Patent application number | Description | Published |
20090037763 | Systems and Methods for Providing IIP Address Stickiness in an SSL VPN Session Failover Environment - The SSL VPN session failover solution of the appliance and/or client agent described herein provides an environment for handling IP address assignment and end point re-authorization upon failover. The appliances may be deployed to provide a session failover environment in which a second appliance is a backup to a first appliance when a failover condition is detected, such as failure in operation of the first appliance. The backup appliance takes over responsibility for SSL VPN sessions provided by the first appliance. In the failover environment, the first appliance propagates SSL VPN session information including user IP address assignment and end point authorization information to the backup appliance. The backup appliance maintains this information. Upon detection of failover of the first appliance, the backup appliance activates the transferred SSL VPN session and maintains the user assigned IP addresses. The backup appliance may also re-authorize the client for the transferred SSL VPN session. | 02-05-2009 |
20090037998 | Systems and Methods for Authorizing a Client in an SSL VPN Session Failover Environment - The SSL VPN session failover solution of the appliance and/or client agent described herein provides an environment for handling IP address assignment and end point re-authorization upon failover. The appliances may be deployed to provide a session failover environment in which a second appliance is a backup to a first appliance when a failover condition is detected, such as failure in operation of the first appliance. The backup appliance takes over responsibility for SSL VPN sessions provided by the first appliance. In the failover environment, the first appliance propagates SSL VPN session information including user IP address assignment and end point authorization information to the backup appliance. The backup appliance maintains this information. Upon detection of failover of the first appliance, the backup appliance activates the transferred SSL VPN session and maintains the user assigned IP addresses. The backup appliance may also re-authorize the client for the transferred SSL VPN session. | 02-05-2009 |
20100241846 | SYSTEM AND METHOD FOR ESTABLISHING A VIRTUAL PRIVATE NETWORK - A system and method for establishing a virtual private network (VPN) between a client and a private data communication network. An encrypted data communication session, such as a—Secure Sockets Layer (SSL) data communication session, is established between a gateway and the client over a public data communication network. The gateway then sends a programming component to the client for automatic installation and execution thereon. The programming component operates to intercept communications from client applications destined for resources on the private data communication network and to send the intercepted communications to the gateway via the encrypted data communication session instead of to the resources on the private data communication network. | 09-23-2010 |
20100242092 | SYSTEMS AND METHODS FOR SELECTING AN AUTHENTICATION VIRTUAL SERVER FROM A PLURALITY OF VIRTUAL SERVERS - The present invention provides a system and method for dynamically selecting an authentication virtual server from a plurality of authentication virtual servers. A traffic management virtual server may determine from a request received from a client to access content of a server that the client has not been authenticated. The traffic management virtual server can identify a policy for selecting an authentication virtual server to provide authentication of the client. Responsive to the identification, the traffic management virtual server can select, via the policy, an authentication virtual server of the plurality of authentication virtual servers to authenticate the client. Responsive to the request, the traffic management virtual server may transmit a response to the client The response includes an instruction to redirect to the selected authentication virtual server. | 09-23-2010 |
20100242105 | SYSTEMS AND METHODS FOR SELECTIVE AUTHENTICATION, AUTHORIZATION, AND AUDITING IN CONNECTION WITH TRAFFIC MANAGEMENT - The present invention provides a system and method for authentication of network traffic managed by a traffic management virtual server. A traffic management virtual server may determine that a client has not been authenticated from a request of the client to access a server. Responsive to the request, the traffic management virtual server may transmit a response to the client with instructions to redirect to an authentication virtual server. The authentication virtual server may receive a second request from the client. The authentication virtual server may then authenticate credentials received from the client and establish an authentication session for the client. Further, the authentication virtual server may transmit a second response to redirect the client to the traffic management virtual server. The second response identifies the authentication session. The traffic management virtual server then receives a request from the client with an identifier to the authentication session. | 09-23-2010 |
20100281162 | SYSTEMS AND METHODS OF PROVIDING SERVER INITIATED CONNECTIONS ON A VIRTUAL PRIVATE NETWORK - The present invention is related to a method for establishing via an appliance a transport layer protocol connection initiated by a server on a first network to a client connected from a second network to the first network via a secure socket layer virtual private network (SSL VPN) connection. The method includes the step of receiving, by an appliance, a transport layer connection request from a server on a first network to connect to a client connected to the first network via a SSL VPN connection from a second network. The transport layer connection request identifies a client destination internet protocol address and a client destination port on the first network. The method includes establishing, by the appliance, a first transport layer connection to the server on the first network, determining, by the appliance, the client on the second network associated with the client destination internet protocol address on the first network, and transmitting, by the appliance, connection information identifying the client destination port to an agent on the client. The agent establishes a second transport layer connection to the client destination port using a local internet protocol address of the client on the second network and establishes a third transport layer connection to the appliance, which it associates with the second transport layer connection. | 11-04-2010 |
20110162062 | SYSTEMS AND METHODS FOR A VPN ICA PROXY ON A MULTI-CORE SYSTEM - The present invention is directed towards systems and methods for sharing licenses across resources via a multi-core intermediary device. A device intermediary to a plurality of clients and a server may grant a license for a virtual private network (VPN) session established by a first core of a plurality of cores of the device with a client. A second core of the plurality of cores may receive a first request from the client to establish an application connection between an application and a server via the VPN session. The second core may send a second request to the first core to share the license of the VPN session responsive to determining that the first core owns the VPN session. The second core may establish the application connection responsive to receiving from the first core a response accepting the second request to share the license of the VPN session. | 06-30-2011 |
20110277026 | Systems and Methods for Providing Single Sign On Access to Enterprise SAAS and Cloud Hosted Applications - The solution of the present application addresses the problem of authentication across disparately hosted systems by providing a single authentication domain across SaaS and cloud hosted applications as well as traditional enterprise hosted applications. An application delivery controller intermediary to a plurality of clients and the disparately hosted applications providing single sign on management, integration and control. A user may log in via an interface provided, controlled or managed by the ADC, which in turns, authenticates the user to the application in accordance with policy and the host of the application. As such, the user may login once to gain access to a plurality of disparately hosted applications. From the user's perspective, the user seamlessly and transparently gains access to different hosted systems with different passwords and authentication via the remote access provided by the system of the present solution | 11-10-2011 |
20120036231 | SYSTEMS AND METHODS FOR SERVER INITIATED CONNECTION MANAGEMENT IN A MULTI-CORE SYSTEM - The present application is directed towards systems and methods for managing server initiated connections via a multi-core system that provides VPN access between clients and servers. The solution described herein provides a mechanism by which server and client communications via the multi-core system for a server initiated connection may be received on different cores and for the system to manage these communications across different cores to provide an end-to-end connectivity between the client and the server. | 02-09-2012 |
20120036244 | SYSTEMS AND METHODS FOR IIP ADDRESS SHARING ACROSS CORES IN A MULTI-CORE SYSTEM - In a multi-core system, multiple packet engines across corresponding cores may be working concurrently processing data packets from data flows of SSL VPN sessions. For example, a first core may establish a SSL VPN session with a client. Any one of the other cores, such as a second core, may received packets related to the session owned by the first core. Embodiments of the systems and method described below provide management of IIP addresses for the multi-core/multi-packet engine approach to providing SSL VPN service. In some embodiments, the approach to managing IIP addresses is to have one packet engine on a core act as a master or controller of the IIPs for the remaining packet engines and cores. The packet engines/cores use a protocol for communications regarding IIP management. | 02-09-2012 |
20120131208 | SYSTEMS AND METHODS FOR MANAGING A PLURALITY OF USER SESSIONS IN A VIRTUAL PRIVATE NETWORK ENVIRONMENT - Methods for establishing an SSL/VPN session on behalf of a user of a client where the user has a previously existing session are described. Methods include receiving, by an appliance, a request from a first client operated by a user to establish a virtual private network session; creating, by the appliance, a temporary virtual private network session with the client; identifying, by the appliance, an existing virtual private network session previously established on behalf of the user; terminating the previous session; and creating a new virtual private network session with the client using the temporary session. Other methods may further include transmitting a request to a user corresponding to whether to terminate one or more previous sessions, and transferring session data from a previously existing session to a current session. Corresponding systems are also described. | 05-24-2012 |
20120281706 | SYSTEMS AND METHODS FOR CLOUD BRIDGING BETWEEN INTRANET RESOURCES AND CLOUD RESOURCES - Embodiments of the present solution provide a cloud bridge to bring network transparency between the otherwise disparate networks of the datacenter and cloud service provider. For example, appliances may be deployed in the datacenter and on the edge of the cloud. These appliances may be configured or designed and constructed to communicate with each other and recognize and understand the local IP and/or public IP network information of the on-premise datacenter of the enterprise and the cloud datacenter. These appliances may manage the flow of network traffic between the on-premise and cloud datacenters in a manner to appear and act seamlessly and transparently as a single network spanning both the on-premise and cloud data centers. | 11-08-2012 |
20120290732 | METHODS FOR ASSOCIATING AN IP ADDRESS TO A USER VIA AN APPLIANCE - The present disclosure describes methods and systems for efficiently assigning, managing and querying virtual private network (VPN) addresses intranet IP (IIP) addresses of users, such as SSL VPN users on an enterprise network. The disclosure describes techniques and policies for assigning previously-assigned VPN addresses of a user to subsequent sessions of the user as the user logs in multiple times or roams between access points. The disclosure also describes a configurable user domain naming policy so that one can query the VPN address of a user by an easily referable host name identifying the user. The appliance and/or client agent provides techniques for applications to seamlessly and transparently communicate on the VPN using the VPN address of the user or client on the private network. | 11-15-2012 |
20120317411 | SYSTEM AND METHOD FOR ESTABLISHING A VIRTUAL PRIVATE NETWORK - A system and method for establishing a virtual private network (VPN) between a client and a private data communication network. An encrypted data communication session, such as a-Secure Sockets Layer (SSL) data communication session, is established between a gateway and the client over a public data communication network. The gateway then sends a programming component to the client for automatic installation and execution thereon. The programming component operates to intercept communications from client applications destined for resources on the private data communication network and to send the intercepted communications to the gateway via the encrypted data communication session instead of to the resources on the private data communication network. | 12-13-2012 |
20140041014 | METHODS AND SYSTEMS FOR ROUTING PACKETS IN A VPN-CLIENT-TO-VPN-CLIENT CONNECTION VIA AN SSL/VPN NETWORK APPLIANCE - In a method and system for routing packets between clients, a packet is received from a first client connected to a secure sockets layer virtual private network (an SSL/VPN) network appliance. An identification is made, responsive to an inspection of the received packet, of i) a type of connection required for transmission of the received packet to a destination address identified by the received packet and ii) a second client connected via an SSL/VPN connection to the SSL/VPN network appliance and associated with the identified destination address. A request is made for establishment by the second client of a connection of the identified type within the SSL/VPN connection. The received packet is transmitted to the second client via the established connection of the identified type. | 02-06-2014 |
20140095725 | SYSTEMS AND METHODS FOR SERVER INITIATED CONNECTION MANAGEMENT IN A MULTI-CORE SYSTEM - The present application is directed towards systems and methods for managing server initiated connections via a multi-core system that provides VPN access between clients and servers. The solution described herein provides a mechanism by which server and client communications via the multi-core system for a server initiated connection may be received on different cores and for the system to manage these communications across different cores to provide an end-to-end connectivity between the client and the server. | 04-03-2014 |
20140143394 | SYSTEMS AND METHODS FOR IIP ADDRESS SHARING ACROSS CORES IN A MULTI-CORE SYSTEM - In a multi-core system, multiple packet engines across corresponding cores may be working concurrently processing data packets from data flows of SSL VPN sessions. For example, a first core may establish a SSL VPN session with a client. Any one of the other cores, such as a second core, may received packets related to the session owned by the first core. Embodiments of the systems and method described below provide management of IIP addresses for the multi-core/multi-packet engine approach to providing SSL VPN service. In some embodiments, the approach to managing IIP addresses is to have one packet engine on a core act as a master or controller of the IIPs for the remaining packet engines and cores. The packet engines/cores use a protocol for communications regarding IIP management. | 05-22-2014 |