US 12,095,817 B2
Intent-based enterprise security using dynamic learning of network segment prefixes
Kaushik Dutta Majumdar, Bangalore (IN); Fnu Nadeem, Fremont, CA (US); and Shanmukh Uppuluri, Hyderabad (IN)
Assigned to Juniper Networks, Inc., Sunnyvale, CA (US)
Filed by Juniper Networks, Inc., Sunnyvale, CA (US)
Filed on Mar. 30, 2021, as Appl. No. 17/301,278.
Prior Publication US 2022/0321604 A1, Oct. 6, 2022
Int. Cl. H04L 9/40 (2022.01); G06F 16/245 (2019.01)
CPC H04L 63/20 (2013.01) [G06F 16/245 (2019.01); H04L 63/0227 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A network system comprising:
a device comprising processing circuitry, the device associated with a first site; and
a service orchestrator comprising processing circuitry and a database, the service orchestrator configured to:
store network segment prefixes for network segments at a second site in the database, the network segment prefixes having been dynamically learned at the second site via a routing protocol;
translate an intent-based security policy specifying a rule for control of network traffic between the first site and a workgroup at the second site to a security policy specifying a segment-specific queryable resource associated with the workgroup at the second site;
configure the device based on the security policy to query the segment-specific queryable resource; and
in response to a query from the device to the segment-specific queryable resource associated with the workgroup at the second site, transmit at least one of the network segment prefixes for a network segment associated with the workgroup at the second site stored in the database for receipt by the device.