Systems and methods for bypassing firewalls using a server management protocol is provided. In various embodiments, a proxy component serves as a “man-in-the-middle” between an edge client and a server client. The proxy component can receive a server connection request from the edge client to connect to a requested server client using a managed network name associated with the server client. The proxy component can establish a proxy connection with the requested server client, and routing data packets between the server client and the edge client. The edge client and the server client are connected without the public advertisement of the private addresses of the edge client and the server client.

Certain embodiments of the present disclosure provide a method and apparatus for processing data. The method comprises, at an edge device, parsing a first data packet after receiving the first data packet sent by a client device to obtain a virtual IP address and a destination port that correspond to the first data packet; querying an IP address mapping table according to the virtual IP address to obtain a destination IP address corresponding to the virtual IP address; and sending the first data packet according to the destination IP address and the destination port.

A method of optimizing traffic on a mobile device includes determining that an application is inactive based on historical behavior of the application and blocking traffic originating from or directed towards the application that is determined to be inactive based on historical behavior. A related mobile device is also provided.

Some embodiments provide a novel method of tracking connections in a network. The method receives an identification of a first network endpoint and a second network endpoint. The method then determines that the first network endpoint cannot directly address a packet flow to the second network endpoint. The method identifies an address translation rule of a network device that translates an address of the second network endpoint into a translated address. The method then determines that the first network endpoint can directly address a packet flow to the translated address. The method then identifies a route from the first network endpoint to the second endpoint through the network device that translates the address and displays the route including an identifier of the network device.

Some embodiments provide a novel method of tracking connections in a network. The method receives an identification of a first network endpoint and a second network endpoint. The method then determines that the first network endpoint cannot directly address a packet flow to the second network endpoint. The method identifies an address translation rule of a network device that translates an address of the second network endpoint into a translated address. The method then determines that the first network endpoint can directly address a packet flow to the translated address. The method then identifies a route from the first network endpoint to the second endpoint through the network device that translates the address and displays the route including an identifier of the network device.

A data transceiver device in a repeater according to an exemplary embodiment includes: a radio unit assigned with a unique port number for uniquely identifying the radio unit and a layer splitter connected to the radio unit; a transfer unit configured to transfer an inbound packet to the layer splitter identified by the unique port number when the inbound packet including the unique port number as an internal port number is received; and the layer splitter configured to transfer the inbound packet to the radio unit corresponding to the unique port number when the inbound packet is received through transfer unit.

A data transceiver device in a repeater according to an exemplary embodiment includes: a radio unit assigned with a unique port number for uniquely identifying the radio unit and a layer splitter connected to the radio unit; a transfer unit configured to transfer an inbound packet to the layer splitter identified by the unique port number when the inbound packet including the unique port number as an internal port number is received; and the layer splitter configured to transfer the inbound packet to the radio unit corresponding to the unique port number when the inbound packet is received through transfer unit.

Devices, system and methods build a mesh virtual private network (VPN) in a hybrid cloud cluster having a private and a public cloud with connected network nodes. Each node has an operating system (OS) to discover nodes of the VPN by determining IP addresses and port addresses of the nodes from data received from discovery agents. An internal discovery agent of each of the nodes determines IP addresses and port addresses of the nodes. A node discovery agent located within a node determines IP addresses and port addresses of other nodes. An external discovery agent located outside the cluster determines IP addresses and port addresses of nodes. A VPN configuration data generator of the OS generates VPN configuration data of the clouds using the IP addresses and port addresses. A VPN builder of the OS builds a configuration of the VPN of the hybrid cluster using the VPN configuration data.

Apparatus and methods are disclosed for bridging communications between a private network and a public network. A mapping that associates a first set of IP addresses of endpoints in the private network with a second set of IP addresses of endpoints in the public network is provided which enables communications between the private network and public network for network-address-translation (NAT). In response to a data packet having a first IP address of the first set of IP addresses, the data packet is used to determine whether the local line should be accessed. In response to an indication that the local line should be accessed, the identifier among the second set of IP addresses may be used to activate bridging (e.g., ATB) circuit and redirect a call associated with the data packet by passing the data packet through the ATB circuit.

Apparatus and methods are disclosed for bridging communications between a private network and a public network. A mapping that associates a first set of IP addresses of endpoints in the private network with a second set of IP addresses of endpoints in the public network is provided which enables communications between the private network and public network for network-address-translation (NAT). In response to a data packet having a first IP address of the first set of IP addresses, the data packet is used to determine whether the local line should be accessed. In response to an indication that the local line should be accessed, the identifier among the second set of IP addresses may be used to activate bridging (e.g., ATB) circuit and redirect a call associated with the data packet by passing the data packet through the ATB circuit.