Abstract: Systems and methods are provided for monitoring a connection state between a primary DHCP server and a secondary DHCP server, determining that a connection between the primary DHCP server and the secondary DHCP server has not been established within a first timeframe, establishing a partner-down operation state at one or more of the primary DHCP server and secondary DHCP server, and, during an established partner-down operation state, issuing/allocating short-term network address leases from one of the primary DHCP servers or secondary DHCP servers. Short-term network leases of the present disclosure may have a duration of between 1 second and 5 minutes.

Abstract: An example branch gateway (BG) of a local area network (LAN) includes processing circuitry and a memory. The memory includes instructions that cause the BG to determine that a network traffic load of the BG is greater than that of another BG. The instructions further cause the BG to determine that a first network traffic load skew between the BG and the other BG is greater than a first threshold. The instructions further cause the BG to select a first virtual local area network (VLAN) of a set of VLANs of the LAN, wherein network traffic of client devices of the first VLAN is routed through the BG based on a master role of the first VLAN being assigned to the BG. The instructions further cause the BG to transmit a message to the other BG that assigns the master role of the first VLAN to the other BG.

Abstract: Examples disclosed herein relate to enforcing a policy to a packet stream based on a classification and a determination that a proxy connection is associated with the packet stream. In the example, the packet stream is received. In this example, a host value is determined for the packet stream. Also, in the example, it is determined whether the packet stream is associated with the proxy connection. Further, in the example, a classification is determined based on the host value. In this example, the policy is enforced for the packet stream based on the classification and the determination that the proxy connection is associated with the packet stream.

Abstract: Example method includes: defining, by a network device, a source virtual local area network (VLAN), wherein the source VLAN is common for at least a first switch and a second switch, and wherein the source VLAN is dedicated to a particular link between the first switch and the second switch; and using an Internet Protocol (IP) address corresponding to the defined source VLAN as a source address for peer-to-peer traffic transmitted between the first switch and the second switch, wherein no peer-to-peer traffic between the first switch and the second switch is transmitted over a link other than the particular link.

Abstract: The present disclosure discloses a method and system for achieving enhanced performance for application message handling. The disclosed system includes a device and is configured to receive, at a first processing layer implemented by the device, a message addressed to a first port. The system is further configured to modify the message to be addressed to a second port indicated in a body of the message prior to forwarding the message to a second processing layer implemented by the device. Furthermore, the system is configured to forward, by the first processing layer to the second processing layer, the modified message addressed to the second port.

Abstract: Example method includes: defining, by a network device, a source virtual local area network (VLAN), wherein the source VLAN is common for at least a first switch and a second switch, and wherein the source VLAN is dedicated to a particular link between the first switch and the second switch; and using an Internet Protocol (IP) address corresponding to the defined source VLAN as a source address for peer-to-peer traffic transmitted between the first switch and the second switch, wherein no peer-to-peer traffic between the first switch and the second switch is transmitted over a link other than the particular link.

Abstract: The present disclosure discloses a method and system for achieving enhanced performance for application message handling. The disclosed system includes a device and is configured to receive, at a first processing layer implemented by the device, a message addressed to a first port. The system is further configured to modify the message to be addressed to a second port indicated in a body of the message prior to forwarding the message to a second processing layer implemented by the device. Furthermore, the system is configured to forward, by the first processing layer to the second processing layer, the modified message addressed to the second port.

Abstract: Examples disclosed herein relate to enforcing a policy to a packet stream based on a classification and a determination that a proxy connection is associated with the packet stream. In the example, the packet stream is received. In this example, a host value is determined for the packet stream. Also, in the example, it is determined whether the packet stream is associated with the proxy connection. Further, in the example, a classification is determined based on the host value. In this example, the policy is enforced for the packet stream based on the classification and the determination that the proxy connection is associated with the packet stream.

Abstract: The present disclosure discloses a method and a network device for performing dynamic detection and application-based policy enforcement of proxy connections in a network. Specifically, a network device receives, from a client device, a packet in a session. The network device then determines whether the packet is transmitted to a proxy. In response to determining that the packet is associated with a different application classification or web content category during the same session, the network device re-applies network firewall policies to determine whether to allow or deny transmission of the packet to the proxy.

Abstract: The present disclosure discloses a method and system for displaying an HTTPS block page without SSL inspection. Specifically, a network device snoops a first message transmitted between a client device and a network resource. The first message is transmitted as part of a SSL Handshake between the client device and the network resource to establish a SSL session. Moreover, the network device determines whether the client device is authorized to access the network resource. If not, the network device blocks the establishment of a SSL session between the client device and the network resource, and spoofs the network resource for establishing the SSL session between the client device and the network device instead of establishment of the SSL session between the client device and the network resource. Otherwise, the network device refrains from blocking the establishment of the SSL session between the client device and the network resource.

Abstract: The present disclosure discloses a method and a network device for performing dynamic detection and application-based policy enforcement of proxy connections in a network. Specifically, a network device receives, from a client device, a packet in a session. The network device then determines whether the packet is transmitted to a proxy. In response to determining that the packet is associated with a different application classification or web content category during the same session, the network device re-applies network firewall policies to determine whether to allow or deny transmission of the packet to the proxy.

Abstract: The present disclosure discloses a method and system for displaying an HTTPS block page without SSL inspection. Specifically, a network device snoops a first message transmitted between a client device and a network resource. The first message is transmitted as part of a SSL Handshake between the client device and the network resource to establish a SSL session. Moreover, the network device determines whether the client device is authorized to access the network resource. If not, the network device blocks the establishment of a SSL session between the client device and the network resource, and spoofs the network resource for establishing the SSL session between the client device and the network device instead of establishment of the SSL session between the client device and the network resource. Otherwise, the network device refrains from blocking the establishment of the SSL session between the client device and the network resource.

Abstract: The present disclosure discloses a method and system for achieving enhanced performance for application message handling. The disclosed system includes a device and is configured to receive, at a first processing layer implemented by the device, a message addressed to a first port. The system is further configured to modify the message to be addressed to a second port indicated in a body of the message prior to forwarding the message to a second processing layer implemented by the device. Furthermore, the system is configured to forward, by the first processing layer to the second processing layer, the modified message addressed to the second port.