公开(公告)号：US20250047605A1

公开(公告)日：2025-02-06

申请号：US18773755

申请日：2024-07-16

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Natan Elul ,  Roy Azachi ,  Gil Azrielant

IPC: H04L47/125 ,  H04L9/40

Abstract: In some examples, a proxy system establishes a client-side secure network tunnel between the proxy system and a client device, and establishes a plurality of server-side secure connections between the proxy system and respective servers of a trust network. The proxy system load balances a plurality of connections of the client device in the client-side secure network tunnel across the servers of the trust network through respective server-side secure connections of the plurality of server-side secure connections.

公开(公告)号：US20250047681A1

公开(公告)日：2025-02-06

申请号：US18925316

申请日：2024-10-24

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Guy Sviry ,  Natan Elul ,  Daniel Reisel ,  Shay Shwartz

IPC: H04L9/40 ,  H04L67/02

Abstract: A method and system for providing web resources through a zero trust network environment are provided. The system comprises receiving a request from a client device to access a web resource through a zero trust network environment, wherein the web resource is external to the zero trust network environment, the request including a first uniform resource locator (URL), and the resource further including a second URL; fetching the web resource based on the first URL; generating an alternate resource, the alternate resource including an alternate URL replacing the second URL; and providing the alternate resource to the client device.

公开(公告)号：US12155667B2

公开(公告)日：2024-11-26

申请号：US17647395

申请日：2022-01-07

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Guy Sviry ,  Natan Elul ,  Daniel Reisel ,  Shay Shwartz

IPC: H04L9/40 ,  H04L67/02

Abstract: In some examples, a system receives a request from a client device to access a web resource through a zero trust network environment, wherein the web resource is external to the zero trust network environment, the request including a first uniform resource locator (URL), and the web resource including a second URL; fetching the web resource based on the first URL; generating an alternate resource, the alternate resource including an alternate URL replacing the second URL; and providing the alternate resource to the client device.

公开(公告)号：US12224981B2

公开(公告)日：2025-02-11

申请号：US17804718

申请日：2022-05-31

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Yehoshua Haim Chen ,  Shay Farhuma Gutman ,  Omri Himelbrand ,  Gilad Kleinman ,  Shay Shwartz ,  Natan Elul

IPC: H04L9/40

Abstract: A system and method for providing external resources through a zero trust environment includes recording a web session of a first user to generate a policy allowing a second user to access the resource used in the web session. The method includes receiving a request to initiate a network session with the zero trust environment, the request including login credentials, wherein the login credentials correspond to an authorizing user account; receiving a request to access a resource in a network environment which is external to the zero trust environment; detecting in the request a domain associated with the resource; and configuring a policy engine of the zero trust environment to generate a policy allowing network traffic between the domain and a designated user account, based on the received request.

公开(公告)号：US20250047606A1

公开(公告)日：2025-02-06

申请号：US18773763

申请日：2024-07-16

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Natan Elul ,  Roy Azachi ,  Gil Azrielant

IPC: H04L47/125 ,  H04L9/40 ,  H04L67/1004 ,  H04L69/164 ,  H04L69/22

Abstract: In some examples, a load balancer establishes respective secure connections between the load balancer and a plurality of destination servers in a trust network, and performs load balancing of encrypted virtual private network (VPN) traffic across the destination servers. The load balancer receives an encrypted data packet from a client device, the encrypted data packet including a VPN message header having a destination identification field relating to identifying a destination server in the trust network. The load balancer determines whether a selected destination server in the trust network is identified based on a value of the destination identification field in the VPN message header, the selected destination server being one of the plurality of destination servers. Based on determining that the selected destination server is identified based on the value of the destination identification field in the VPN header, the load balancer sends the encrypted data packet to the selected destination server.