In one example, a network management system discovers a plurality of network devices behind a network address translation device, such as a firewall. The network management system may receive a model of a seed network device, generate a first activation configuration and commit the first activation configuration on the seed network device. The network management system may connect to the seed network device and discover neighboring devices from information in the seed network device. The network management system may connect to the neighboring devices, automatically create a model of the neighboring network devices, generate s activation configurations for the neighboring network devices and commit the activation configurations on the neighboring network devices. The network management system may iterative perform these steps until it discovers all the discoverable network devices behind the network address translation device.

Handling of multiple connections during NAT traversal for a node behind a symmetric NAT is disclosed. The likelihood of connection failure during symmetric NAT traversal may be reduced by serializing critical time windows after port prediction. Once a connection request has been sent for a first connection, port prediction for a subsequent connection may be delayed until a connectivity check has begun for the first connection. This process may be repeated to handle NAT traversal for multiple simultaneous connections to different nodes.

An integrated security system integrates broadband and mobile access and control with conventional security systems and premise devices to provide a tri-mode security network having remote connectivity and access. The integrated security system delivers remote premise monitoring and control functionality to conventional monitored premise protection and complements existing premise protection equipment. The integrated security system integrates into the premise network and couples wirelessly with the conventional security panel, enabling broadband access to premise security systems. Automation devices can be added, enabling users to remotely see live video or pictures and control home devices via a personal web portal or other client device. Camera management enables automatic configuration and management of cameras in the premise network. The camera management extends to remote control and monitoring from outside the firewall of the premise network to include routing of images or video from a streaming source device to a requesting client device.

In one example, a network management system discovers a plurality of network devices behind a network address translation device, such as a firewall. The network management system may receive a model of a seed network device, generate a first activation configuration and commit the first activation configuration on the seed network device. The network management system may connect to the seed network device and discover neighboring devices from information in the seed network device. The network management system may connect to the neighboring devices, automatically create a model of the neighboring network devices, generate s activation configurations for the neighboring network devices and commit the activation configurations on the neighboring network devices. The network management system may iterative perform these steps until it discovers all the discoverable network devices behind the network address translation device.

A terminal device management method is implemented in a server coupled to a number of terminal devices. The terminal device management method includes acquiring network configuration information of each terminal device, grouping the terminal devices according to the network configuration information, selecting a preset proportion of terminal devices in each group as primary connection devices, maintaining a communication connection with the primary connection devices, and communicating with the other terminal devices in the groups through the primary terminal devices.

A terminal device management method is implemented in a server coupled to a number of terminal devices. The terminal device management method includes acquiring network configuration information of each terminal device, grouping the terminal devices according to the network configuration information, selecting a preset proportion of terminal devices in each group as primary connection devices, maintaining a communication connection with the primary connection devices, and communicating with the other terminal devices in the groups through the primary terminal devices.

Techniques are disclosed for configuring a virtual machine instance accessed over a publically routable network address to host intranet applications. A virtual (or dummy) interface on the virtual machine instance is assigned an IP address that is inaccessible from the public interface. An application executed on the virtual machine instance is bound to a port on the network address assigned to this dummy interface. A virtual private network server assigns client's IP addresses that can be routed to the dummy interface. When a client computing system connects to the VPN server over the virtual machine instance's public interface, the client forwards traffic destined for the dummy interface's inaccessible network over the VPN connection.

A method for selecting between a plurality of paths for sending an encrypted packet from a source endpoint to a destination endpoint is provided. The method selects a first path of the plurality of paths for sending the encrypted packet from the source endpoint to the destination endpoint, each of the plurality of paths associated with a different one of a plurality of source ports, the encrypted packet being encrypted based on a security association established between the source endpoint and the destination endpoint in accordance with an IPSec protocol. The method further encapsulates, based on the SA having NAT-T enabled, the encrypted packet with a UDP header having a first source port associated with the first path. The method then transmits the encapsulated encrypted packet from the source endpoint to the destination endpoint via the first path.

A method for selecting between a plurality of paths for sending an encrypted packet from a source endpoint to a destination endpoint is provided. The method selects a first path of the plurality of paths for sending the encrypted packet from the source endpoint to the destination endpoint, each of the plurality of paths associated with a different one of a plurality of source ports, the encrypted packet being encrypted based on a security association established between the source endpoint and the destination endpoint in accordance with an IPSec protocol. The method further encapsulates, based on the SA having NAT-T enabled, the encrypted packet with a UDP header having a first source port associated with the first path. The method then transmits the encapsulated encrypted packet from the source endpoint to the destination endpoint via the first path.

A mounting assembly for securing fixtures to a mounting structure may include a first fastener, a washer, a mounting bracket, and second fastener. The first fastener may be coupled to the mounting structure through a mounting aperture. The washer may be disposed around shaft of the first fastener between a head of the first fastener and the mounting surface. The mounting bracket may be disposed on top of the first fastener. The second fastener may be disposed through the mounting bracket and coupled to head of the first fastener. The washer may be a sealing washer that dispenses liquid sealant under compressive force to moisture-proof the securement of the first fastener to the mounting surface.