A computer-implemented method is for providing a digital certificate to a device. In an embodiment, the method is based on receiving, from the device, authentication data via a secure communication channel. Furthermore, the method is based on receiving, from the device, or determining, by the server, a first certificate identifier. In particular, the first certificate identifier is a hash value. Further aspects of the method are verifying the authentication data and receiving, from the device, a first public key created by the device. In an embodiment, the method is furthermore based on sending a first certificate signing request related to a first domain name based on the first public key to a certificate authority. Herein, the first domain name comprises the certificate identifier, and a domain related to the first domain name is controlled by the server. In particular, the first domain name is a wildcard domain.

A network device may receive data, may extract primary patterns from a plurality of domain names included in the data, may process the primary patterns, with a hash model, to generate hash keys for the primary patterns, wherein a hash key includes a hash value associated with a wildcard character, and may store the plurality of domain names in a hash table. The network device may extract a particular primary pattern from a particular domain name included in a search request, may determine potential matching patterns based on the particular primary pattern, and may process the potential matching patterns, with the hash model, to generate potential matching hash keys for the potential matching patterns, wherein a hash key includes a hash value associated with a wildcard character. The network device may search, based on the potential matching hash keys, the hash table to identify a matching domain name.

Disclosed herein are a method, a device, and a non-transitory computer readable medium for detecting user migration from an enterprise network to a non-enterprise network by using DNS probing. The method includes detecting at least one of a change in state of network connection and change in operational state of a user migration computing device. A domain name system (DNS) query is generated in response to detecting the at least one of a change in state of network connection and change in operational state of a user migration computing device. Further, the DNS query is sent to at least one of a plurality of DNS servers. If an expected DNS response is received, it is determined that the user migration computing device is in the enterprise network. If expected DNS response is not received, that the user migration computing device is outside the enterprise network.

A method of communication between an electronic device and a cellular network employing a communication protocol is disclosed. The device initiates a connection with the network and during the initiation the device issues to the network at least one information criterion. Once the connection is established, the network forwards to the device only communications required by said communication protocol and any communications which meet the information criterion issued by the device.

Described embodiments provide systems and methods for rewriting an URL in a message transmitted via a clientless SSL VPN session. An intermediary device may identify, in a HTTP response transmitted via the session, an absolute URL that includes a hostname of the server. The device may determine that the absolute URL includes an intranet domain name. The device may generate, responsive to the determination, a URL segment by combining a unique string corresponding to the hostname of the server, with a hostname of the device. The device may rewrite, responsive to the determination, the absolute URL by replacing the server hostname in the absolute URL with the generated URL segment. A DNS server for the client may be configured with a DNS entry comprising a wildcard combined with the device hostname, to cause the DNS server to resolve the rewritten absolute URL to an IP address of the device.

Disclosed herein are a method, a device, and a non-transitory computer readable medium for detecting user migration from an enterprise network to a non-enterprise network by using DNS probing. The method includes detecting at least one of a change in state of network connection and change in operational state of a user migration computing device. A domain name system (DNS) query is generated in response to detecting the at least one of a change in state of network connection and change in operational state of a user migration computing device. Further, the DNS query is sent to at least one of a plurality of DNS servers. If an expected DNS response is received, it is determined that the user migration computing device is in the enterprise network. If expected DNS response is not received, that the user migration computing device is outside the enterprise network.

In aspects of the disclosure, a method, an apparatus, and a computer program product for wireless communication are provided. In one aspect, the apparatus determines if a connection to a PLMN has been established. In another aspect, the apparatus builds a FQDN based on the determination by attempting to build the FQDN using each of the prioritized FQDNs in order of priority until the FQDN is built, building the FQDN using a PLMN ID of the PLMN if it is determined that the PLMN is found in the list, or building the FQDN based on the wildcard PLMN if it is determined that the list comprises the wildcard PLMN. Further still, the apparatus selects a network security gateway to provide network security and internet working control based on the FQDN.

Device, address system and computer program product for routing data from the device to an endpoint over a network. The device executes an instance of a client for routing the data. An address query for requesting a network address of the endpoint is formed in dependence on the type of the client instance, and the address query is sent to the address system. The address system determines an endpoint address based on the address query such that the endpoint address is dependent upon the type of the client instance and sends the endpoint address to the device. Data is then routed from the device to the endpoint address over the network.

Scalable multi-tenant networking can preserve segregation of traffic of different tenants across multiple VLANs over a cluster of nodes. A single process is bound to a wildcard address and a port to listen for traffic across the VLANs and the cluster of nodes. The process detects receipt of a request at one of the multiple addresses assigned to the multiple VLANs and resolves the address to a name of a corresponding one of the VLANs. This is then used to determine an address of a node that is part of the VLAN and that hosts a volume identified in the received request. The requesting client is then redirected to the node that is part of the VLAN and that hosts the identified volume.

Described embodiments provide systems and methods for rewriting an URL in a message transmitted via a clientless SSL VPN session. An intermediary device may identify, in a HTTP response transmitted via the session, an absolute URL that includes a hostname of the server. The device may determine that the absolute URL includes an intranet domain name. The device may generate, responsive to the determination, a URL segment by combining a unique string corresponding to the hostname of the server, with a hostname of the device. The device may rewrite, responsive to the determination, the absolute URL by replacing the server hostname in the absolute URL with the generated URL segment. A DNS server for the client may be configured with a DNS entry comprising a wildcard combined with the device hostname, to cause the DNS server to resolve the rewritten absolute URL to an IP address of the device.