Security policy enforcement and visibility for network traffic with masked source addresses

Some network architectures include perimeter or edge devices which perform network address translation or otherwise modify data in a network traffic packet header, such as the source address. The modification of the source address prevents downstream devices from knowing the true or original source...

Full description

Saved in:
Bibliographic Details
Main Authors Fitz-Gerald, Jr., Jeffrey James, Warburton, Thomas Arthur, Sreenivasa Murthy, Ashwath
Format Patent
LanguageEnglish
Published 20.08.2024
Subjects
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRICITY
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online AccessGet full text

Cover

More Information
Summary:Some network architectures include perimeter or edge devices which perform network address translation or otherwise modify data in a network traffic packet header, such as the source address. The modification of the source address prevents downstream devices from knowing the true or original source address from which the traffic originated. To address this issue, perimeter devices can insert the original source address in an X-Forwarded-For field of the packet header. Firewalls and related security services can be programmed to record the original source address in the XFF field in addition to the other packet information and to consider the original source address during security analysis. Using the original source address in the XFF field, services can determine additional characteristics about the traffic, such as geographic origin or associated user accounts, and use these characteristics to identify applicable rules or policies.
Bibliography:Application Number: US202217646857