A method for automated web resource deployment is provided. The method comprises creating web resource publication requests, wherein each web resource publication request comprises a number of configuration changes necessary to publish a web resource, on a network, at a particular uniform resource location. A standard format, validation workflow, and an approval workflow are provided for automation of the web resource publication requests. Once validated and approved, web resource publication requests are automatically converted to API calls which are executed on backend servers to implement the configuration changes required in the environment without further human intervention.

A network device serving as a local VXLAN) Tunnel Endpoint (VTEP) includes a communication interface, a first processor and a packet processor. The communication interface communicates between the local VTEP and remote VTEPs, each VTEP has a respective VXLAN Identifier (VNI). The first processor imports a Downstream-VNI (D-VNI) to be used in forwarding packets from the local VTEP to a remote VTEP, creates a unique egress Routing Interface (RIF) that is translatable into the imported D-VNI, and associates the unique egress RIF with one or more route entries in the local VTEP. The packet processor receives a packet destined to the remote VTEP, looks up the packet in the route entries in the local VTEP to retrieve the unique egress RIF, translates the unique egress RIF into the imported D-VNI, encapsulates the packet with the imported D-VNI, and forwards the encapsulated packet in accordance with the unique egress RIF.

A system for monitoring an automated door assembly comprises a sensor, a local area network having a firewall, and a manager. The sensor is coupled to the automated door assembly and is in communication with the local area network. The local area network and the manager are connected to the internet. The manager and the sensor are capable of communicating by a handshake protocol.

A method in a cloud network to detect compromises within an enterprise network based on tokens tunneled outside of the enterprise network to the cloud network. The method includes receiving, at a tunnel gateway server within the cloud network, a first set of packets via a tunnel across a public network from a first server within the enterprise network, where the first set of packets were generated responsive to the first server receiving a second set of packets that originated from within the enterprise network and that included data and a source enterprise network address, where the first set of packets does not include the source enterprise network address and the data includes a token. The method further includes transmitting, by the tunnel gateway server, the data within a third set of packets to a second server that acts as if it were an enterprise server within the enterprise network.

Described embodiments provide systems and methods for rewriting an URL in a message transmitted via a clientless SSL VPN session. An intermediary device may identify, in a HTTP response transmitted via the session, an absolute URL that includes a hostname of the server. The device may determine that the absolute URL includes an intranet domain name. The device may generate, responsive to the determination, a URL segment by combining a unique string corresponding to the hostname of the server, with a hostname of the device. The device may rewrite, responsive to the determination, the absolute URL by replacing the server hostname in the absolute URL with the generated URL segment. A DNS server for the client may be configured with a DNS entry comprising a wildcard combined with the device hostname, to cause the DNS server to resolve the rewritten absolute URL to an IP address of the device.

Techniques for auto-starting a VPN in a MAM environment are disclosed. A MAM-controlled application is launched on a computer system. Policy is queried and a determination is made as to whether to auto-start a VPN application based on the policy. Based on the policy, the VPN application is auto-started, and the VPN application initiates a VPN tunnel that is usable by at least the MAM-controlled application. Network communications transmitted to or from the MAM-controlled application then pass through the VPN tunnel.

A roll of media having a core encircled by a length of media units adhered to a liner, the roll of media having the liner having a width across a shortest dimension of the liner, a perforation pattern in the liner configured to react to a tear in the liner by redirecting the tear towards a center line of the perforation pattern; the perforation pattern having a plurality of perforated lines in the liner, wherein each perforated line comprises a series of die-cuts, wherein the perforation pattern comprises a center-line perforation and a plurality of perforations on either side of the center-line perforation.

Some embodiments provide a method that collects metrics for one or more paths of a first tunnel implementing a first security association (SA) and for one or more paths of a second tunnel implementing a second SA. The method selects a path based on the collected metrics of the paths of the first and second tunnels. When the selected path belongs to the first tunnel, the method encrypts data transmitted as encrypted payload of the first SA and transmits the encrypted payload in the first tunnel. When the selected path belongs to the second tunnel, the method encrypts data to be transmitted as encrypted payload of the second SA and transmits the encrypted payload in the second tunnel.

A system and method for performing firewall operations on an edge service gateway virtual machine that monitors traffic for a network. The method includes detecting, from a directory service executing on a computing device, a login event on the computing device, obtaining, from the detected login event, login event information comprising an identifier that identifies a user associated with the login event, storing the login event information as one or more context attributes in an attribute table, and applying a firewall rule to a data message that corresponds to the one or more context attributes.

Among other things, this document describes systems, methods and devices for discovering and identifying client devices that attempt to access out-of-policy network services via a secure web gateway (or other network security gateway) that lacks visibility into the client network actual IP space. This is a common problem with cloud hosted SWG services that enforce access policy from outside of a customer network (e.g., external to an enterprise network), due to network address translation at the interface between the customer network and the public Internet where the cloud-hosted SWG resides. The teachings hereof address this problem. In one embodiment, a cloud hosted SWG can redirect a client to a bouncer device inside the customer network; that bouncer device can capture the actual client IP address.