A computer performs dynamic address isolation. The computer comprises an application associated with an application address, a network interface coupled to receive incoming data packets from and transmit outgoing data packets to an external network, a network address translation engine configured to translate between the application address and a public address, and a driver for automatically forwarding the outgoing data packets to the network address translation engine to translate the application address to the public address, and for automatically forwarding the incoming data packets to the network address translation engine to translate the public address to the application address. The computer may communicate with a firewall configured to handle both network-level security and application-level security.

Systems and methods for mapping IP addresses to an entity include receiving at least one domain name associated with the entity. Embodiments may further include determining one or more variations of the at least one domain name based on analysis of domain name data collected from a plurality of domain name data sources that mention a variation of the at least one domain name. Some embodiments may also include identifying one or more IP addresses pointed to by the one or more variations of the entity's domain name based on analysis of IP address data collected from a plurality of IP address data sources. Additional embodiments include assigning weights to each of the identified one or more IP addresses and creating a mapping of IP addresses to associate with the entity based on analysis of the weighted one or more IP addresses.

Provided is a method of correlating an Internet Protocol version 4 (IPv4) address with an Internet Protocol version 6 (IPv6) address. The method may include communicating, via the Internet, an IPv4-addressed signal transmitted to, or received from, an IPv4-capable computing device. The method may also include communicating, via the Internet, an IPv6-addressed signal transmitted to, or received from, an IPv6-capable computing device. The method may further include determining that the IPv4-capable computing device and the IPv6-capable computing device are the same computing device based on the IPv4-addressed signal and the IPv6-addressed signal, and storing in memory data indicating a correlation between at least part of the IPv4 address and at least part of the IPv6 address.

Some embodiments establish for an entity a virtual network over several public clouds of several public cloud providers and/or in several regions. In some embodiments, the virtual network is an overlay network that spans across several public clouds to interconnect one or more private networks (e.g., networks within branches, divisions, departments of the entity or their associated datacenters), mobile users, and SaaS (Software as a Service) provider machines, and other web applications of the entity. The virtual network in some embodiments can be configured to optimize the routing of the entity's data messages to their destinations for best end-to-end performance, reliability and security, while trying to minimize the routing of this traffic through the Internet. Also, the virtual network in some embodiments can be configured to optimize the layer 4 processing of the data message flows passing through the network.

In one aspect, a computerized method includes the step of providing process monitor in a Gateway. The method includes the step of, with the process monitor, launching a Gateway. Daemon (GWD). The GWD runs a GWD process that implements a Network Address Translation (NAT) process. The NAT process includes receiving a set of data packets from one or more Edge devices and forwarding the set of data packets to a public Internet. The method includes the step of receiving another set of data packets from the public Internet and forwarding the other set of data packets to the one or more Edge devices. The method includes the step of launching a Network Address Translation daemon (NATD). The method includes the step of detecting that the GWD process is interrupted; moving the NAT process to the NATD.

Systems, methods, and computer-readable media for preserving source host context when firewall policies are applied to traffic in an enterprise network fabric. A data packet to a destination host from a source host can be received at a first border node instance in an enterprise network fabric as part of network traffic. The data packet can include a context associated with the source host. Further, the data packet can be sent to a firewall of the enterprise network fabric and can be received at a second border node instance after the firewall applies a firewall policy to the data packet. The data packet can then be selectively encapsulated with the context associated with the source host at the second border node instance for applying one or more policies to control transmission of the network traffic through the enterprise network fabric.

A method includes receiving, at a proxy server, a multicast announcement through a first network. The multicast announcement is received from a casting device. The method further includes multicasting, from the proxy server, a modified version of the announcement to a second network.

A method includes receiving, at a proxy server, a multicast announcement through a first network. The multicast announcement is received from a casting device. The method further includes multicasting, from the proxy server, a modified version of the announcement to a second network.

Apparatuses, systems and methods for routing requests and responses targeting a shared resource. A queue in a communication fabric is located in a path between the requesters and a shared resource. In some embodiments, the shared resource is a shared address translation cache stored in an endpoint. The physical channel between the queue and the shared resource supports multiple virtual channels. The queue assigns at least one entry to each virtual channel of a group of virtual channels where the group includes a virtual channel for each address translation request type from a single requester of the multiple requesters. When the at least one entry for a given requester is de-allocated, the queue allocates this entry only with requests from the assigned virtual channel even if the empty entry is the only available entry of the queue.

Apparatuses, systems and methods for routing requests and responses targeting a shared resource. A queue in a communication fabric is located in a path between the requesters and a shared resource. In some embodiments, the shared resource is a shared address translation cache stored in an endpoint. The physical channel between the queue and the shared resource supports multiple virtual channels. The queue assigns at least one entry to each virtual channel of a group of virtual channels where the group includes a virtual channel for each address translation request type from a single requester of the multiple requesters. When the at least one entry for a given requester is de-allocated, the queue allocates this entry only with requests from the assigned virtual channel even if the empty entry is the only available entry of the queue.