Abstract: In general, techniques are described for modifying control plane messages for subscriber sessions with a network device to add and/or modify discrete information elements and thereby conform the messages to different versions of mobile network specifications, including roaming protocols, executed by different mobile networks or by heterogeneous infrastructure elements within a mobile network. In some examples, an input network interface of a network device receives a roaming protocol message on an interface connecting a first support node of a first mobile network and a second support node of a second mobile network. A roaming protocol module of the network device modifies the roaming protocol message by adding or modifying a discrete information element to conform the roaming protocol message to a roaming protocol of the second mobile network. An output network interface of the network device sends the modified roaming protocol message to the second support node.

Abstract: Methods of screening incoming packets are provided. A first firewall detects a tunnel formation. A second firewall maintains a list of open firewall sessions. Each tunnel has one or more associated firewall sessions. The first firewall detects variable situations, such as when the tunnel is torn down, and notifies the second firewall so that, for example, the second firewall can act to clear an associated firewall session from the firewall session list. Incoming packets that are associated with firewall sessions that have been cleared from the firewall session list may not be passed through the second firewall.

Abstract: This disclosure relates to a secure network device for multi-homed devices. An example network device includes a state table, an association establishment module, and an inspection module. The state table is configured to store information for communication associations between devices. The association establishment module is configured to process a request to establish a communication association between a first device and a second device and to store state information for the communication association in the state table. The first device and the second device each comprise a multi-homed device associated with a plurality of Internet Protocol (IP) addresses, and the state information includes the IP addresses associated with the first device and the IP addresses associated with the second device. The inspection module is configured to secure the communication association between the first device and the second device by using the state information that is stored in the state table.

Abstract: This disclosure relates to a secure network device for multi-homed devices. An example network device includes a state table, an association establishment module, and an inspection module. The state table is configured to store information for communication associations between devices. The association establishment module is configured to process a request to establish a communication association between a first device and a second device and to store state information for the communication association in the state table. The first device and the second device each comprise a multi-homed device associated with a plurality of Internet Protocol (IP) addresses, and the state information includes the IP addresses associated with the first device and the IP addresses associated with the second device. The inspection module is configured to secure the communication association between the first device and the second device by using the state information that is stored in the state table.

Abstract: Methods of screening incoming packets are provided. A first firewall detects a tunnel formation. A second firewall maintains a list of open firewall sessions. Each tunnel has one or more associated firewall sessions. The first firewall detects variable situations, such as when the tunnel is torn down, and notifies the second firewall so that, for example, the second firewall call act to clear an associated firewall session from the firewall session list. Incoming packets that are associated with firewall sessions that have been cleared from the firewall session list may not be passed through the second firewall.

Abstract: Methods of screening incoming packets are provided. A first firewall detects a tunnel formation. A second firewall maintains a list of open firewall sessions. Each tunnel has one or more associated firewall sessions. The first firewall detects variable situations, such as when the tunnel is torn down, and notifies the second firewall so that, for example, the second firewall can act to clear an associated firewall session from the firewall session list. Incoming packets that are associated with firewall sessions that have been cleared from the firewall session list may not be passed through the second firewall.

Abstract: Methods of screening incoming packets are provided. A first firewall detects a tunnel formation. A second firewall maintains a list of open firewall sessions. Each tunnel has one or more associated firewall sessions. The first firewall detects variable situations, such as when the tunnel is torn down, and notifies the second firewall so that, for example, the second firewall can act to clear an associated firewall session from the firewall session list. Incoming packets that are associated with firewall sessions that have been cleared from the firewall session list may not be passed through the second firewall.