A computer implemented method for monitoring and managing a security policy of a plurality of application specific objects across a plurality of datacenters are provides. The computer implemented method includes following steps: (i) displaying the plurality of application devices managed in a security policy management system in a single pane view; (ii) adding new application devices to a device inventory; (iii) automatically generating a trend line graph to display a configuration changes of the plurality of application specific objects over a period of time; (iv) defining a logic for searching and fetching a plurality of rules and a plurality of policies across the plurality of application devices; (v) defining a new security policy to the plurality of application specific objects; and (vi) implementing the new security policy to modify a plurality of user details and a rule and a policy information associated with the plurality of application specific objects.

The present disclosure is directed towards systems and methods for transmitting data packets to a software container executing on a host computing device. A network service can be enabled within a software container established on the host computing device. A data packet of a request formatted according to the network service can be received via a first port of a first subnetwork assigned to the host computing device. The data packet can be forwarded to a second port assigned to the software container, responsive to a network address translation rule associating the second port assigned to the software container with the first port of the host computing device. The second port can be a port of a second subnetwork assigned to the software container. The data packet can be processed according to the network service within the software container.

Systems and methods are provided for near real-time IP user mapping. Such methods may include obtaining IP address assignment data points from different sources including an authentication, authorization, and accounting (AAA) server of a private network, a service provider that provides a computer-based service within the private network, and user devices that have access to the private network. The methods may also include applying an IP mapping rule to the obtained IP address assignment data points to generate IP address mapping.

A system and method for adaptive traffic path management, the method including: receiving at least one packet associated with a traffic flow; determining application parameters associated with the at least one packet; determining attributes correlated with the traffic flow associated with the at least one packet; analyzing the application parameters and attributes to determine a Network Address Translation (NAT) pool for the traffic flow; determining if a modified NAT is needed based on the NAT pool for the traffic flow; if a modified NAT is needed, modifying the NAT for the at least one packet associated with the traffic flow; and sending the at least one packet and the traffic flow associated with the at least one packet to a path associated with the modified NAT.

Whenever an IP packet is routed from a source computing device through to a NAT device on the way to a destination computing device, a PCP client transmits a PCP query to a PCP server to determine the external IP address and external port number that have been substituted for the source IP address and, source port number previously incorporated within the IP packet. Subsequently, the PCP server responds to the PCP client with the information denoting the mapping between the source IP address-some port number pair and the external IP address-external port number pair. A snooping agent is utilized to firstly snoop on the mapping communicated from the PCP server to the PCP client, and secondly to communicate the mapping information to a policy server incorporating a plurality of predefined firewall rules usable in deducing appropriate PACKET ALLOW/PACKET DROP decisions, based on the mapping information.

A method for forwarding a connection at an interconnecting device is described. The method includes receiving from an originating device an incoming connection at an incoming port, determining by at least one hardware processor whether port translation is implemented for the incoming port, in case port translation is implemented for the incoming port, returning to the originating device by the at least one hardware processor a challenge intended to distinguish humans from computers, verifying by the at least one hardware processor that a response received in response to the challenge is a correct response to the challenge, and, in case the response is a correct response to the challenge, forwarding, by the at least one hardware processor, the connection to a translated port corresponding to the incoming port according to the port translation.

In order to achieve location transparency and routing slip extensibility, a system and a method for orchestrating a web service using Business Process Execution Language are disclosed. The method includes: receiving a message, wherein the message comprises an address identifying an extension element; determining, from the address, a location of the extension element identified by the address; responsive to determining the location of the extension element, directing the message to an appropriate location; and storing the message in a computer readable storage medium.

In order to achieve location transparency and routing slip extensibility, a system and a method for orchestrating a web service using Business Process Execution Language are disclosed. The method includes: receiving a message, wherein the message comprises an address identifying an extension element; determining, from the address, a location of the extension element identified by the address; responsive to determining the location of the extension element, directing the message to an appropriate location; and storing the message in a computer readable storage medium.

Some aspects of the methods and systems presented relate to performing stateless address translation between IPv4 capable devices to IPv6 capable networks and devices. Stateless address translation may form a new IPv6 addresses by combining the IPv4 address of a device with an IPv6 prefix address assigned to the translator. The translation may also combine the IPv4 destination address and UDP port information with the new IPv6 address. Existing Domain Name Systems (DNSs) may be leveraged for resolving the IPv4 and IPv6 addresses across different networks.

An intelligent network address translation system and methods for intelligent network address translation. In one embodiment, a network packet is received from a host device, and a stored record associated with the host device is identified. The stored record includes information relating to connection parameters associated with the host device. Using the stored record, a processor determines whether the network packet should be assigned a dedicated address. If so, then the network packet is transmitted using communication parameters including a dedicated IP address. If the packet should not be assigned a dedicated address, then the packet is transmitted using connection parameters including a default public IP address and a port number.