Abstract: A system and method for an end user to change the operation of a data flow filter mechanism, such as a firewall, that operates to control data flows between a plurality of protected computing devices and one or more non-protected computing devices. With the system and method, an administrator of a sub-network of computing devices may set a client computing device's scope of rules/policies that may be changed by a user of the client computing device, with regard to a data flow filter mechanism. The user of the client computing device, or the client computing device itself, may then log onto the data flow filter mechanism and modify the operation of the data flow filter mechanism within the limits established by the administrator.

Abstract: A system and method for an end user to change the operation of a data flow filter mechanism, such as a firewall, that operates to control data flows between a plurality of protected computing devices and one or more non-protected computing devices. With the system and method, an administrator of a sub-network of computing devices may set a client computing device's scope of rules/policies that may be changed by a user of the client computing device, with regard to a data flow filter mechanism. The user of the client computing device, or the client computing device itself, may then log onto the data flow filter mechanism and modify the operation of the data flow filter mechanism within the limits established by the administrator.

Abstract: A system and method for an end user to change the operation of a data flow filter mechanism, such as a firewall, that operates to control data flows between a plurality of protected computing devices and one or more non-protected computing devices. With the system and method, an administrator of a sub-network of computing devices may set a client computing device's scope of rules/policies that may be changed by a user of the client computing device, with regard to a data flow filter mechanism. The user of the client computing device, or the client computing device itself, may then log onto the data flow filter mechanism and modify the operation of the data flow filter mechanism within the limits established by the administrator.

Abstract: A method and system for verifying the availability of a back-up virtual private network IP security (IPSec) tunnel between two network elements by originating a plurality of connection tests between the network elements. The first network element transmits a backup tunnel verification test message to the second network element over the back-up secure tunnel upon receipt of a backup tunnel verification test command. The back-up secure tunnel includes two unidirectional tunnels. The second network element receives the back-up tunnel verification test message over the first back-up unidirectional secure tunnel and transmits a response back to the first network element over the second back-up unidirectional secure tunnel.

Abstract: A system and method in which network packets sharing a common destination are bundled into one or more larger packets. In one embodiment, an originating server, gateway, or other network device recognizes the presence of multiple, small IP packets having a common IP address. The network device according to the present invention is configured to concatenate or bundle two or more such small packets. The bundled packet as a whole is then given a new header, the bundle header, that includes the network destination address and information that informs the receiving protocol processing device that the packet is a bundled packet. The receiving device can then strip off the bundle header and process the component packets individually according to an existing protocol.

Abstract: A method and system for determining the connectivity of a virtual private network IP security (IPSec) tunnel between two network elements by originating a plurality of connection tests between the network elements. The first network element transmits a connectivity test message to the second network element over the secure tunnel upon receipt of an initiate connectivity test command. The secure tunnel includes two unidirectional tunnels. The second network element receives the connectivity test message over the first unidirectional secure tunnel and transmits a response back to the first network element over the second unidirectional secure tunnel. The number of successful responses received from the second network element are accumulated and the results are reported back to the source of the connectivity test command.

Abstract: A method and system for monitoring the status of an active secure tunnel between a pair of network elements in a communications network. The first network element originates and transmits an Internet Protocol Security (IPSec) test message to a second network element using a first unidirectional secure tunnel in response to the receipt of an active tunnel monitor command. The second network element receives the IPSec test message and transmits a response back to the first network element using a second unidirectional secure tunnel. The number of times that second network element failed to return a response to an IPSec test message is accumulated during a predetermined time interval and then compared with a threshold value to determine if the active secure tunnel has become disabled.