Abstract: The present disclosure discloses a system and method for dynamically modifying role based access control for a client based on the activity. Generally, a client device is granted access to a network resource based on a first reputation score assigned to the client device. The activity of the client device is monitored. Responsive to monitoring the activity of the client device, a second reputation score is determined for the client device based on the activity. The access by the client device to the network resource is then modified to be granted based on the second reputation score.

Abstract: The present disclosure discloses a system and method for dynamically modifying role based access control for a client based on the activity. Generally, a client device is granted access to a network resource based on a first reputation score assigned to the client device. The activity of the client device is monitored. Responsive to monitoring the activity of the client device, a second reputation score is determined for the client device based on the activity. The access by the client device to the network resource is then modified to be granted based on the second reputation score.

Abstract: Systems, methods, and computer-readable media are described for establishing an optimized geo-location based hub mesh network for a group of network controllers spanning multiple regions, where the optimized mesh network includes substantially fewer connections between network controllers than conventional hub mesh networks. Geo-location information is obtained for the group of network controllers, and the network controllers are categorized into various physical regions based on the geo-location information. Then, within each region, a particular network controller is selected to serve as a primary regional hub for that region. Tunnel connections are then established between each non-hub network controller in each region and the primary regional hub for that region. In addition, tunnel connections are established between each non-hub network controller in a region and each other non-hub network controller within the same region.

Abstract: Systems are methods are described which allow for “zero-touch” provisioning (ZTP) to be used to seamlessly bring up devices such as Gateways/Access Points/Switches or any other networking devices connected over different uplink types such as aggregated links (Static LAG, LACP), trunk ports, and the like. Provisioning is adapted specifically for trunk and/or LACP ports in order to maintain the automation and optimization benefits typically provided by ZTP. A method can include transmitting a discover message, and receiving a response message based on the discover message. Then, determining whether a pre-defined extension is included in the response message that indicates a port type and a virtual local area network (VLAN) configuration. Automatic configuration of one or more ports and a VLAN can be performed as indicated by the pre-defined extension. Thus, ZTP can be restarted in accordance with the configuration of the network device.

Abstract: Systems, methods, and computer-readable media are described for establishing an optimized geo-location based hub mesh network for a group of network controllers spanning multiple regions, where the optimized mesh network includes substantially fewer connections between network controllers than conventional hub mesh networks. Geo-location information is obtained for the group of network controllers, and the network controllers are categorized into various physical regions based on the geo-location information. Then, within each region, a particular network controller is selected to serve as a primary regional hub for that region. Tunnel connections are then established between each non-hub network controller in each region and the primary regional hub for that region. In addition, tunnel connections are established between each non-hub network controller in a region and each other non-hub network controller within the same region.

Abstract: Examples relates to a method for selecting headend gateway for routing subnets of branch gateways of a geographic region in a software defined wide area network (SD-WAN). In some examples, an analyzer issues a subnet to each branch gateway of a first geographic region from a pool of contiguous IP addresses, selects a first set of headend gateways suited to be assigned to the branch gateways, ranks each of the first set of headend gateways based on a parameter that includes dynamic loading of each headend gateway or link health information between each of the headend gateways and the branch gateways, and forwards the information including the ranking of headend gateways of the first set to a network orchestrator of the SD-WAN to cause the network orchestrator to assign the branch gateways to the highest ranking gateway based on information including the ranking of the first set of headend gateways.

Abstract: Disclosed is a network infrastructure device including processing circuitry and a non-transitory, computer-readable medium including instructions that, when executed by the processing circuitry, cause the network infrastructure device to perform certain actions. The actions include receiving first information indicating resource utilization of headend gateways for forwarding data of a first application, receiving second information indicating resource utilization of branch gateways for forwarding data of a second application, forwarding data of the first application across a WAN link to a first headend gateway best suited to forward data of the first application, and forwarding data of the second application across a WAN link to a second headend gateway best suited to forward data of the second application.

Abstract: In example implementations, a method is provided that is executed by a processor. A multiplexed data stream is received over a single transmission control protocol (TCP) connection that uses a SPDY protocol. The multiplexed data stream contains data packets associated with a plurality of different data streams. A plurality of sub-contexts are generated. Each one of the sub-contexts is associated with a different one of the plurality of different data streams. The data packets are demultiplexed from the multiplexed data stream into a respective one of the plurality of sub-contexts. The plurality of different data streams in the respective one of the plurality of sub-contexts are examined to detect a malware.

Abstract: Methods and systems are described for intelligently steering client devices operating in an enterprise network system to an appropriate access point based on types of traffic on each client device and/or types of traffic on access points. In particular, client devices may be moved to a different access point when the wireless channel provided by a current access point fails to meet the signal strength requirements of latency sensitive traffic utilized by the client device. Client devices may be further steered to new access points based on load conditions on access points. For example, client devices with low priority traffic sessions may be steered away from access points with high traffic load levels. Accordingly, the methods and systems described herein ensure improved network access for latency sensitive access categories and/or access categories that are considered important to an enterprise system with minimal disruptions to these sessions.

Abstract: The present disclosure discloses a system and method for dynamically modifying role based access control for a client based on the activity. Generally, a client device is granted access to a network resource based on a first reputation score assigned to the client device. The activity of the client device is monitored. Responsive to monitoring the activity of the client device, a second reputation score is determined for the client device based on the activity. The access by the client device to the network resource is then modified to be granted based on the second reputation score.

Abstract: Examples disclosed herein relate to enforcing a policy to a packet stream based on a classification and a determination that a proxy connection is associated with the packet stream. In the example, the packet stream is received. In this example, a host value is determined for the packet stream. Also, in the example, it is determined whether the packet stream is associated with the proxy connection. Further, in the example, a classification is determined based on the host value. In this example, the policy is enforced for the packet stream based on the classification and the determination that the proxy connection is associated with the packet stream.

Abstract: The present disclosure discloses a system and method for dynamically modifying role based access control for a client based on the activity. Generally, a client device is granted access to a network resource based on a first reputation score assigned to the client device. The activity of the client device is monitored. Responsive to monitoring the activity of the client device, a second reputation score is determined for the client device based on the activity. The access by the client device to the network resource is then modified to be granted based on the second reputation score.

Abstract: The present disclosure discloses a system and method for dynamically modifying role based access control for a client based on the activity. Generally, a client device is granted access to a network resource based on a first reputation score assigned to the client device. The activity of the client device is monitored. Responsive to monitoring the activity of the client device, a second reputation score is determined for the client device based on the activity. The access by the client device to the network resource is then modified to be granted based on the second reputation score.

Abstract: In example implementations, a method is provided that is executed by a processor. A multiplexed data stream is received over a single transmission control protocol (TCP) connection that uses a SPDY protocol. The multiplexed data stream contains data packets associated with a plurality of different data streams. A plurality of sub-contexts are generated. Each one of the sub-contexts is associated with a different one of the plurality of different data streams. The data packets are demultiplexed from the multiplexed data stream into a respective one of the plurality of sub-contexts. The plurality of different data streams in the respective one of the plurality of sub-contexts are examined to detect a malware.

Abstract: The present disclosure discloses a system and method for dynamically modifying role based access control for a client based on the activity. Generally, a client device is granted access to a network resource based on a first reputation score assigned to the client device. The activity of the client device is monitored. Responsive to monitoring the activity of the client device, a second reputation score is determined for the client device based on the activity. The access by the client device to the network resource is then modified to be granted based on the second reputation score.

Abstract: Examples disclosed herein relate to enforcing a policy to a packet stream based on a classification and a determination that a proxy connection is associated with the packet stream. In the example, the packet stream is received. In this example, a host value is determined for the packet stream. Also, in the example, it is determined whether the packet stream is associated with the proxy connection. Further, in the example, a classification is determined based on the host value. In this example, the policy is enforced for the packet stream based on the classification and the determination that the proxy connection is associated with the packet stream.

Abstract: Methods and systems are described for intelligently steering client devices operating in an enterprise network system to an appropriate access point based on types of traffic on each client device and/or types of traffic on access points. In particular, client devices may be moved to a different access point when the wireless channel provided by a current access point fails to meet the signal strength requirements of latency sensitive traffic utilized by the client device. Client devices may be further steered to new access points based on load conditions on access points. For example, client devices with low priority traffic sessions may be steered away from access points with high traffic load levels. Accordingly, the methods and systems described herein ensure improved network access for latency sensitive access categories and/or access categories that are considered important to an enterprise system with minimal disruptions to these sessions.

Abstract: The present disclosure discloses a system and method for dynamically modifying role based access control for a client based on the activity. Generally, a client device is granted access to a network resource based on a first reputation score assigned to the client device. The activity of the client device is monitored. Responsive to monitoring the activity of the client device, a second reputation score is determined for the client device based on the activity. The access by the client device to the network resource is then modified to be granted based on the second reputation score.

Abstract: The present disclosure discloses a system and method for dynamically modifying role based access control for a client based on the activity. Generally, a client device is granted access to a network resource based on a first reputation score assigned to the client device. The activity of the client device is monitored. Responsive to monitoring the activity of the client device, a second reputation score is determined for the client device based on the activity. The access by the client device to the network resource is then modified to be granted based on the second reputation score.

Abstract: Methods and systems are described for intelligently steering client devices operating in an enterprise network system to an appropriate access point based on types of traffic on each client device and/or types of traffic on access points. In particular, client devices may be moved to a different access point when the wireless channel provided by a current access point fails to meet the signal strength requirements of latency sensitive traffic utilized by the client device. Client devices may be further steered to new access points based on load conditions on access points. For example, client devices with low priority traffic sessions may be steered away from access points with high traffic load levels. Accordingly, the methods and systems described herein ensure improved network access for latency sensitive access categories and/or access categories that are considered important to an enterprise system with minimal disruptions to these sessions.