	US 12,470,601 B2
	Integrating SD-WAN constructs with SASE security policies
Srilatha Tangirala, San Jose, CA (US); Venkatesh Nataraj, Union City, CA (US); Ambika Basappa Chandrappa, Milpitas, CA (US); Kartik Katti, Milpitas, CA (US); Sasi Veera, San Ramon, CA (US); and Balaji Sundararajan, Fremont, CA (US)
Assigned to Cisco Technology, Inc., San Jose, CA (US)
Filed by Cisco Technology, Inc., San Jose, CA (US)
Filed on Jul. 20, 2023, as Appl. No. 18/224,220.
Prior Publication US 2025/0030737 A1, Jan. 23, 2025
Int. Cl. H04L 9/40 (2022.01)

CPC H04L 63/20 (2013.01) [H04L 63/0236 (2013.01); H04L 63/0272 (2013.01); H04L 63/029 (2013.01)]

20 Claims

1. A method for automatically integrating Software Defined Wide Area Network (SD-WAN) constructs to security policies, the method comprising:

defining, by a security cloud provider, a security policy for an entity, the entity represented by a Virtual Private Network (VPN) security policy label, wherein the security policy is absent source Classless Inter-Domain Routing (CIDR) Internet Protocol (IP) addresses and destination CIDR IP addresses;

notifying, by the security cloud provider, an SD-WAN controller of the security policy;

mapping, by the SD-WAN controller, the VPN security policy label to an IP address pool and a VPN ID;

adding, by the SD-WAN controller, automatically and based at least in part on the mapping, source CIDR IP addresses and destination CIDR IP addresses to the security policy to generate an enhanced security policy;

transmitting, by the SD-WAN controller, the enhanced security policy to the security cloud provider;

deploying, by the SD-WAN controller, the enhanced security policy to an SD-WAN branch router; and

generating, by the SD-WAN controller, a VPN segment between the SD-WAN branch router and the security cloud provider to establish a common secure internet gateway tunnel for the IP address pool.