	US 12,267,298 B2
	Distributed traffic steering and enforcement for security solutions
John Edward McDowall, Redwood City, CA (US); Nilesh Bansal, Santa Clara, CA (US); and Sharad Saha, Santa Clara, CA (US)
Assigned to Palo Alto Networks, Inc., Santa Clara, CA (US)
Filed by Palo Alto Networks, Inc., Santa Clara, CA (US)
Filed on Sep. 20, 2024, as Appl. No. 18/892,131.
Application 18/892,131 is a continuation of application No. 17/684,299, filed on Mar. 1, 2022.
Application 17/684,299 is a continuation in part of application No. 17/246,160, filed on Apr. 30, 2021, granted, now 11,665,139, issued on May 30, 2023.
Prior Publication US 2025/0016135 A1, Jan. 9, 2025
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/40 (2022.01); G06F 11/14 (2006.01)

CPC H04L 63/0218 (2013.01) [H04L 63/0227 (2013.01); H04L 63/1433 (2013.01); G06F 11/1484 (2013.01)]

30 Claims

1. A system comprising:

a processor configured to:

encapsulate an original traffic header for a monitored flow from/to an entity in a virtualized environment;

reroute the flow from the entity in the virtualized environment to a security platform of a security service;

perform security analysis at the security platform using the original traffic header; and

reroute the flow back to the entity in the virtualized environment for routing to an original destination based on the original traffic header, wherein the flow is rerouted to the security platform of the security service to isolate and protect workloads, application stacks, and/or services, and wherein an enforcement point is remote from a decision point using distributed traffic steering and enforcement; and

a memory coupled to the processor and configured to provide the processor with instructions.