Method and system for network security

Assignee

• Cisco Technology, Inc. · US

Inventors

• Rajan Goyal · Saratoga, US
• Virgil N. Mihailovici · San Jose, US
• Rahul Gupta · Santa Clara, US
• Pere Monclus · San Jose, US
• Ahsan Habib · Roanoke, US
• Kirtikumar L. Prabhu · San Jose, US
• Christophe Paggen · Plainevaux, BE
• Shyamasundar S. Kaluve · Bengaluru, IN

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/1408
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

In accordance with one embodiment of the present invention, a method includes receiving a packet at a physical interface of a network security gateway. The packet is tagged with a first VLAN identifier associated with an external network. The method also includes communicating a copy of the packet to a first processor, analyzing the copy of the packet at the first processor to determine whether the packet violates a security condition, and communicating a reply message from the first processor to the interface. The reply message indicates whether the packet violates a security condition. If the packet does not violate a security condition, the method includes re-tagging the packet with a second VLAN identifier associated with a protected network by using a second processor at the physical interface. The method further includes communicating the re-tagged packet to the protected network if the packet does not violate a security condition.