DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 09/24/2020 has been entered.

Status of Claims
This Office Action is in response to the amendment filed on 09/24/2020.  
Applicant amended claims 9, 10, 13, 19, 21-23 and 26.
Claims 1-8, 14, and 27 were canceled.
Claims 29-30 are new.
The claims 9-13, 15-26, and 28-30 are pending.

Response to Arguments
Applicant’s arguments and amendments with respect to the 35 USC §103, have been considered but in light of the amended claims, new prior art were found, Perry (US 20030154306 A1) and Tatlicioglu et al. (US 20170195295 A1), that discloses the added limitations. Including: receiving an outbound communication from the DNS server at the virtual network gateway, assigning outbound traffic addressing ranges for translating outbound traffic addressing of the outbound communication; and changing the outbound traffic addressing ranges after a condition is satisfied and wherein the condition is a predetermined length of time.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 13 rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as failing to set forth the subject matter which the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the applicant regards as the invention. 
Claim 13 recites the limitation "the first orchestration module".  There is insufficient antecedent basis for this limitation in the claim.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention 

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 9-12, 15, 17-20, 22-25, and 29-30 are rejected under 35 U.S.C. 103 as being unpatentable over Yadav et al. (US 20160359887 A1) hereinafter referred to as Yadav in view of Ringdahl et al. (US 20150058967 A1) hereinafter referred to as Ringdahl and further in view of Nucci (US 7584507 B1) hereinafter referred to as Nucci, in view of Perry (US 20030154306 A1) hereinafter referred to as Perry, in view of Tatlicioglu et al. (US 20170195295 A1) hereinafter referred to as Tatlicioglu.

With respect to claim 9, Yadav discloses: A method, comprising: receiving an inbound communication for a Domain Name System (DNS) server at a virtual network function instantiated as a virtual network gateway, (Yadav paragraph [0016] teaches network components using DNS data wherein the endpoint components illustrated in FIG.5 unit 16 running VM 18 (Virtual Machine), connected to DNS servers 72 and 74. Wherein these endpoint units could be a gateway as recited in paragraph [0033]).
wherein the virtual network gateway is instantiated using cloud services provided by one or more hardware servers hosting the cloud services; (Yadav FIG. 5 illustrating different computing components connected to unit 16 operating in a cloud environment).
interrogating the inbound communication against a traffic state table at the virtual network gateway; (Yadav paragraph [0087] teaches “analytics engine 88” which may be installed on the virtual gateway monitoring communication, incoming and outgoing, between the DNS or NAT, and the other network devices as shown in FIG. 5).
determining the inbound communication corresponds to an entry in the traffic state table; (Yadav paragraphs [0082-0083] discloses a traffic table, based on IP tables wherein if there is a match the communication is forwarded to the DNS server).
Yadav does not explicitly disclose based on the inbound communication corresponding to the entry in the traffic state table, transmitting the inbound communication to the DNS server and the entry is removed from the traffic state table; 
However, Ringdahl in an analogous art paragraph [0022] discloses a firewall state table establishing an entry rule, based on IP and port wherein that entry is available for a limited time after user connects which means that communication would be transmitted; The entry rule could be based on incoming connection request [0026-0027] then after that in paragraphs [0031 and 0039] disclose the firewall traffic state table wherein a temporary rule based on device identifier such as port and IP is established for a certain period and allows traffic to pass to wherever destination it is meant to; wherein a “gateway node 1150 then removes the established rule from the address mapping table, such that the removed rule preventing access via the user address and sent port number” to destination that meets the recitation based on the inbound communication corresponding to the entry in the traffic state table, transmitting the inbound communication to the DNS server and the entry is removed from the traffic state table.
and based on the inbound communication not corresponding to an entry in the traffic state table, dropping the inbound communication at the virtual network gateway, (Ringdahl paragraphs [0031] discloses at the gateway using the firewall state table wherein “NAT map rule 1168 is then removed, after establishing the requested connection, the rule such that subsequent requests for connection to the local host 1110 via the same connection access identifier are ignored” which means that the communication would not be allowed, which is mapped to dropped. Also the rules as explained in the previous limitation are based on the match with an IP and port).
wherein the inbound communication corresponds to an entry in the traffic state table when the inbound communication matches an internet protocol (IP) address and a user datagram protocol (UDP) port number associated with the entry in the traffic state table, (Ringdahl paragraph [0019] discloses that the communication employs TCP/IP and or UDP wherein paragraph [0025] discloses that the rule is defined using IP and port number).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Yadav as disclosed above wherein inbound communication corresponds to an entry in the traffic state table, the inbound communication is transmitted to the DNS server and the entry is removed from the traffic state table disclosed by Ringdahl in order to “effectively prevents an attacker from continuously scanning or polling known RDP ports, as well as restricting the virtual machine (i.e. computing services session instantiated on the server) to which a user with valid credentials and the right end point IP address can access” (see Ringdahl paragraph [0023]).
Yadav does not explicitly disclose and wherein determining if the inbound communication corresponds to an entry in the traffic state table is based on whether the inbound communication comprises an entry that is derivable from one or more fields of the traffic state table.
However, Nucci in an analogous art that detects DDoS attack source, as recited in the Abstract, discloses: and wherein determining if the inbound communication corresponds to an entry in the traffic state table is based on whether the inbound communication comprises an entry that is derivable from one or more fields of the traffic state table. (Nucci column 9 line 44 to column 10 line 8 disclose the determining of incoming communication matching an entry in a traffic table wherein the entry is derivable based on a hash for example. In addition, column 10 lines 20-23 discloses that the matching could be done with a “bloom filter” which matches the applicant’s description in the instant application specifications document paragraph [0039]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Yadav as disclosed above wherein determining if the inbound communication corresponds to an entry in the traffic state table is based on whether the inbound communication comprises an entry that is derivable from one or more fields of the traffic state table disclosed by Nucci in order to “identify the attack sources by exploiting the spatial and temporal correlation of DDoS attack traffic [and] identify attack sources without modifying existing IP forwarding mechanism and without the global upgrade of existing systems.” (see Nucci column 4 lines 56-65).
Yadav does not explicitly disclose the amended claim limitations.
However, Perry in an analogous art discloses: receiving an outbound communication from the DNS server at the virtual network gateway; (Perry [0071] discloses “The RPAT device receives the packet from the external DNS” wherein the RPAT is mapped to the functionality disclosed by the applicant’s claimed virtual gateway, which could be implemented as hardware device as disclosed by applicant’s paragraph [0063]).
assigning outbound traffic addressing ranges for translating outbound traffic addressing of the outbound communication; (Perry [0071] discloses for translating the outbound traffic received from the DNS “the Passive RPAT device assigns a unique port number to the Private IP address” wherein the assigned port is part of an IP/port range according to Perry [0069 and 0081]).

While Perry [0026 and 0071] disclose that the outbound traffic address is changed when a predetermined timer expires, Perry does not explicitly disclose changing the “addressing ranges”. 
However, Tatlicioglu in an analogous art discloses: and changing the outbound traffic addressing ranges after a condition is satisfied. (Tatlicioglu [0046] discloses “IP address pool and their states are changed” and then new “IP addresses are assigned along with the new route” after Time To Live (TTL) expires, wherein the TTL expiration is mapped to the satisfied condition).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Yadav with changing the outbound traffic addressing ranges after a condition is satisfied as disclosed by Tatlicioglu in order to provide strict anonymity even when the network switches are compromised, see Tatlicioglu Abstract.

With respect to claim 10, Yadav in view of Ringdahl, Nucci, Perry, and Tatlicioglu disclose: The method of claim 9, further comprising: creating the entry in the traffic state table, the entry based on the outbound communication.  (Yadav paragraph [0082] discloses a DNS server which could be a “recursive DNS server” wherein the data flowing is collected and analyzed as explained in paragraph [0089]).

With respect to claim 11, Yadav in view of Ringdahl, Nucci, Perry, and Tatlicioglu disclose: The method of claim 10, further comprising: translating outbound traffic addressing of the outbound communication to a converted traffic addressing; (Yadav paragraph [0082] “DNS or NAT devices operable to provide information used to access or translate addresses used to contact one or more computers, resources, networks, servers, etc.”)
and logging the converted traffic addressing in the entry of the traffic state table.  (Yadav paragraph [0086] teaches “One or more of the DNS or NAT devices may also include sensors 26” therefore the sensors would collect the incoming and outgoing information and report them to the database).

With respect to claim 12, Yadav in view of Ringdahl, Nucci, Perry, and Tatlicioglu disclose: The method of claim 11, further comprising: translating inbound traffic addressing of the inbound communication to correspond to the outbound traffic addressing for routing in response to matching the inbound traffic addressing to the converted traffic addressing in the traffic state table during interrogating of the inbound communication.  (Ringdahl paragraph [0028] discloses “receiving user login request” wherein if the request is identified, which means there is a match with a “temporary NAT rule” which also means that the NAT does the translation using the corresponding rule).

With respect to claim 15, Yadav in view of Ringdahl, Nucci, Perry, and Tatlicioglu disclose: The method of claim 11, wherein translating the outbound traffic addressing changes at least one of an internet protocol address and a port number of the outbound traffic addressing.  (Yadav paragraph [0049] teaches for communication there as to be a source/destination IP and port, which is what DNS/NAS do for translation).

With respect to claim 17, Yadav in view of Ringdahl, Nucci, Perry, and Tatlicioglu disclose: The method of claim 9, wherein the virtual network gateway is an internet gateway router.  (Yadav paragraph [0025] teaches the node could be a VPN router).

With respect to claim 18, Yadav in view of Ringdahl, Nucci, Perry, and Tatlicioglu disclose: The method of claim 9, wherein the DNS server is a recursive DNS server.  (Yadav paragraph [0082] teaches “DNS server (e.g., recursive DNS sever 72, [or] authoritative DNS server 74)”.

With respect to claim 19, Yadav discloses: An apparatus, comprising: a processor; and a memory coupled with the processor, wherein the memory comprises executable instructions stored thereon (Yadav, paragraph [0017], Fig. 5 illustrates components used in the prior art that implicitly have processors to execute operations) that when executed by the processor cause the processor to effectuate operations comprising: creating an entry in a traffic state table based on an outbound communication from a Domain Name System (DNS) server; (Yadav paragraph [0016] teaches network components using DNS data wherein the endpoint components illustrated in FIG.5 unit 16 running VM 18 (Virtual Machine), connected to DNS servers 72 and 74. Wherein these endpoint units could be a gateway as recited in paragraph [0033]. Yadav paragraph [0087] teaches “analytics engine 88” which may be installed on the virtual gateway monitoring communication, incoming and outgoing, between the DNS or NAT, and the other network devices as shown in FIG. 5).
interrogating an inbound communication for the DNS server at a virtual network gateway; (Yadav paragraph [0087] teaches “analytics engine 88” which may be installed on the virtual gateway monitoring communication, incoming and outgoing, between the DNS or NAT, and the other network devices as shown in FIG. 5)
determining the inbound communication corresponds to an entry in the traffic state table; (Yadav paragraphs [0082-0083] discloses a traffic table, based on IP tables wherein if there is a match the communication is forwarded to the DNS server).
Yadav does not explicitly disclose based on the inbound communication corresponding to the entry in the traffic state table, transmitting the inbound communication to the DNS server and the entry is removed from the traffic state table;
However, Ringdahl in an analogous art paragraph [0022] discloses a firewall state table establishing an entry rule, based on IP and port wherein that entry is available for a limited time after user connects which means that communication would be transmitted; The entry rule could be based on incoming connection request [0026-0027] then after that in paragraphs [0031 and 0039] disclose the firewall traffic state table wherein a temporary rule based on device identifier such as port and IP is established for a certain period and allows traffic to pass to wherever destination it is meant to; wherein a “gateway node 1150 then removes the established rule from the address mapping table, such that the removed rule preventing access via the user address and sent port number” to destination that meets the recitation based on the inbound communication corresponding to the entry in the traffic state table, transmitting the inbound communication to the DNS server and the entry is removed from the traffic state table.
based on the inbound communication not corresponding to an entry in the traffic state table for the outbound communication, dropping the inbound communication at the virtual network gateway, (Ringdahl paragraphs [0031] discloses at the gateway using the firewall state table wherein “NAT map rule 1168 is then removed, after establishing the requested connection, the rule such that subsequent requests for connection to the local host 1110 via the same connection access identifier are ignored” which means that the communication would not be allowed, which is mapped to dropped. Also the rules as explained in the previous limitation are based on the match with an IP and port).
wherein the inbound communication corresponds to an entry in the traffic state table when the inbound communication matches an internet protocol (IP) address and a user datagram protocol (UDP) port number associated with the entry in the traffic state table, (Ringdahl paragraph [0019] discloses that the communication employs TCP/IP and or UDP wherein paragraph [0025] discloses that the rule is defined using IP and port number).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Yadav as disclosed above wherein inbound communication corresponds to an entry in the traffic state table, the inbound communication is transmitted to the DNS server and the entry is removed from the traffic state table disclosed by Ringdahl in order to “effectively prevents an attacker from continuously scanning or polling known RDP ports, as well as restricting the virtual machine (i.e. computing services session instantiated on the server) to which a user with valid credentials and the right end point IP address can access” (see Ringdahl paragraph [0023]).
Yadav does not explicitly disclose and wherein determining if the inbound communication corresponds to an entry in the traffic state table is based on whether the inbound communication comprises an entry that is derivable from one or more fields of the traffic state table.
However, Nucci in an analogous art that detects DDoS attack source, as recited in the Abstract, discloses: and wherein determining if the inbound communication corresponds to an entry in the traffic state table is based on whether the inbound communication comprises an entry that is derivable from one or more fields of the traffic state table. (Nucci column 9 line 44 to column 10 line 8 disclose the determining of incoming communication matching an entry in a traffic table wherein the entry is derivable based on a hash for example. In addition, column 10 lines 20-23 discloses that the matching could be done with a “bloom filter” which matches the applicant’s description in the instant application specifications document paragraph [0039]).

Yadav does not explicitly disclose the amended claim limitations.
However, Perry in an analogous art discloses: assigning outbound traffic addressing ranges for translating outbound traffic addressing of the outbound communication; (Perry [0071] discloses for translating the outbound traffic received from the DNS “the Passive RPAT device assigns a unique port number to the Private IP address” wherein the assigned port is part of an IP/port range according to Perry [0069 and 0081]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Yadav with receiving an outbound communication from the DNS server at the virtual network gateway and assigning outbound traffic addressing ranges for translating outbound traffic addressing of the outbound communication as disclosed by Perry in order to ensure that the IP addresses are assigned a unique port (see Perry [0071]).
While Perry [0026 and 0071] disclose that the outbound traffic address is changed when a predetermined timer expires, Perry does not explicitly disclose changing the “addressing ranges”.
However, Tatlicioglu in an analogous art discloses: and changing the outbound traffic addressing ranges after a condition is satisfied. (Tatlicioglu [0046] discloses “IP address pool and their states are changed” and then new “IP addresses are assigned along with the new route” after Time To Live (TTL) expires, wherein the TTL expiration is mapped to the satisfied condition).


With respect to claim 20, Yadav in view of Ringdahl, Nucci, Perry, and Tatlicioglu disclose: The apparatus  of claim 19, further comprising: translating outbound traffic addressing of the outbound communication to converted traffic addressing; (Yadav paragraph [0082] “DNS or NAT devices operable to provide information used to access or translate addresses used to contact one or more computers, resources, networks, servers, etc.”)
logging the converted traffic addressing in the entry of the traffic state table; (Yadav paragraph [0086] teaches “One or more of the DNS or NAT devices may also include sensors 26” therefore the sensors would collect the incoming and outgoing information and report them to the database).
and translating inbound traffic addressing of the inbound communication to correspond to the outbound traffic addressing for routing (Yadav paragraph [0082] teaches the DNS and NAT translation. It is implicit that the function of the DNS and NAT address translation is done for incoming to match outgoing traffic).
in response to matching the inbound traffic addressing to the converted traffic addressing in the traffic state table.  (Yadav paragraph [0087] teaches the “anomaly detection system” which compares the incoming and outgoing translated addresses to find a match within the interrogated inbound communication).

With respect to claim 22, Yadav discloses: A computer readable storage medium storing computer executable instructions that when executed by a computing device cause said computing device to effectuate operations comprising: creating an entry in a traffic state table based on an outbound communication from a Domain Name System (DNS) server; (Yadav paragraph [0016] teaches network components using DNS data wherein the endpoint components illustrated in FIG.5 unit 16 running VM 18 (Virtual Machine), connected to DNS servers 72 and 74. Wherein these endpoint units could be a gateway as recited in paragraph [0033]. Yadav paragraph [0087] teaches “analytics engine 88” which may be installed on the virtual gateway monitoring communication, incoming and outgoing, between the DNS or NAT, and the other network devices as shown in FIG. 5).
interrogating an inbound communication for the DNS server at a virtual network gateway; (Yadav paragraph [0087] teaches “analytics engine 88” which may be installed on the virtual gateway monitoring communication, incoming and outgoing, between the DNS or NAT, and the other network devices as shown in FIG. 5).
determining if the inbound communication corresponds to an entry in the traffic state table; (Yadav paragraphs [0082-0083] discloses a traffic table, based on IP tables wherein if there is a match the communication is forwarded to the DNS server).
Yadav does not explicitly disclose based on the inbound communication corresponding to the entry in the traffic state table, transmitting the inbound communication to the DNS server and the entry is removed from the traffic state table;
However, Ringdahl in an analogous art paragraph [0022] discloses a firewall state table establishing an entry rule, based on IP and port wherein that entry is available for a limited time after user connects which means that communication would be transmitted; The entry rule could be based on incoming connection request [0026-0027] then after that in paragraphs [0031 and 0039] disclose the firewall traffic state table wherein a temporary rule based on device identifier such as port and IP is established for a certain period and allows traffic to pass to wherever destination it is meant to; wherein a “gateway node 1150 then removes the established rule from the address mapping table, such that the based on the inbound communication corresponding to the entry in the traffic state table, transmitting the inbound communication to the DNS server and the entry is removed from the traffic state table.
based on the inbound communication not corresponding to an entry in the traffic state table for the outbound communication, dropping the inbound communication at the virtual network gateway, (Ringdahl paragraphs [0031] discloses at the gateway using the firewall state table wherein “NAT map rule 1168 is then removed, after establishing the requested connection, the rule such that subsequent requests for connection to the local host 1110 via the same connection access identifier are ignored” which means that the communication would not be allowed, which is mapped to dropped. Also the rules as explained in the previous limitation are based on the match with an IP and port).
wherein the inbound communication corresponds to an entry in the traffic state table when the inbound communication matches an internet protocol (IP) address and a user datagram protocol (UDP) port number associated with the entry in the traffic state table, (Ringdahl paragraph [0019] discloses that the communication employs TCP/IP and or UDP wherein paragraph [0025] discloses that the rule is defined using IP and port number).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Yadav as disclosed above wherein inbound communication corresponds to an entry in the traffic state table, the inbound communication is transmitted to the DNS server and the entry is removed from the traffic state table disclosed by Ringdahl in order to “effectively prevents an attacker from continuously scanning or polling known RDP ports, as well as restricting the virtual machine (i.e. computing services session instantiated on the server) to which a user with valid credentials and the right end point IP address can access” (see Ringdahl paragraph [0023]).
and wherein determining if the inbound communication corresponds to an entry in the traffic state table is based on whether the inbound communication contains an entry that is derivable from one or more fields of the traffic state table.
However, Nucci in an analogous art that detects DDoS attack source, as recited in the Abstract, discloses: and wherein determining if the inbound communication corresponds to an entry in the traffic state table is based on whether the inbound communication contains an entry that is derivable from one or more fields of the traffic state table. (Nucci column 9 line 44 to column 10 line 8 disclose the determining of incoming communication matching an entry in a traffic table wherein the entry is derivable based on a hash for example. In addition, column 10 lines 20-23 discloses that the matching could be done with a “bloom filter” which matches the applicant’s description in the instant application specifications document paragraph [0039]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Yadav as disclosed above wherein determining if the inbound communication corresponds to an entry in the traffic state table is based on whether the inbound communication comprises an entry that is derivable from one or more fields of the traffic state table disclosed by Nucci in order to “identify the attack sources by exploiting the spatial and temporal correlation of DDoS attack traffic [and] identify attack sources without modifying existing IP forwarding mechanism and without the global upgrade of existing systems.” (see Nucci column 4 lines 56-65).
Yadav does not explicitly disclose the amended claim limitations.
However, Perry in an analogous art discloses: assigning outbound traffic addressing ranges for translating outbound traffic addressing of the outbound communication; (Perry [0071] discloses for translating the outbound traffic received from the DNS “the Passive RPAT device assigns a unique port number to the Private IP address” wherein the assigned port is part of an IP/port range according to Perry [0069 and 0081]).

While Perry [0026 and 0071] disclose that the outbound traffic address is changed when a predetermined timer expires, Perry does not explicitly disclose changing the “addressing ranges”.
However, Tatlicioglu in an analogous art discloses: and changing the outbound traffic addressing ranges after a condition is satisfied. (Tatlicioglu [0046] discloses “IP address pool and their states are changed” and then new “IP addresses are assigned along with the new route” after Time To Live (TTL) expires, wherein the TTL expiration is mapped to the satisfied condition).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Yadav with changing the outbound traffic addressing ranges after a condition is satisfied as disclosed by Tatlicioglu in order to provide strict anonymity even when the network switches are compromised, see Tatlicioglu Abstract.

With respect to claim 23, Yadav in view of Ringdahl, Nucci, Perry, and Tatlicioglu disclose: The computer readable storage medium of claim 22, the operations further comprising: receiving an outbound communication from the DNS server at the virtual network gateway; and creating the entry in the traffic state table, the entry based on the outbound communication. (Yadav paragraph [0082] discloses a DNS server which could be a “recursive DNS server” wherein the data flowing is collected and analyzed as explained in paragraph [0089]).

With respect to claim 24, Yadav in view of Ringdahl, Nucci, Perry, and Tatlicioglu disclose: The computer readable storage medium of claim 23, the operations further comprising: translating outbound traffic addressing of the outbound communication to a converted traffic addressing; (Yadav paragraph [0082] “DNS or NAT devices operable to provide information used to access or translate addresses used to contact one or more computers, resources, networks, servers, etc.”)
and logging the converted traffic addressing in the entry of the traffic state table.  (Yadav paragraph [0086] teaches “One or more of the DNS or NAT devices may also include sensors 26” therefore the sensors would collect the incoming and outgoing information and report them to the database).

With respect to claim 25, Yadav in view of Ringdahl, Nucci, Perry, and Tatlicioglu disclose: The computer readable storage medium of claim 24, the operations further comprising: translating inbound traffic addressing of the inbound communication to correspond to the outbound traffic addressing for routing in response to matching the inbound traffic addressing to the converted traffic addressing in the traffic state table during interrogating of the inbound communication.  (Ringdahl paragraph [0028] discloses “receiving user login request” wherein if the request is identified, which means there is a match with a “temporary NAT rule” which also means that the NAT does the translation using the corresponding rule).

With respect to claim 29, Yadav in view of Ringdahl, Nucci, Perry, and Tatlicioglu disclose: The apparatus of claim 19, wherein the condition is a predetermined length of time. (Tatlicioglu [0046] discloses “IP address pool and their states are changed” and then new “IP addresses are assigned along with the new route” after Time To Live (TTL) expires, wherein the TTL expiration is mapped to the predetermined length of time).

With respect to claim 30, Yadav in view of Ringdahl, Nucci, Perry, and Tatlicioglu disclose: The computer readable storage medium of claim 22, wherein the condition is a predetermined length of time. (Tatlicioglu [0046] discloses “IP address pool and their states are changed” and then new “IP addresses are assigned along with the new route” after Time To Live (TTL) expires, wherein the TTL expiration is mapped to the predetermined length of time).

Claim 13, 16, 21, 26, and 28  is/are rejected under 35 U.S.C. 103 as being unpatentable over Yadav in view of Ringdahl, Nucci, Perry, and Tatlicioglu as applied to claims 9-12, 15, 17-20, 22-25, and 29-30 above, and further in view of Boden et al. (US 6832322 B1) hereinafter referred to as Boden.

With respect to claim 13, Yadav in view of Ringdahl, Nucci, Perry, and Tatlicioglu: The method of claim 12, 
They do not explicitly disclose first orchestration module coordinates assignment of the outbound traffic addressing ranges with a second orchestration module to select the outbound traffic addressing ranges to be different from those assigned in association with the second orchestration module.
However, Boden in a similar field of endeavor in FIG.2, showing the traffic addressing ranges wherein column 4 lines 22-25 teaches that FIG. 2 is related to “destination outbound NAT, used with source outbound NAT, to allow two subnets” to communicate. Wherein the first orchestration module coordinates assignment of the outbound traffic addressing ranges with a second orchestration module to select the outbound traffic addressing ranges to be different from those assigned in association with the second orchestration module, (Boden column 5 lines 53-62 and FIG.1 teach Step 28 “PROCESS SA PAIR UPDATES” which is coordinating assignment of addressing ranges from FIG. 1 Step 22 the “IP SEC NAT POOLS” for the different VPN connections).
and wherein the second orchestration module is associated with a second network gateway.  (Boden column 4 lines 22-25 teaches that FIG. 2 is related to “destination outbound NAT, used with source outbound NAT, to allow two subnets” to communicate wherein there are two different network gateways 470 and 472).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Yadav, Ringdahl, Nucci, Perry, and Tatlicioglu as combined above with selecting outbound traffic addressing ranges disclosed by Boden in order to “allow multiple local hosts to concurrently communicate to the same external system via the same VPN connection.” (Boden, column 9 lines 15-18).

With respect to claim 16, Yadav in view of Ringdahl, Nucci, Perry, Tatlicioglu, and Boden disclose: The method of claim 15, further comprising selecting the internet protocol address for the outbound traffic addressing and the port number for the outbound traffic addressing from an internet protocol address pool and a port number address pool.  (Boden column 9 lines 8-18 teaches NAT selecting ip and port from a pool for outbound address translation).

With respect to claim 21, Yadav in view of Ringdahl, Nucci, Perry, and Tatlicioglu disclose: The apparatus of claim 20, further comprising: translating inbound traffic addressing of the inbound communication to correspond to the outbound traffic addressing for routing in response to matching the inbound traffic addressing to the converted traffic addressing in the traffic state table during interrogating of the inbound communication; (Ringdahl paragraph [0028] discloses “receiving user login request” wherein if the request is identified, which means there is a match with a “temporary NAT rule” which also means that the NAT does the translation using the corresponding rule).

However, Boden in a similar field of endeavor in FIG.2, showing the traffic addressing ranges wherein column 4 lines 22-25 teaches that FIG. 2 is related to “destination outbound NAT, used with source outbound NAT, to allow two subnets” to communicate. Wherein assignment of the outbound traffic addressing ranges is coordinated with assignment for a second network gateway by selecting the outbound traffic addressing ranges to be different from outbound traffic addressing ranges for the second network gateway.  (Boden column 5 lines 53-62 and FIG.1 teach Step 28 “PROCESS SA PAIR UPDATES” which is coordinating assignment of addressing ranges from FIG. 1 Step 22 the “IP SEC NAT POOLS” for the different VPN connections. Wherein Boden column 4 lines 22-25 teaches that FIG. 2 is related to “destination outbound NAT, used with source outbound NAT, to allow two subnets” to communicate wherein there are two different network gateways 470 and 472).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Yadav, Ringdahl, Nucci, Perry, and Tatlicioglu as combined above with selecting outbound traffic addressing ranges disclosed by Boden in order to “allow multiple local hosts to concurrently communicate to the same external system via the same VPN connection.” (Boden, column 9 lines 15-18).

With respect to claim 26, Yadav in view of Ringdahl, Nucci, Perry, and Tatlicioglu disclose: The computer readable storage medium of claim 25, the operations 
They do not explicitly disclose a first orchestration module coordinates assignment of the outbound traffic addressing ranges with a second orchestration module to select the outbound traffic addressing ranges to be different from those assigned in association with the second orchestration module.
However, Boden in a similar field of endeavor in FIG.2, showing the traffic addressing ranges wherein column 4 lines 22-25 teaches that FIG. 2 is related to “destination outbound NAT, used with source outbound NAT, to allow two subnets” to communicate.Wherein a first orchestration module coordinates assignment of the outbound traffic addressing ranges with a second orchestration module to select the outbound traffic addressing ranges to be different from those assigned in association with the second orchestration module, (Boden column 5 lines 53-62 and FIG.1 teach Step 28 “PROCESS SA PAIR UPDATES” which is coordinating assignment of addressing ranges from FIG. 1 Step 22 the “IP SEC NAT POOLS” for the different VPN connections).
and wherein the second orchestration module is associated with a second network gateway.  (Boden column 4 lines 22-25 teaches that FIG. 2 is related to “destination outbound NAT, used with source outbound NAT, to allow two subnets” to communicate wherein there are two different network gateways 470 and 472).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Yadav, Ringdahl, Nucci, Perry, and Tatlicioglu as combined above with selecting outbound traffic addressing ranges disclosed by Boden in order to “allow multiple local hosts to concurrently communicate to the same external system via the same VPN connection.” (Boden, column 9 lines 15-18).

With respect to claim 28, Yadav in view of Ringdahl, Nucci, Perry, and Tatlicioglu disclose: The method of claim 9, 
Yadav paragraph [0087] discloses: further comprising screening traffic destined for external entities downstream of the virtual network gateway; however Yadav does not explicitly disclose: by varying addressing information associated with the DNS server such that address ranges associated with the DNS server are hidden to external entities downstream of the virtual network gateway.
However, Boden in an analogous art discloses screening traffic destined for external entities downstream of the virtual network gateway by varying addressing information associated with the DNS server, wherein the benefit would be such that address ranges associated with the DNS server are hidden to external entities downstream of the virtual network gateway. (Boden column 6 line 60 to column 7 line 18 disclose a gateway in communication with a DNS wherein a NAT is used to select an address from a list for translation, which means that addresses associated with DNS communication would vary).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Yadav, Ringdahl, Nucci, Perry, and Tatlicioglu as combined above with varying addressing information associated with the DNS server disclosed by Boden in order hide the ip and port for network security (see Boden Abstract in view of column 9 lines 8-18). 

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Yin et al. (US 20170359305 A1) paragraph [0055] discloses deleting a DNAT table entry after a predetermined duration of time.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HANY S GADALLA whose telephone number is (571)272-2322.  The examiner can normally be reached on Mon to Fri 8:30AM - 5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/H.S.G./Examiner, Art Unit 2493                                                                                                                                                                                                        
/CARL G COLIN/Supervisory Patent Examiner, Art Unit 2493