US 12,407,648 B2
Enforcing a segmentation policy in co-existence with a system firewall
Daniel Richard Cook, San Jose, CA (US); Anish Vinodkumar Desai, Palo Alto, CA (US); and Thomas Michael McCormick, San Jose, CA (US)
Assigned to Illumio, Inc., Sunnyvale, CA (US)
Filed by Illumio, Inc., Sunnyvale, CA (US)
Filed on May 1, 2024, as Appl. No. 18/652,559.
Application 17/730,062 is a division of application No. 16/224,746, filed on Dec. 18, 2018, granted, now 11,336,620, issued on May 17, 2022.
Application 18/652,559 is a continuation of application No. 18/218,899, filed on Jul. 6, 2023, granted, now 12,010,098.
Application 18/218,899 is a continuation in part of application No. 17/730,062, filed on Apr. 26, 2022, granted, now 11,736,443, issued on Aug. 22, 2023.
Prior Publication US 2024/0291802 A1, Aug. 29, 2024
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/40 (2022.01); G06F 9/38 (2018.01); G06F 9/448 (2018.01); H04L 41/0803 (2022.01); H04L 41/0894 (2022.01); H04L 43/04 (2022.01); H04L 41/069 (2022.01); H04L 41/0895 (2022.01); H04L 41/40 (2022.01)
CPC H04L 63/0227 (2013.01) [G06F 9/3826 (2013.01); G06F 9/4486 (2018.02); H04L 41/0803 (2013.01); H04L 41/0894 (2022.05); H04L 43/04 (2013.01); H04L 63/0236 (2013.01); H04L 63/0254 (2013.01); H04L 63/0263 (2013.01); H04L 63/20 (2013.01); H04L 41/069 (2013.01); H04L 41/0895 (2022.05); H04L 41/40 (2022.05)] 20 Claims
OG exemplary drawing
 
1. A computer-implemented method, comprising:
receiving management instruction from a server, the instructions comprising a set of rules indicative of permitted communications by a workload executing on a host device;
determining a mode of a segmentation firewall on the host device based on the received instructions, wherein determining the mode of the segmentation firewall comprises configuring the segmentation firewall to operate in either a co-existence mode, an exclusive mode, or a monitoring mode with a system firewall;
generating a segmentation firewall configuration based on the determined mode and the management instructions; and
applying the segmentation firewall configuration to the segmentation firewall to determine whether to drop or accept input packets, wherein accepting the input packets provide the input packets to their destination by bypassing the system firewall.