Novel dynamic firewall for NSP networks

Shlomi Dolev (Inventor)

Research output: Patent


Method for protecting an NSP data network
against data overflow, according to which the NSP data
network is divided to a protected sub-network and an
unprotected sub-network. Connectivity to external data
networks is allowed through the unprotected sub-network via a set of predefined controlled data ports. Each
user is connected to the protected sub-network via a
proxy router and to the unprotected sub-network via gateway routers that are connected to the proxy router
through interconnected intermediating routers and to unprotected sub-network via the set of controlled data ports.
A maximum available bandwidth that can be processed
by a user is determined for each user and maximal subbandwidth is allocated for each router, such that the subbandwidth is smaller than the bandwidth. Whenever the
data packet flow intended to the user exceeds the subbandwidth at one of the routers, the excess packet flow
is filtered according to predetermined criteria defined by
the user, who gets a report about the filtered packets
within a predetermined period after the filtering begins.
Otherwise, the data packet flow is passed from each router to the next router until the proxy router.
Original languageEnglish
Patent numberEP 1959630 A3
StatePublished - 2012


Dive into the research topics of 'Novel dynamic firewall for NSP networks'. Together they form a unique fingerprint.

Cite this