Juniper Networks Inc.

Sunnyvale, CA, United States

Juniper Networks Inc.

Sunnyvale, CA, United States

Time filter

Source Type

Patent
Juniper Networks Inc. | Date: 2017-05-10

Techniques are described for optimizing the placement of automatically generated rules within security policies. An administrator may, for example, interact with the graphical representation of rules rendered by the threat control module and, responsive to the interaction, the system may determine an optimal placement for the created rule in the list of rules for the identified security device based on either the existence of anomalies or threat IP data and/or advanced security parameters. In this way, the system allows administrators to configure rules with the most optimal sequence to detect threats.


Techniques are described for taking direct actions, such as selectively blocking or allowing traffic and applications, while monitoring events from a graphical representation of threats. As such, the administrator in an enterprise interacts with the graphical representation of threats rendered by the security management system to automatically invoke a policy/rule module of the security management system to configure and update security policies for the security devices deployed throughout the computer networks of the enterprise. An administrator may, for example, interact with the representation of threats rendered by the threat control module based on the data aggregated from the distributed security devices and, responsive to the interaction, the security management system may identify a relevant set of the security devices, automatically construct security policies having ordered rules within the policies for the identified set of security devices, and automatically communicate and install the policies in the identified set of security devices.


Patent
Juniper Networks Inc. | Date: 2017-05-10

Techniques are described for taking direct actions, such as selectively blocking or allowing traffic and applications, while monitoring events from a graphical representation of threats. As such, the administrator in an enterprise interacts with the graphical representation of threats rendered by the security management system to automatically invoke a policy/rule module of the security management system to configure and update security policies for the security devices deployed throughout the computer networks of the enterprise. An administrator may, for example, interact with the representation of threats rendered by the threat control module based on the data aggregated from the distributed security devices and, responsive to the interaction, the security management system may identify a relevant set of the security devices, automatically construct security policies having ordered rules within the policies for the identified set of security devices, and automatically communicate and install the policies in the identified set of security devices.


In some embodiments, a system includes a set of servers, a set of switches within a switch fabric, and an optical device. The optical device is operatively coupled to the set of servers via a first set of optical fibers. Each server from the set of servers is associated with at least one wavelength from a set of wavelengths upon connection to the optical device. The optical device is operatively coupled to each switch from a set of switches via an optical fiber from a second set of optical fibers. The optical device, when operative, wavelength demultiplexes optical signals received from each switch from the set of switches, and sends, for each wavelength from the set of wavelengths, optical signals for that wavelength to the server from the set of servers.


Patent
Juniper Networks Inc. | Date: 2017-05-17

A device may transmit, to one or more network devices of a portion of a network, information indicating that the device is configured to perform a static designated forwarder election procedure. The device may determine that the one or more network devices of the portion of the network are each configured to perform the static designated forwarder election procedure. The device may enable a static designated forwarder configuration of the device based on determining that the one or more network devices of the portion of the network are each configured to perform the static designated forwarder election procedure.


Patent
Juniper Networks Inc. | Date: 2017-01-10

In some embodiments, an apparatus includes a management module configured to assign a unique set of identifiers to each network control entity from a set of network control entities. As a result, a network control entity from the set of network control entities can assign an identifier from its unique set of identifiers to a port in response to that network control entity receiving a login request from the port. The set of network control entities is associated with a distributed multi-stage switch. The management module is also configured to store a zone set database associated with the distributed multi-stage switch. The management module is configured to send an instance of an active zone set stored within the zone set database to each network control entity from the set of network control entities such that each network control entity can enforce the active zone set.


Patent
Juniper Networks Inc. | Date: 2017-02-06

A device may be configured to store virtual identifier information indicating virtual identifiers associated with servers. The virtual identifier information may associate a quantity of virtual identifiers with each respective server of the servers based on a weight associated with the respective server. The device may receive an object identifier identifying an object to be processed by at least one of the servers. The device may calculate hash values for the virtual identifiers based on the object identifier. The device may determine a virtual identifier associated with a hash value that satisfies a particular condition. The device may select a server associated with the virtual identifier. The device may send an instruction to the server to process the object.


A device receives, from a client device, a request for a resource, and accesses a table that includes one or more items of information. The device compares information provided in the request to the one or more items of information provided in the table, and terminates a connection for the request at the device when the information provided in the request matches at least one of the one or more items of information provided in the table. The device forwards the request to a network when the connection is not terminated at the device, and selects a target device for the resource when the connection is terminated at the device.


In one example, a method includes performing L2 learning of a C-MAC address included in a first L2 data message by a first provider edge (PE) router included in an Ethernet Segment of a Provider-Backbone Bridging Ethernet Virtual Private Network (PBB-EVPN); sending to a second PE router within the Ethernet Segment an L2 control message comprising the C-MAC address and a B-MAC address corresponding to the Ethernet Segment of the PBB-EVPN, wherein the L2 control message informs the second PE router of the reachability of the C-MAC address through the first PE router; receiving, by the first PE router and from the second PE router, a second L2 data message as unicast traffic destined for the C-MAC address; and forwarding the second L2 data message to the first CE router.


Patent
Juniper Networks Inc. | Date: 2017-04-24

A device may identify a plurality of files for a multi-file malware analysis. The device may execute the plurality of files in a malware testing environment. The device may monitor the malware testing environment for behavior indicative of malware. The device may detect the behavior indicative of malware. The device may perform a first multi-file malware analysis or a second multi-file malware analysis based on detecting the behavior indicative of malware. The first multi-file malware analysis may include a partitioning technique that partitions the plurality of files into two or more segments of files to identify a file, included in the plurality of files, that includes malware. The second multi-file malware analysis may include a scoring technique that modifies a plurality of malware scores, corresponding to the plurality of files, to identify the file, included in the plurality of files, that includes malware.

Loading Juniper Networks Inc. collaborators
Loading Juniper Networks Inc. collaborators