| CPC H04L 63/0236 (2013.01) [H04L 12/66 (2013.01); H04L 45/04 (2013.01); H04L 61/5007 (2022.05); H04L 63/029 (2013.01); H04L 63/0272 (2013.01)] | 15 Claims |
|
1. A system for applying security policies in a cloud based network segmented to a plurality of virtual private networks based on Internet Protocol (IP) segmentation, comprising:
at least one processor configured to:
receive at least one security policy defined for at least one of a plurality of private virtual networks of at least one multi-tenant multi-regional cloud based network constructed segmented to a plurality of segments each serving as a respective one of the plurality of private virtual networks, each of the plurality of segments is mapped by a respective IP address range which is a low layer IP address range and is non-conflicting with the low layer IP address range of any other of the plurality of segments;
deploy automatically at least one security engine configured to apply the at least one security policy for at least one of a plurality of client devices accessing the at least one private virtual network by:
intercepting at least one packet transmitted by the at least one client device which is assigned an IP address in the IP address range mapping the respective segment serving as the at least one virtual private network,
identifying the IP address of the at least one client device in the at least one intercepted packet, and
applying the at least one security policy according to the identified IP address.
|