US 12,316,679 B2
Policy enforcement using host profile
Siu-Wang Leung, Las Vegas, NV (US); Song Wang, Palo Alto, CA (US); and Yueh-Zen Chen, San Jose, CA (US)
Assigned to Palo Alto Networks, Inc., Santa Clara, CA (US)
Filed by Palo Alto Networks, Inc., Santa Clara, CA (US)
Filed on Mar. 2, 2023, as Appl. No. 18/116,774.
Application 18/116,774 is a continuation of application No. 16/101,105, filed on Aug. 10, 2018, granted, now 11,632,396.
Application 16/101,105 is a continuation of application No. 14/601,018, filed on Jan. 20, 2015, granted, now 10,075,472, issued on Sep. 11, 2018.
Application 14/601,018 is a continuation of application No. 13/115,022, filed on May 24, 2011, granted, now 8,973,088, issued on Mar. 3, 2015.
Prior Publication US 2023/0388349 A1, Nov. 30, 2023
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/40 (2022.01)
CPC H04L 63/20 (2013.01) [H04L 63/00 (2013.01); H04L 63/02 (2013.01); H04L 63/0272 (2013.01); H04L 63/102 (2013.01); H04L 63/1408 (2013.01); H04L 63/1433 (2013.01)] 12 Claims
OG exemplary drawing
 
1. A system, comprising:
a client device configured to:
send queries to a plurality of gateways;
receive responses from the plurality of gateways; and
select a gateway from the plurality of gateways to send network traffic based on a) a response time for receiving a response, availability, and using a prioritized attempt sequence, and b) geography, work load, user group, device type, or any combination thereof from a plurality of gateways, the selected gateway for communication with an enterprise network; and
a processor of the selected gateway of the plurality of gateways configured to:
receive a host profile from a client device, wherein the host profile includes device profile information associated with the client device;
determine a user name logged into the client device, wherein the user name is associated with an Internet Protocol (IP) address of the client device;
identify an application generating network traffic from the client device, wherein the application is associated with the network traffic, and wherein the network traffic involves Hypertext Transfer Protocol (HTTP) traffic, File Transfer Protocol (FTP) traffic, a Domain Name System (DNS) request, unknown traffic, or any combination thereof; and
enforce a security policy for network access at the selected gateway based on the determined user name, the identified application, and the host profile, wherein the security policy includes a firewall rule, wherein the enforcing of the security policy for network access comprises to:
determine that the host profile matches a first host profile or a second host profile, wherein the host profile includes a) device hardware information including a type of device, a general processor, and a network processor, b) device software information including three or more of the following: an operating system identifier, an operating system patch level, a security application, security data file level, and date of last scan performed by the security application, and c) the device software information including remediation information and information identifying a plurality of applications executing on the client device, and wherein the first host profile is different from the second host profile, wherein in the event that the host profile matches the first host profile, a first security policy is selected to be the security policy, wherein the first host profile is different from the second host profile, wherein in the event that the host profile matches the second host profile, a second security policy is selected to be the security policy; and
enforce the selected security policy; and
a memory coupled to the processor and configured to provide the processor with instructions.