Abstract: A system, method and device for providing connection resiliency. The method including maintaining, by a first proxy, a TCP connection with a TCP client and a TCP connection with a TCP server through one or more TCP networks; maintaining information of both TCP connections by a forwarding component between the TCP networks and the first proxy; establishing, by the forwarding component, a new TCP connection with a second proxy for each of the TCP connections maintained by the first proxy; and forwarding data, to and from both the client and the server, to and from the second proxy without disconnection of the TCP connections of the TCP client and TCP server.

Abstract: A security switch detects whether requested content is either trusted content or non-trusted content. In case of network content being trusted content, network traffic bypasses the inspection gateway and goes directly to the user. If network content is non-trusted content, network traffic passes through to the inspection gateways for inspection. Additionally, when the security switch receives a reply for “trusted” content requests, it parses the reply information to verify that the content-type of the file is indeed “trusted”. If the file doesn't prove to be “trusted”, the security switch drops the connection and stops the suspected content from reaching the client.

Abstract: A mechanism for achieving resiliency and load balancing for SIP application services and, in particular, in geographic distributed sites. A method performs a distribution of SIP requests among SIP servers, where at least two sites with a load balancer in each site is configured. The method includes receiving a SIP request by a first load balancer in a first site; determining whether the SIP request should be redirected to a second site; and redirecting the SIP request to an address of a second load balancer in the second site. The invention also includes a SIP proxy including a receiving unit receiving SIP requests; a load balancing unit distributing SIP requests between SIP entities; and a health monitoring unit verifying availability of the SIP entities. The SIP proxy may further be configured with a proximity measuring unit determining a proximity to a SIP entity.

Abstract: An application debugging switch also monitors application performance. The application debugging switch forwards the requests from a first host to a second host, and later forwards the response coming from that second host to that first host. As most of the applications work in a request—response architecture, the application debugging switch can measure the response time of the application. The switch attaches a timestamp to each request that it forwards. When the response to that request comes to the switch, the switch can determine the response time of that application. The application debugging switch collects multiple samples of response time over a certain period of time. These samples provide a good measurement for the average application response time. The response time is a combination of the network response time and the application response time. The application debugging switch holds multiple measurement classes.

Abstract: The present invention provides for controlling incoming traffics on the links to an autonomous system. Incoming traffic usage for blocks of IP addresses within an autonomous system and load, congestion and capacity of the links for the incoming traffic is monitored to determine the optimal link for incoming traffic destined for a block of IP addresses. Incoming traffic for a block of IP addresses is biased towards the optimal link by configuring the border routers to announce the block of IP addresses via Border Gateway Protocol (BGP) across the non-optimal links with one or more local AS numbers pre-pended, causing the non-optimal links to look as if they are of a greater routing distance than the optimal link. In addition, outgoing traffic for a session is separately controlled by tagging the packets of the session for a specific link, causing the router to send the packet out the optimal link.

Abstract: A method and apparatus for passive probing of forwarded TCP communication sessions between a client and a server. This includes receiving forwarded data packets corresponding to the TCP communication sessions; and ordering the received data packets and reconstructing session content for each TCP session. If at least one of the communication sessions is encrypted, then: identifying an encryption scheme and a session key using the reconstructed session content; decrypting the session content, the decryption based upon the identified encryption scheme and the identified session key; and forwarding the decrypted session content to an external entity; else forwarding the reconstructed session content of to an external entity.

Abstract: A secure access system is used to connect an internal network, such as a private LAN, to an external network, such as the Internet. The system is provided with internal and external gateways, for connecting to the respective networks, as well as an inspection evaluator, content inspector, internal certificate authority, internal SSL terminator and external SSL initiator. Packets routed through the access system are inspected before they are forwarded from one gateway to the other, except those packets of designated users of the internal network which are directly forwarded without inspection. Encrypted packets received by the access system are decrypted, inspected, and then re-encrypted before they are forwarded.

Abstract: A multi-homing tunneling device is used to transmit packets received from a station (in a first business site) to another remote station (in a second business site) via a tunnel formed between a link in the first business site and a link in the second business site. Different external addresses are used on every link to represent internal addresses. Mappings between various internal and external addresses are stored in the tunneling device. Further, tunneling devices are able to communicate with each other to exchange such mappings. The original content is reconstructed based upon such mappings.

Abstract: When a user makes a request to a server for a specific service, a decision must be made as to whether the user's traffic should be forwarded to the server providing the requested service and where to forward the user's traffic. This decision may be made on the basis of the user's access privileges (i.e. whether the user is allowed to access the service), service level parameters (e.g. amount of network bandwidth the user is limited to or guaranteed to), or security services (i.e. activated anti-virus or URL filters). Every time a user makes an authentication request, a Service policy director collects the user's identification and service attribute information during authentication and registration phases. For each identified user, these attributes are stored in a User Policy Table. The Service policy director consults the User Policy Table to determine whether to forward the user's traffic.

Abstract: A security switch detects whether requested content is either trusted content or non-trusted content. In case of network content being trusted content, network traffic bypasses the inspection gateway and goes directly to the user. If network content is non-trusted content, network traffic passes through to the inspection gateways for inspection. Additionally, when the security switch receives a reply for “trusted” content requests, it parses the reply information to verify that the content-type of the file is indeed “trusted”. If the file doesn't prove to be “trusted”, the security switch drops the connection and stops the suspected content from reaching the client.

Abstract: During a web transaction initiation, a switch selects a specific server with which to connect; however, it will not pass the request to the server but, rather, will instruct the client to connect to another IP address corresponding to the specific server. This IP address is an additional address on the switch that will always send the requests to the same server. As long as the server is active and capable of serving users, the user will perform remaining transactions towards this IP address and will remain connected to the same server. Once the server is down, the switch recognizes the situation and all subsequent requests received are responded to with a new address for use. The new address is an address of another server that is active and to which the user may connect.

Abstract: The present invention provides for controlling incoming traffics on the links to an autonomous system. Incoming traffic usage for blocks of IP addresses within an autonomous system and load, congestion and capacity of the links for the incoming traffic is monitored to determine the optimal link for incoming traffic destined for a block of IP addresses. Incoming traffic for a block of IP addresses is biased towards the optimal link by configuring the border routers to announce the block of IP addresses via Border Gateway Protocol (BGP) across the non-optimal links with one or more local AS numbers pre-pended, causing the non-optimal links to look as if they are of a greater routing distance than the optimal link. In addition, outgoing traffic for a session is separately controlled by tagging the packets of the session for a specific link, causing the router to send the packet out the optimal link.