| CPC H04L 63/029 (2013.01) [H04L 1/18 (2013.01); H04L 45/54 (2013.01); H04L 63/0227 (2013.01); H04L 69/22 (2013.01)] | 17 Claims |
|
1. A router, comprising:
one or more processors; and
one or more computer-readable non-transitory storage media comprising instructions that, when executed by the one or more processors, cause one or more components of the router to perform operations comprising:
generating a flow table entry for a data packet, wherein the flow table entry indicates that the data packet is a synchronize (SYN) packet and that corresponding return traffic will be received from a destination site;
communicating the data packet to a firewall for a first inspection;
receiving the data packet from the firewall;
marking the data packet with a marker, wherein the marker indicates the first inspection by the firewall;
transmitting the data packet with the marker to the destination site, wherein the destination site caches the flow table entry based on an existence of the marker;
receiving an acknowledgement data packet from the destination site;
using the flow table entry to verify that the acknowledgement data packet is associated with the data packet;
determining that the acknowledgement data packet does not comprise a redirect flag located in an options field of a header of the data packet; and
communicating the acknowledgement data packet to the firewall for an acknowledgement data packet inspection.
|