A method for processing a request for anonymisation of a source IP address of an IP packet is described, the IP packet being transmitted by a transmitting device to a recipient device via a communications network, the transmitting device being connected to the network via a network terminal apparatus. The method is carried out by an anonymisation device positioned for cutting the flow between the network terminal apparatus and the recipient device, and comprises receiving the packet; establishing whether the source IP address has to be anonymised or not; if a result of the verification is negative, routing the packet to the recipient device; if the result of the verification is positive and if the anonymisation device has an address translation function: replacing the source IP address with an IP address of the anonymisation device; and. If the result of the verification is positive and if the anonymisation device does not have an address translation function, a step of routing the IP packet is routed to the recipient device via an apparatus of the network which has an address translation function.

Systems and methods include receiving a copy of a template file of security rules where the template file includes a plurality of rule tags and one or more dependency tags that define relationships and dependencies between any rules associated with the plurality of rule tags; scanning the template file including, for each respective rule tag of the plurality of rule tags checking if an enabled flag is set for the respective rule tag, when the enable flag is set, looking up a respective rule in a rule database and replacing the respective rule tag with the respective rule, and when the enable flag is not set, removing the respective rule tag from the template file; and providing an output file including a plurality of rules having the relationships and dependencies, where the output file is used for security scanning.

Guest-to-host virtual networking can include linking a virtual entity proxy to a network adapter of a host machine through a virtual bridge. In response to a request that starts a guest running on the host machine, the guest can be configured to point to the virtual entity proxy and to communicatively couple to a network through the virtual entity proxy linked to the network adapter of the host machine. The virtual entity proxy can be bound to the network, such that the virtual entity proxy intermediates communications between the guest and one or more other guests running on one or more different host machines that are also communicatively coupled to the network.

A method of traffic forwarding and disambiguation through the use of local proxies and addresses. The technique leverages DNS to on-ramp traffic to a local proxy. The local proxy runs on the end user's device. According to a first embodiment, DNS is used to remap what would normally be a wide range of IP addresses to localhost based on 127.0.0.0/8 listening sockets, where the system can then listen for connections and data. In a second embodiment, a localhost proxy based on a TUN/TAP interface (or other packet interception method) with a user-defined CIDR range to which the local DNS server drives traffic is used. Requests on that local proxy are annotated (by adding data to the upstream connection).

A DNS (Domain Name Server) proxy is configured as a DNS server for clients on the enterprise network to send two or more DNS queries to collect each available IP addresses on a SDWAN member link. IP address collection can be responsive to receiving a DNS request from a client for assigning a FQDN (Fully Qualified Domain Name). Service quality can be evaluated for the service on each member link of the IP addresses. An IP address is assigned to the client based on the service quality evaluation. A notification is transmitted to the client in a DNS response to the IP address request, with the chosen IP address information for configuration.

Apparatuses, methods, and systems are disclosed for supporting edge data network discovery. One apparatus includes a transceiver and a processor that receives a first request from a function in the mobile communication network including a UE identity and a UE network address. The processor determines whether the UE is located in a first service area based on a UE location and forwards a DNS request received from the UE network address to a first DNS server associated with the first service area in response to determining that the UE is located in the first service area. Via the transceiver, the processor receives a DNS reply from the first DNS server and sends a second request to a policy function in the mobile communication network in response to determining that the DNS reply includes a first IP address.

One aspect provides a method and system for managing address resolution requests in a network. During operation, a gateway of the network advertises a route for sending address resolution requests and determines whether a cached entry corresponding to an address resolution request received via the route exists in a neighbor table. In response to determining that the cached entry exists, the gateway responds to the address resolution request based on the cached entry; in response to determining that the cached entry does not exist, the gateway replicates the address resolution request to edge devices in the network, thereby facilitating discovery of a target host corresponding to the address resolution request.

A method for overcoming intermittent, temporary, or other fetching failures by using multiple attempts for retrieving a content from a web server to a client device is disclosed. The URL fetching may use direct or non-direct fetching schemes, or a combination thereof. The non-direct fetching method may use intermediate devices, such as proxy server, Data-Center proxy server, tunnel devices, or any combination thereof. Upon sensing a failure of a fetching action, the action is repeated using the same or different parameters or attributes, such as by using different intermediate devices, selected based on different parameters or attributes, such as different countries. The repetitions are limited to a pre-defined maximum number or attempts. The fetching attempts may be performed by the client device, by an intermediate device in a non-direct fetching scheme, or a combination thereof. Various fetching schemes may be used sequentially until the content is retrieved.

Systems and methods are described herein for providing proxy mechanisms for DNS services, such as resolving DNS requests. In some embodiments, the systems and methods establish a Proxy DNS module at a DNS resolver of an internet service provider, and access, with the proxy DNS module, DNS queries destined for a public name server. The name server may be accessible by the DNS resolver via a publically-accessible network. Further, the systems and methods may route the accessed DNS queries to a private name server associated with the proxy DNS module and accessible via a private communications channel, and receive, from the private name server and via the private communications channel, IP addresses associated with the DNS queries.

Systems and methods are described herein for providing proxy mechanisms for DNS services, such as resolving DNS requests. In some embodiments, the systems and methods establish a Proxy DNS module at a DNS resolver of an internet service provider, and access, with the proxy DNS module, DNS queries destined for a public name server. The name server may be accessible by the DNS resolver via a publically-accessible network. Further, the systems and methods may route the accessed DNS queries to a private name server associated with the proxy DNS module and accessible via a private communications channel, and receive, from the private name server and via the private communications channel, IP addresses associated with the DNS queries.