 WO. 01/20/1997
WO 97/49038 WO. 12/20/1997

International Class

H04L 009/00

Abstract

Computer network firewalls which include one or more features for increased processing efficiency are provided. A firewall in accordance with the invention can support multiple security policies, multiple users or both, by applying any one of several distinct sets of access rules. The firewall can also be configured to utilize "stateful" packet filtering which involves caching rule processing results for one or more packets, and then utilizing the cached results to bypass rule processing for subsequent similar packets. To facilitate passage to a user, by a firewall, of a separate later transmission which is properly in response to an original transmission, a dependency mask can be set based on session data items such as source host address, destination host address, and type of service. The mask can be used to query a cache of active sessions being processed by the firewall, such that a rule can be selected based on the number of sessions that satisfy the query. Dynamic rules may be used in addition to pre-loaded access rules in order to simplify rule processing. To unburden the firewall of application proxies, the firewall can be enabled to redirect a network session to a separate server for processing.

Other References

Chapman et al., "Building Internet Firewalls", ISBN: 1-56592-124-0, Chpt. 4, Firewall Design, pp 57-89, 147, and 226, Nov. 1995
Siyan et al., "Internet Firewalls and Network Security", ISBN: 1-56205-437-6, pp 306-326, Jan. 1995
Press Release, "EliaShim Ltd. Announces CVP-Complaint Anti-Virus Plug-In for Check Point FireWall-1," pp. 1-2, Feb. 17, 199