Abstract: Provided herein are systems and methods for configuring a segmented cloud based network based on separate Internet Protocol (IP) segments, comprising receiving instructions to create one or more additional private virtual networks as respective additional segments in a multi-tenant multi-regional cloud based network segmented to a plurality of segments each mapped by a respective IP address range, calculating one or more non-conflicting new IP address range based on analysis of the IP address range of each of the segments, allocating a respective new IP address range to each additional segment, and deploying automatically one or more gateways. The gateways are configured to connect one or more client devices to the additional segment(s) by assigning each client device an IP address in the respective new IP address range and routing network packets between the client devices and the respective additional segment according to mapping of the respective new IP address range.

Abstract: Provided herein are systems, devices and methods for opening a connection in a gateway of a cloud based network for a client device connected via two different network links to the gateway and to a Software Defined Perimeter (SDP) controller of a cloud based network. The SDP controller may receive a request from a client device to connect to a gateway of the cloud based network, generate a one-time SPA key for the client device (after authenticated), transmit the SPA key to the gateway, and transmit, via the first network link, the SPA key to the client device. The client device may transmit the SPA key to the gateway via the second network link and the gateway may be configured to open a connection for the client device via the second network link in case the SPA key is valid.

Abstract: Provided herein are systems, devices and methods for opening a connection in a gateway of a cloud based network for a client device connected via two different network links to the gateway and to a Software Defined Perimeter (SDP) controller of a cloud based network. The SDP controller may receive a request from a client device to connect to a gateway of the cloud based network, generate a one-time SPA key for the client device (after authenticated), transmit the SPA key to the gateway, and transmit, via the first network link, the SPA key to the client device. The client device may transmit the SPA key to the gateway via the second network link and the gateway may be configured to open a connection for the client device via the second network link in case the SPA key is valid.

Abstract: Provided herein are systems and methods for configuring a segmented cloud based network based on separate Internet Protocol (IP) segments, comprising receiving instructions to create one or more additional private virtual networks as respective additional segments in a multi-tenant multi-regional cloud based network segmented to a plurality of segments each mapped by a respective IP address range, calculating one or more non-conflicting new IP address range based on analysis of the IP address range of each of the segments, allocating a respective new IP address range to each additional segment, and deploying automatically one or more gateways. The gateways are configured to connect one or more client devices to the additional segment(s) by assigning each client device an IP address in the respective new IP address range and routing network packets between the client devices and the respective additional segment according to mapping of the respective new IP address range.

Abstract: Provided herein are systems, devices and methods for opening a connection in a gateway of a cloud based network for a client device connected via two different network links to the gateway and to a Software Defined Perimeter (SDP) controller of a cloud based network. The SDP controller may receive a request from a client device to connect to a gateway of the cloud based network, generate a one-time SPA key for the client device (after authenticated), transmit the SPA key to the gateway, and transmit, via the first network link, the SPA key to the client device. The client device may transmit the SPA key to the gateway via the second network link and the gateway may be configured to open a connection for the client device via the second network link in case the SPA key is valid.

Abstract: Provided herein are systems and methods for configuring a segmented cloud based network based on separate Internet Protocol (IP) segments, comprising receiving instructions to create one or more additional private virtual networks as respective additional segments in a multi-tenant multi-regional cloud based network segmented to a plurality of segments each mapped by a respective IP address range, calculating one or more non-conflicting new IP address range based on analysis of the IP address range of each of the segments, allocating a respective new IP address range to each additional segment, and deploying automatically one or more gateways. The gateways are configured to connect one or more client devices to the additional segments) by assigning each client device an IP address in the respective new IP address range and routing network packets between the client devices and the respective additional segment according to mapping of the respective new IP address range.

Abstract: Provided herein are systems, devices and methods for applying address translation to network traffic originating from client devices having dynamic Internet Protocol (IP) addresses to support IP based security measures using a gateway configured to connect a plurality of client devices used by a plurality of users to a plurality of cloud based networks. The gateway may receive, from a client device assigned a dynamic IP address, credentials of a user using the respective client device, access a translation record mapping the user, identified by his credentials, to a respective unique static IP address, adjust a source address of each packet received from the client device to include the static IP address, and forward each adjusted packet to a security engine configured to apply security policy(s) to each adjusted packet before transmitting it to the cloud based network(s). The security policy(s) is applied according to the static IP address.

Abstract: Provided herein are systems and methods for configuring a segmented cloud based network based on separate Internet Protocol (IP) segments, comprising receiving instructions to create one or more additional private virtual networks as respective additional segments in a multi-tenant multi-regional cloud based network segmented to a plurality of segments each mapped by a respective IP address range, calculating one or more non-conflicting new IP address range based on analysis of the IP address range of each of the segments, allocating a respective new IP address range to each additional segment, and deploying automatically one or more gateways. The gateways are configured to connect one or more client devices to the additional segments) by assigning each client device an IP address in the respective new IP address range and routing network packets between the client devices and the respective additional segment according to mapping of the respective new IP address range.

Abstract: Provided herein are systems, devices and methods for applying address translation to network traffic originating from client devices having dynamic Internet Protocol (IP) addresses to support IP based security measures using a gateway configured to connect a plurality of client devices used by a plurality of users to a plurality of cloud based networks. The gateway may receive, from a client device assigned a dynamic IP address, credentials of a user using the respective client device, access a translation record mapping the user, identified by his credentials, to a respective unique static IP address, adjust a source address of each packet received from the client device to include the static IP address, and forward each adjusted packet to a security engine configured to apply security policy(s) to each adjusted packet before transmitting it to the cloud based network(s). The security policy(s) is applied according to the static IP address.

Abstract: Provided herein are systems, devices and methods for opening a connection in a gateway of a cloud based network for a client device connected via two different network links to the gateway and to a Software Defined Perimeter (SDP) controller of a cloud based network. The SDP controller may receive a request from a client device to connect to a gateway of the cloud based network, generate a one-time SPA key for the client device (after authenticated), transmit the SPA key to the gateway, and transmit, via the first network link, the SPA key to the client device. The client device may transmit the SPA key to the gateway via the second network link and the gateway may be configured to open a connection for the client device via the second network link in case the SPA key is valid.

Abstract: System and method for automatically establishing a Virtual Private Network (VPN) link between a mobile device and a VPN server over an unsecure wireless network, comprising, at the mobile device, detecting an attempt to establish a wireless connection to the internet via an unsecure wireless network, probing the unsecure wireless network to determine accessibility over the unsecure wireless network to a VPN server, automatically initializing, based on the determination, a VPN client, the VPN client executed to establishes a VPN link between the mobile device and the VPN server over the unsecure wireless network, directing network traffic of the mobile device through the VPN link and automatically terminating the VPN client when the mobile device disconnects from the unsecure wireless network.

Abstract: A method of automatically establishing a Virtual Private Network (VPN) over an unsecure wireless network, comprising using one or more processors of a mobile device for detecting an attempt to establish a wireless connection to the internet via an unsecure wireless network, probing the unsecure wireless network to determine accessibility over the unsecure wireless network to a VPN server, initializing automatically a VPN client based on the determination, the VPN client executed by the one or more processors establishes a VPN link to the VPN server over the unsecure wireless network, directing network traffic of the mobile device through the VPN link and terminating automatically the VPN client when the mobile device disconnects from the unsecure wireless network.