DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions.
Remarks
In a response filed on October 19, 2021 (the “Response”), Applicant amends claims 22, 26, 28, 32, 36 and 39.
Claims 22, 23 and 25-42 are presented for examination.
Response to Arguments
Applicant’s arguments submitted October 19, 2021 has been fully considered, but it is not persuasive for at least the following reasons,
On page 12, in the Remarks section of the Response, Applicant argues:
“First, claim 22 recites identifying which of multiple sets of processing rules enforced by a firewall application applies to a packet, with each set of multiple sets of processing rules corresponding to a different one of multiple distributed firewalls.  For each respective logical network of multiple logical networks, the respective set of processing rules corresponding to the respective distributed firewall associated with the respective logical network is enforced by the firewall application executing on the physical host computer and by firewall applications executing on each of other physical host computers on which at least one end machine connected to the respective logical network operates.  The cited references do not disclose or suggest such distributed firewalls as recited in the claims.”

However, Examiner respectfully disagrees with Applicant’s instant argument for at least the reasons set forth below in the prior art rejection of claim 22.
On page 12 of the Response, Applicant also argues:
“there is only a single firewall disclosed in Trojanowski, and these modules are merely discrete modules of the single firewall 151.”


On pages 12-13, Applicant argues:
“Finally, clause (v) recites that the respective set of processing rules corresponding to the respective distributed firewall associated with the respective logical network is enforced by the firewall application executing on the physical host computer and firewall applications executing on each of the other physical host computers on which at least one end machine connected to the respective logical network operates, which [] results in firewall applications on multiple host computers enforcing each of processing rules.”

However, Examiner respectfully disagrees with Applicant’s instant argument (i.e., that clause (v) “results in firewall applications on multiple host computers enforcing each set of processing rules”) because: the limitation “each set of processing rules” is simply not recited within the claim language of clause (v).  Although the claims are interpreted in light of the specification, limitations from the specification are not read into the claims.  See In re Van Geuns, 988 F.2d 1181 (Fed. Cir. 1993).
On page 13, Applicant argues:
“The SVMs in Srinivasan are [] not distributed firewalls, but instead operate as separate, distinct firewalls for their local servers.”

However, Examiner respectfully submits that Applicant’s instant argument is nonresponsive for at least the following reason(s).

“Applicant’s instant argument (i.e., that ‘distributed firewalls’ do not ‘operate as separate, distinct firewalls for their local servers’) is circular: not just because (1) Applicant’s claim requires that its distributed firewalls ‘corresponds to a different’ set of “processing rules” (i.e., ‘operate as separate, distinct firewalls’) and ‘is associated with a different’ logical network (i.e., ‘their local server’ or service network); but also because (2) the plain and ordinary computer definition of the term ‘distributed’1  requires autonomous computing (i.e., ‘separate, distinct’ computing entities).”

Therefore, Examiner respectfully submits that Applicant’s instant argument is nonresponsive because it fails to address this rebuttal to Applicant’s instant argument.
On page 13, Applicant also argues:
“this interpretation goes against the clear meaning of distributed in the claims....”

In response, Examiner notes that Applicant’s instant argument is presented without any actual support.  However, such conclusory arguments of counsel cannot take the place of factually supported objective evidence.  See MPEP § 2145.
On page 13, Applicant further argues:
“the claims, [] explicitly recite that each set of processing rules corresponding to a distributed firewall associated with a logical network is enforced by firewall applications executing on multiple physical host computers....”

However, Applicant’s instant argument is nonresponsive because the prior art rejections do not rely on Srinivasan to teach the limitation of Applicant’s instant argument (i.e., “each set of processing rules corresponding to a distributed firewall associated with a logical network is enforced by firewall applications executing on multiple physical host not actually recited in the rejected claims (as explained in item 6 above). 
On page 13, Applicant moreover argues:
“paragraph 25 does not even describe ‘distributing’ the SVMs, but simply describes that each server includes one SVM.”

However, Examiner respectfully disagrees with Applicant’s instant argument because the “same” thing cannot exist in two different places at once.  Accordingly, Examiner respectfully submits that Srinivasan’s disclosure that “each server includes one” SVM, thus, cannot describe a “single” SVM and, instead, must describe an SVM that has been “distributed” to “each server.”
On page 14, Applicant argues:
“different virtual hosts are not distributed firewalls, as they all execute on a single firewall physical machine.”

In response, Examiner notes that Applicant’s instant argument (i.e., that “distributed firewalls” cannot “all execute on a single firewall physical machine”) is presented without any actual support.  However, as previously stated in item 8 above, such conclusory arguments of counsel cannot take the place of factually supported objective evidence.  See MPEP § 2145.
Therefore, Examiner respectfully disagrees with Applicant’s instant argument because Wesinger’s “firewalls” are clearly “distributed” among different virtual machines, which “all execute on a single firewall physical machine.”
On page 14, Applicant also argues:
“in claim 22, each set of processing rules corresponding to a distributed firewall is enforced by firewall applications executing on multiple physical host computers.”


To be specific, Examiner’s position is not that Wesinger teaches the limitation of Applicant’s instant argument (i.e., “each set of processing rules corresponding to a distributed firewall is enforced by firewall applications executing on multiple physical host computers”).  Rather, as set forth in the prior art rejection below, Examiner’s actual position is inter alia that Wesinger teaches:
“the respective set of processing rules (C1-N, FIG. 5) is enforced by a firewall application (VH1-N, FIG. 5) executing on a physical host computer (500, FIG. 5) (¶ 74, 76 “firewall...runs on...physical machines, such as a single computer 500...Each…VHN has a separate CN/set of processing rules”; ¶ 79 “configuration CN includes…processing /access rules 513”)”

And that Soundararajan teaches:
“for each respective logical network (102, FIG. 2), the respective distributed firewall associated with the respective logical network is enforced by a firewall application (112, FIG. 2) executing on the physical host computer (200, FIG. 3A) and by firewall applications executing on each of the other physical host computers (202-206, FIG. 3A) on which at least one end machine (116a, FIG. 3A) connected to the respective logical network operates (¶ 21, 16 ‘Firewall VM 112 provides protected access to...server 102, i.e...access to each of virtual machines 116’)”

Accordingly, Examiner further notes that one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references.  See In re Keller, 642 F.2d 413 (CCPA 1981); In re Merck & Co., 800 F.2d 1091 (Fed. Cir. 1986).
On page 14, Applicant further argues:
distributed firewalls.”

However, Examiner respectfully disagrees with Applicant’s instant argument because: like the firewall 112 that is “distributed” among each of Srinivasan’s multiple hosts 106, collectively, the firewall 112 that is “distributed” among each of Soundararajan’s multiple hosts 200-206, also read on the phrase “multiple distributed firewalls.” 
On page 14, Applicant moreover argues:
“The firewall virtual machines in Soundararajan are not distributed firewalls as recited in Applicant’s claims....”

In response, Examiner notes that Applicant’s instant argument is presented without any actual support.  However, as previously stated, such conclusory arguments of counsel cannot take the place of factually supported objective evidence in the record.  See MPEP § 2145.
Notwithstanding, Examiner respectfully disagrees with Applicant’s instant argument because the firewall 112 of Soundararajan actually is “distributed” among each of Soundararajan’s multiple hosts 200-206.  See, e.g., Soundararajan at FIG. 3A.
Furthermore, on page 14, Applicant argues:
“there is nothing in Soundararajan that describes enforcing distributed firewalls that each correspond to a different one of multiple sets of processing rules.”

However, Examiner notes that Applicant’s instant argument (i.e., that Soundararajan does not teach “enforcing distributed firewalls that each correspond to a different one of multiple sets of processing rules”) is nonresponsive because it fails to address Examiner’s actual position.
not that Soundararajan teaches the limitation of Applicant’s instant argument (i.e., “enforcing distributed firewalls that each correspond to a different one of multiple sets of processing rules”).  Rather, Examiner’s actual position is inter alia that Trojanowski teaches:
“the plurality of sets of processing rules corresponds to a different distributed firewall (151, FIG. 1B) (¶ 49 “all the configurations of the firewall in a linked list…a list of all objects 145a…n”; ¶ 56, 64 “pointer 318…identifies/points to the object 145 that defines how the processing...will treat packet 340”; note: Trojanowski’s configurations include “firewall rules” [see ¶ 42], and Trojanowski virtually distributes each firewall to hosts 120 as a configuration 145 [see ¶ 40, 46 and FIG. 1A])...”
And that Wesinger teaches:
“(i) each set of processing rules of a plurality of sets of processing rules (C1-N, FIG. 5) corresponds to a different one of a plurality of distributed firewalls (VH1-N, FIG. 5) (¶ 76 “Each…VHN has a separate CN/set of processing rules”; ¶ 79 “configuration CN includes…processing/access rules 513”)....”

A previously stated, one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references.  See Keller, 642 F.2d at 413; and Merck & Co., 800 F.2d at 1091.
On pages 14-15, Applicant argues:
“like the many other references, Rangegowda fails to disclose anything regarding distributed firewalls....”

However, Examiner respectfully disagrees with Applicant’s instant argument because: as set forth in the prior art rejection below, paragraphs 29 and 42 disclose that “Rangegowda’s software applications may be distributed.”  In other words, Examiner respectfully submits that the phrase “distributed firewalls” is rendered obvious by Rangegowda’s firewall software application because: paragraphs 29 and 42 disclose that Rangegowda’s software applications may be “distributed.”
On page 15, Applicant argues:
“the cited references do not disclose or suggest that each logical network of serveral logical networks (i) connects a set of end machines that operate on a physical host computer with other end machines that operate on several other physical host computers and that are connected to the respective logical network and (ii) is implemented by respective managed forwarding elements executing on the respective physical host computers on which at least one end machine connected to the respective logical network operates.”

However, Examiner respectfully disagrees with Applicant’s instant argument because Soundararajan teaches the limitations of Applicant’s instant argument.
To be specific, as set forth in the prior art rejection below, Examiner respectfully submits that inter alia Soundararajan teaches:
(iii) each respective logical network (102, FIG. 2) of a plurality of logical networks (collectively: 200-206, FIG. 3A) logically connects a respective set of end machines (example: 116a, FIG. 3A) that operate on a physical host computer (example: 200, FIG. 3A) with other end machines (example: 116b-116c, FIG. 3A) that operate on a respective plurality of other physical host computers (example: 202-206, FIG. 3A) and that are connected to the respective logical network (¶ 15, 16, 17, 18 “virtual machines 116a-1 through 116a-3 behind firewall VM 112a”; note: Soundjaran’s invention can be practiced in a distributed computing environment/plurality of physical machines [see ¶ 18, 21, 24 and FIG. 3A]); and
(iv) each respective logical network (102, FIG. 2) is implemented by a plurality of respective managed forwarding elements (110 and 114, FIG. 2) executing on a respective plurality of physical host computers on which at least one end machine connected to the respective logical network operates (¶ 15, 16, 17 “Each ESX server 200-206 includes a public switch 110a through 110d, a private switch 114a through 114d, a firewall virtual manager 112a through 112d and corresponding virtual machines 116a-1 through 116d-3, respectively”, ¶ 21 “microprocessor systems/physical computer”; note: Soundjaran’s invention can be practiced in a distributed computing environment/plurality of physical machines [see ¶ 21, 24])....

On page 15, Applicant also argues:
“a single server cannot be a logical network that connects a set of end machines that operate on a physical host computer with other end machines that operate on several other host computers.”


For example, Examiner’s position is not that “a single server” can “be a logical network that connects a set of end machines that operate on a physical host computer with other end machines that operate on several other host computers.”  Rather, as set forth by the prior art rejection below and item 17 above, Examiner’s actual position is inter alia that virtual end machines 116 are connected by logical network 102, which is within each of Soundararajan’s host computer servers 200-206.
On page 15, Applicant further argues:
“a single server cannot be a logical network that is implemented by several managed forwarding elements executing on the several host computers.”

However, Applicant’s instant argument is nonresponsive because it fails to address Examiner’s actual position.
For example, Examiner’s position is not that “a single server” can “be a logical network that is implemented by several managed forwarding elements executing on the several host computers.”  Rather, as set forth by the prior art rejection below and item 17 above, Examiner’s actual position is inter alia that each of Soundararajan’s host computer servers 200-206 includes a logical network 102 implemented by forwarding elements 110 and 114, which execute on each host computer server 200-206.
On page 15, Applicant moreover argues:
“it does not make any logical sense for one ESX server to span multiple physical hosts.”

However, Applicant’s instant argument is nonresponsive because it fails to address Examiner’s actual position.
not that “one ESX server” spans “multiple physical hosts.”  Rather, Examiner’s actual position is that “one ESX server” is a “physical host.”
On pages 15-16, Applicant argues:
“Regarding a logical network spanning multiple host computers, the recited language of Applicant’s claims states that each respective logical network logically connects a respective set of end machines that operate on the physical host computer with other end machines that operate on a respective plurality of other physical host computers and that are connected to the same respective logical network.”

In response, Examiner notes that the limitation upon which Applicant’s instant argument relies (i.e., “a logical network spanning multiple host computers”), is not actually recited in the rejected claims.  Accordingly, Examiner further notes that although the claims are interpreted in light of the specification, limitations from the specification are not read into the claims.  See In re Van Geuns, 988 F.2d 1181 (Fed. Cir. 1993).

Since Applicant argues its remaining claims mutatis mutandis as per claim 22, Examiner’s rebuttal to Applicant’s foregoing arguments apply equally to Applicant’s remaining arguments.
Claim Rejections - 35 USC § 103
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made.

Claims 22, 23, 25-34, 36, 37, 39, 40 and 42 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Trojanowski (US 2009/0025077 A1, hereinafter Trojanowski) in view of Srinivasan et al. (US 2011/0255538 A1, hereinafter Srinivasan) further in view of Wesinger, Jr. et al. (US 2007/0101421 A1, hereinafter Wesinger) further in view of Soundararajan (US 2010/0125667 A1, hereinafter Soundararajan) further in view of Rangegowda et al. (US 2011/0113483 A1, hereinafter Rangegowda).
Regarding claims 22 and 36, Trojanowski teaches: a non-transitory machine readable medium storing a firewall application (125, FIG. 1B) for execution by at least one processing unit of a physical host computer (120, FIG. 1A) (¶ 39 “Agent 125 executing/running on each of the Host/DSA 120”; note: Trojanowski’s “host” may be a “desktop computer” [see ¶ 3, 39], and Trojanowski’s application 125 includes a “firewall” [see ¶ 42, 46, 47, 48]), the firewall application comprising sets of instructions for:
receiving, a packet (340, FIG. 3) on the physical host computer (¶ 50 “a packet 340 arriving at host 120”);
identifying which of a plurality of sets of processing rules (145a…n, FIG. 2) enforced by the firewall application applies to the packet (¶ 56, 64 “pointer 318…identifies/points to the object 145 that defines how the processing...will treat packet 340”), wherein:
(i) the plurality of sets of processing rules corresponds to a different distributed firewall (151, FIG. 1B) (¶ 49 “all the configurations of the firewall in a linked list…a list of all objects 145a…n”; ¶ 56, 64 “pointer 318…identifies/points to the object 145 that defines how the processing...will treat packet 340”; note: Trojanowski’s configurations include 
(ii) each distributed firewall of the plurality of distributed firewalls (151a...n, FIG. 1B) is associated with a network (115, FIG. 1A) (¶ 41 “host (Host/DSA) 120 communicate[s] over a link or connection such as the [] local network 115”; note: each of Trojanowski’s firewalls 151a...n is associated with network 115 [see ¶ 39, 41, 42]);
(v) the respective set of processing rules is enforced by the firewall application executing on the physical host computer (¶ 39 “Agent 125 executing/running on each of the Host/DSA 120”; ¶ 9 “firewall configurations at a computer”; note: Trojanowski’s “host” may be a “desktop computer” [see ¶ 3, 39], and Trojanowski’s application 125 includes a “firewall” [see ¶ 42, 46, 47, 48, 56, 64]); and
(vi) identifying which of the plurality of sets of processing rules (145a…n, FIG. 2) enforced by the firewall application applies to the packet (¶ 56, 64 “pointer 318… identifies/points to the object 145 that defines how the processing...will treat packet 340”);
determining (555, FIG. 5) whether to allow the packet based on the identified set of processing rules (¶ 75 “make a determination 555 as to whether packet 340 needs to be dropped or passed”); and
when the packet is allowed, sending (535, FIG. 5) the packet (¶ 74 “packet 340…is considered to have passed 535 the filtering operation”).
However, Trojanowski does not explicitly disclose: receiving a packet from a managed forwarding element executing on the physical host computer; wherein: (i) each set of processing rules of the plurality of sets of processing rules corresponds to a  distributed firewall of the plurality of distributed firewalls is associated with a different one of a plurality of logical networks; (iii) each respective logical network of the plurality of logical networks logically connects a respective set of end machines that operate on the physical host computer with other end machines that operate on a respective plurality of other physical host computers and that are connected to the respective logical network; (iv) each respective logical network is implemented by a respective plurality of managed forwarding elements executing on the respective plurality of physical host computers on which at least one end machine connected to the respective logical network operates; (v) for each respective logical network, the respective set of processing rules corresponding to the respective distributed firewall associated with the respective logical network is enforced by the firewall application executing on the physical host computer and by firewall applications executing on each of the other physical host computers on which at least one end machine connected to the respective logical network operates; and (vi) identifying which of the plurality of sets of processing rules enforced by the firewall application applies to the packet comprises determining whichof the plurality of logical networks the packet is traversing; and when the packet is allowed, sending the packet back to the managed forwarding element executing on the physical host computer.
In an analogous art, Srinivasan teaches receiving a packet (616, FIG. 6A) from a managed forwarding element (630, FIG. 6A) executing on a physical host computer (106, FIG. 6A) (¶ 38 “frame 616 is received …frame 616 is forwarded to a port…where it is transmitted to SVM 112…configured to provide a...firewall”; note: frame 616 is a 2 such as forwarding element 630, is executable “software” [see ¶ 18, 38]); wherein:
(ii) each distributed firewall of a plurality of distributed firewalls (112, FIG. 1) is associated with a different one of a plurality of logical networks (108, FIG. 1) (note: Srinivasan distributes a firewall 112 to each logical network 106 [see ¶ 25 and FIG. 1]) and
(v) for each respective logical network (108, FIG. 1), the respective distributed firewall (112, FIG. 1) associated with the respective logical network is enforced by a firewall application executing on the physical host computer (106, FIG. 1) on which at least one end machine (110, FIG. 1) connected to the respective logical network operates (¶ 25 “for network traffic destined for one of the VMs 110 on that serve[r] 106... SVM 112 may provide firewall”; note: Srinivasan’s server 106 may be “a physical appliance” [see ¶ 24]);
when the packet is allowed, sending the packet back to the managed forwarding element executing on the physical host computer (¶ 18, 38 “Once processed by SVM 112, frame 616 is sent back towards port 612 on virtual switch 630”).
At the time that the invention was made, one of ordinary skill in the art would have recognized the ability to utilize the teachings of Srinivasan: (1) for having a managed forwarding element receive a logical network’s packets; and (2) for operating at least one end machine on a physical host computer that executes a firewall application to enforce distributed firewalls that are each associated with a different logical network.  The teachings of Srinivasan, when respectively used with (1) the 
However, Trojanowski in view of Srinivasan does not explicitly disclose: wherein: (i) each set of processing rules of the plurality of sets of processing rules corresponds to a different one of a plurality of distributed firewalls; (iii) each respective logical network of the plurality of logical networks logically connects a respective set of end machines that operate on the physical host computer with other end machines that operate on a respective plurality of other physical host computers and that are connected to the respective logical network; (iv) each respective logical network is implemented by a respective plurality of managed forwarding elements executing on the respective plurality of physical host computers on which at least one end machine connected to the respective logical network operates (v) for each respective logical network, the respective set of processing rules corresponding to the respective distributed firewall associated with the respective logical network is enforced by the firewall application executing on the physical host computer and by firewall applications executing on each of the other physical host computers on which at least one end machine connected to the respective logical network operates; and (vi) identifying which of the plurality of sets 
In an analogous art, Wesinger teaches wherein:
(i) each set of processing rules of a plurality of sets of processing rules (C1-N, FIG. 5) corresponds to a different one of a plurality of distributed firewalls (VH1-N, FIG. 5) (¶ 76 “Each…VHN has a separate CN/set of processing rules”; ¶ 79 “configuration CN includes…processing/ access rules 513”);
(v) the respective set of processing rules (C1-N, FIG. 5) is enforced by a firewall application (VH1-N, FIG. 5) executing on a physical host computer (500, FIG. 5) (¶ 74, 76 “firewall...runs on...physical machines, such as a single computer 500...Each…VHN has a separate CN/set of processing rules”; ¶ 79 “configuration CN includes…processing /access rules 513”) and
(vi) identifying which of the plurality of sets of processing rules (C1-N, FIG. 5) enforced by the firewall application (VH1-N, FIG. 5) applies to a packet (¶ 76 “Each… VHN has a separate CN/set of processing rules”; ¶ 79 “configuration CN includes… processing/access rules 513”; note: it is implicit that at some point Wesinger must identify a set of rules CN to apply/enforce [see ¶ 76, 79]).
At the time that the invention was made, one of ordinary skill in the art would have recognized the ability to utilize the teachings of Wesigner for having different sets of processing rules each correspond to a different distributed firewall.  The teachings of Wesigner, when used with the sets of processing rules that correspond to, and are enforced by, the system of Trojanowski in view of Srinivasan’s distributed firewalls, will make the system more dynamic by enabling each of its firewalls’ configurations to be 
However, Trojanowski in view of Srinivasan further in view of Wesinger does not explicitly disclose wherein: (iii) each respective logical network of the plurality of logical networks logically connects a respective set of end machines that operate on the physical host computer with other end machines that operate on a respective plurality of other physical host computers and that are connected to the respective logical network; (iv) each respective logical network is implemented by a respective plurality of managed forwarding elements executing on the respective plurality of physical host computers on which at least one end machine connected to the respective logical network operates (v) for each respective logical network, the respective set of processing rules corresponding to the respective distributed firewall associated with the respective logical network is enforced by the firewall application executing on the physical host computer and by firewall applications executing on each of the other physical host computers on which at least one end machine connected to the respective logical network operates; and (vi) identifying which of the plurality of sets of processing rules enforced by the firewall application applies to the packet comprises determining which of the plurality of logical networks the packet is traversing.
In an analogous art, Soundararajan teaches wherein:
(iii) each respective logical network (102, FIG. 2) of a plurality of logical networks (collectively: 200-206, FIG. 3A) logically connects a respective set of end machines (example: 116a, FIG. 3A) that operate on a physical host computer (example: 200, FIG. 3A) with other end machines (example: 116b-116c, FIG. 3A) that operate on a  and that are connected to the respective logical network (¶ 15, 16, 17, 18 “virtual machines 116a-1 through 116a-3 behind firewall VM 112a”; note: Soundjaran’s invention can be practiced in a distributed computing environment/plurality of physical machines [see ¶ 18, 21, 24 and FIG. 3A]);
(iv) each respective logical network (102, FIG. 2) is implemented by a plurality of respective managed forwarding elements (110 and 114, FIG. 2) executing on a respective plurality of physical host computers on which at least one end machine connected to the respective logical network operates (¶ 15, 16, 17 “Each ESX server 200-206 includes a public switch 110a through 110d, a private switch 114a through 114d, a firewall virtual manager 112a through 112d and corresponding virtual machines 116a-1 through 116d-3, respectively”, ¶ 21 “microprocessor systems/physical computer”; note: Soundjaran’s invention can be practiced in a distributed computing environment/plurality of physical machines [see ¶ 21, 24]) and
(v) for each respective logical network (102, FIG. 2), the respective distributed firewall associated with the respective logical network is enforced by a firewall application (example: 112a, FIG. 3A) executing on the physical host computer (200, FIG. 3A) and by firewall applications (example: 112b-d, FIG. 3A) executing on each of the other physical host computers (202-206, FIG. 3A) on which at least one end machine (116x-1, FIG. 3A) connected to the respective logical network operates (¶ 21, 16 “Firewall VM 112 provides protected access to...server 102, i.e...access to each of virtual machines 116”).

However, Trojanowski in view of Srinivasan further in view of Wesinger further in view of Soundararajan does not explicitly disclose, yet Rangegowda teaches wherein:
(v) for each respective logical network (example: 304/306, FIG. 3), the respective set of processing rules (example: 308/310, FIG. 3) corresponding to the respective distributed firewall associated with the respective logical network is enforced by a firewall application (108, FIG. 3) executing on a physical host computer (600, FIG. 6) (¶ 1 “firewall profiles depend[] on the network”; ¶ 22, 21 “examine packets...to determine which firewall profiles 308/310...to select”; ¶ 41 “computer 602 can operate in a networked environment (e.g., IP-based) using logical connections...to one or more networks”; note: Rangegowda’s software applications may be distributed [see ¶ 29, 42] and it is implicit that Rangegowda’s logical connections 304/306 may connect to logical networks, such as a work network and/or a home network [see ¶ 1, 16, 41]); and
(vi) identifying which of the plurality of sets of processing rules (example: 308/ 310, FIG. 3) enforced by the firewall application applies to the packet comprises 
At the time that the invention was made, one of ordinary skill in the art would have recognized the ability to utilize the teachnigs of Rangegowda for: (1) having, for each logical network, a respective set of processing rules correspond to a respective distributed firewall executed by a firewall application; and (2) determining which logical network a packet is traversing in order to identify which set of processing rules enforced by the firewall application, applies to the packet.  The teachings of Rangegowda, when used within (1) the sets of processing rules’ correspondence to the system of Trojanowski in view of Srinivasan further in view of Wesinger further in view of Soundararajan’s distributed firewall and (2) the system’s identification of a set of processing rules, will: (1) improve the system by enabling each of its logical networks to have their own set of processing rules; and (2) provide the system with network-specific functionality by enabling it to apply a set of processing rules to a packet on the basis of which logical network the packet is traversing.  Therefore, Examiner concludes that it would have been obvious for one of ordinary skill in the art to arrive at the above-claimed invention.
Regarding claim 23, Trojanowski in view of Srinivasan further in view of Wesinger further in view of Soundararajan further in view of Rangegowda teaches all of a…n, FIG. 2 / Wesinger: C1..N, FIG. 5 / Rangegowda: 308/310, FIG. 3) are received by the firewall application (Trojanowski: 125, FIG. 1B / Rangegowda: 108, FIG. 3) from a network (Trojanowski: 115, FIG. 1A) control system (Trojanowski: 110, FIG. 1A) that also configures (Srinivasan: 404 and 406, FIG. 4) the managed forwarding element (Srinivasan: 630, FIG. 6A) (Trojanowski ¶ 41 “configuration 105/145 received from DSM 110”; Srinivasan ¶ 30, 31, 32 “virtual switch 630 may receive a network policy”; Wesinger ¶ 76, 79; Rangegowda ¶ 1 “firewall profiles depend[] on the network”; Rangegowda ¶ 22, 21 “determine which firewall profiles 308/310...to select/receive”).
At the time that the invention was made, one of ordinary skill in the art would have recognized the ability to utilize the teachings of Srinivasan for having a control system configure a managed forwarding element (e.g., a “switch”).  The teachings of Srinivasan, when used with the system of Trojanowski in view of Srinivasan further in view of Wesinger further in view of Soundararajan further in view of Rangegowda’s managed forwarding element, will improve the system by enabling it to remotely configure its managed forwarding elements.  Therefore, Examiner concludes that it would have been obvious for one of ordinary skill to arrive at the above-claimed invention.
Regarding claim 25, Trojanowski in view of Srinivasan further in view of Wesinger further in view of Soundararajan further in view of Rangegowda teaches all of the limitations of claim 22, as previously stated, and further teaches wherein:
a...n, FIG. 1B / Wesinger: VH1...N, FIG. 5) comprises a particular distributed firewall (Trojanowski: 151, FIG. 1B / Wesinger: VHX, FIG. 5) with a corresponding particular set of processing rules (Trojanowski: 145a…n, FIG. 2 / Wesinger: CX, FIG. 5 / Rangegowda: 308/310, FIG. 3) enforced by the firewall application (Trojanowski: 125, FIG. 1B / Rangegowda: 108, FIG. 3) (Trojanowski ¶ 56, 64 “object 145 [] defines how the processing...will treat packet 340”; Wesinger ¶ 74 “Each…VHN has a separate CN/set of processing rules”; Wesinger ¶ 79 “configuration CN includes…processing/access rules 513”; Rangegowda ¶ 22, 21 “to determine which firewall profiles 308/310...to select”; note: Trojanowski’s configurations include “firewall rules” [see ¶ 42], and Trojanowski virtually distributes each firewall as a configuration 145 [see Trojanowski ¶ 40, 46 and FIG. 1A]); and
a particular logical network (Srinivasan: 106, FIG. 2 / Soundararajan: 102, FIG. 2) that comprises the particular distributed firewall (Trojanowski: 151, FIG. 1B / Srinivasan: 112, FIG. 1 / Soundararajan: 112a, FIG. 3A) logically connects a particular set of end machines (Srinivasan: 110, FIG. 1 / Soundararajan: 116a, FIG. 3A) through a set of logical forwarding elements (Soundararajan: 110 and 114, FIG. 3A) (Trojanowski  ¶ 39, 56, 64 “pointer 318…identifies/points to the object 145 that defines how the processing ...will treat packet 340”; Srinivasan ¶ 25 “SVM 112 may provide firewall...a single SVM 112 is spawned for each physical server 106, allowing a given SVM 112 to provide services for the VMs on that server 106”; Soundararajan ¶ 17, 16 “Firewall VM 112 provides protected access to the internal portion of ESX server 102... Switch 114 provides access to...virtual machines 116”; note: both Soundararajan and Srinivasan’s servers each include a logical network of virtual machines [see: Srinivasan ¶ 25; 3 Soundararajan’s managed forwarding elements are logical forwarding elements when they are implemented on independent machines/microprocessor systems [see Soundararajan ¶ 21, 24]).
At the time that the invention was made, it would have been obvious for one of ordinary skill in the art to recognize the ability to utilize the teachings of Soundararajan for implementing managed forwarding elements within independent machines.  The teachings of Soundararajan, when used within the system of Trojanowski in view of Srinivasan further in view of Wesinger further in view of Soundararajan further in view of Rangegowda’s managed forwarding elements, will make the system more robust by preventing a crash of one of its logical networks from impacting another logical network of the system.  Therefore, Examiner concludes that it would have been obvious for one of ordinary skill to arrive at the above-claimed invention.
Regarding claim 26, Trojanowski in view of Srinivasan further in view of Wesinger further in view of Soundararajan further in view of Rangegowda teaches all of the limitations of claim 25, as previously stated, and further teaches: wherein the particular distributed firewall (Trojanowski: 151, FIG. 1B / Srinivasan: 112, FIG. 6A / Soundararajan: 112, FIG. 3A) logically connects to a logical router (Srinivasan: 630, FIG. 6A) implemented by a particular one of the pluralities of managed forwarding elements, including the managed forwarding element (Srinivasan: 212, FIG. 2 / Soundararajan: 110/114, FIG. 3A) executing on the physical host computer (Srinivasan: 106, FIG. 6A / Soundararajan: 200, FIG. 3A), the logical router comprising a set of routing policies that determines whether the managed forwarding element executing on 
At the time that the invention was made, one of ordinary skill in the art would have recognized the ability to utilize the teachings of Srinivasan for having a managed forwarding element implement a routing functionality.  The teachings of Srinivasan, when used within the system of Trojanowski in view of Srinivasan further in view of Wesinger further in view of Soundararajan further in view of Rangegowda’s managed forwarding element, will improve the efficiency of the system’s network traffic transmissions by using the managed forwarding element to route the system’s network traffic.  Therefore, Examiner concludes that it would have been obvious for one of ordinary skill in the art to arrive at the above-claimed invention.
Regarding claim 27, Trojanowski in view of Srinivasan further in view of Wesinger further in view of Soundararajan further in view of Rangegowda teaches all of the limitations of claim 25, as previously stated, and further teaches: wherein the managed forwarding element (Srinivasan: 630, FIG. 6A) implements the particular logical network (Srinivasan: 106, FIG. 2 / Soundararajan: 102, FIG. 2) by implementing the set of logical forwarding elements (Soundararajan: 110 and 114, FIG. 3A) (Srinivasan ¶ 38 “managed forwarding element/switch 630”; Soundararajan ¶ 15, 16 “Within ESX server 102 resides switches 110 and 114/set of forwarding elements... 
At the time that the invention was made, one of ordinary skill in the art would have recognized the ability to utilize the teachings of Soundararajan for using a set of logical forwarding elements to implement a logical network.  The teachings of Soundararajan, when used within the system of Trojanowski in view of Srinivasan further in view of Wesinger further in view of Soundararajan further in view of Rangegowda’s logical network will improve network traffic efficiency by enabling the system’s intra-network and inter-network traffic to be forwarded or routed independently of one another.  Therefore, Examiner concludes that it would have been obvious for one of ordinary skill in the art to arrive at the above-claimed invention.
Regarding claim 28, Trojanowski in view of Srinivasan further in view of Wesinger further in view of Soundararajan further in view of Rangegowda teaches all of the limitations of claim 22, as previously stated, and further teaches: wherein when the identified set of processing rules specifies to drop (Trojanowski: 555-550, FIG. 5) the packet (Trojanowski: 340, FIG. 3 / Srinivasan: 616, FIG. 6A), the firewall application executing on the physical host computer does not send the packet back to the managed forwarding element (Srinivasan: 630, FIG. 6A) executing on the physical host computer (Trojanowski ¶ 75 “If the packet_object 310 needs to be dropped, step 550 is evoked”; Trojanowski ¶ 39 “firewall configurations”; Srinivasan ¶ 11, 38 “SVM 112 may be configured...as firewall...Once processed by the SVM 112, packet/frame 616 is sent 
At the time that the invention was made, one of ordinary skill in the art would have recognized the ability to utilize the teachings of Srinivasan for having a firewall send a packet back to a managed forwarding element after the firewall processes the packet.  The teachings of Srinivasan, when used with the system of Trojanowski in view of Srinivasan further in view of Wesinger further in view of Soundararajan further in view of Rangegowda’s processing rules for dropping a packet, will prevent the foregoing feature of Srinivasan’s teachings (i.e., “having a firewall send a packet back to a managed forwarding element after the firewall processes the packet”) from unnecessarily increasing the transmission load of the system’s firewall(s) by having Srinivasan’s feature refrain from sending a packet whenever the system’s processing rules specify that the packet should be dropped.  Therefore, Examiner concludes that it would have been obvious for one of ordinary skill in the art to arrive at the above-claimed solution.
Regarding claim 29, Trojanowski in view of Srinivasan further in view of Wesinger further in view of Soundararajan further in view of Rangegowda teaches all of the limitations of claim 22, as previously stated, and further teaches: wherein the packet (Trojanowski: 340, FIG. 3 / Srinivasan: 616, FIG. 6A) sent back (Trojanowski: 550-560, FIG. 5) to the managed forwarding element (Srinivasan: 630, FIG. 6A) is treated as a new packet by the managed forwarding element (Trojanowski ¶ 75 “a determination... packet 340 needs to be...passed on to the next...module”; Srinivasan ¶ 11, 38 “SVM 112 may be configured...as firewall...Once processed by the SVM 112, packet/frame 
At the time that the invention was made, one of ordinary skill in the art would have recognized the ability to utilize the teachings of Srinivasan for having a managed forwarding element route all of its network traffic according to a routing policy (e.g., a traffic destination rule).  The teachings of Srinivasan, when used within the managed forwarding element of the system of Trojanowski in view of Srinivasan further in view of Wesinger further in view of Soundararajan further in view of Rangegowda’s treatment of packets, will improve the integrity of the managed forwarding element’s routing by ensuring that it routes every packet according to the managed forwarding element’s routing policy.  Therefore, Examiner concludes that it would have been obvious for one of ordinary skill in the art to arrive at the above-claimed invention.
Regarding claim 30, Trojanowski in view of Srinivasan further in view of Wesinger further in view of Soundararajan further in view of Rangegowda teaches all of the limitations of claim 22, as previously stated, and teaches further comprising: negotiating (Srinivasan: 404, FIG. 4) a software port (Srinivasan: 612, FIG. 6A) with the managed forwarding element (Srinivasan: 630, FIG. 6A) prior to receiving any packets (Trojanowski: 340, FIG. 3 / Srinivasan: 616, FIG. 6A) from the managed forwarding element (Trojanowski ¶ 51 “packet 340”; Srinivasan ¶ 11, 30 “an SVM port profile may be assigned 404 to port 612”; note: it is implicit that port 612 was negotiated/assigned to firewall 112 before the latter received any packets because Srinivasan fails to disclose anything to the contrary [see Srinivasan ¶ 11, 30, 38]), wherein:

the packet is sent back to the managed forwarding element through the negotiated software port (Srinivasan ¶ 38 “Once processed by the SVM 112, frame 616 is sent back towards port 612 on virtual switch 630”).
At the time that the invention was made, one of ordinary skill in the art would have recognized the ability to utilize the teachings of Srinivasan for having a firewall negotiate a software port with a managed forwarding element prior to receiving any packets.  The teachings of Srinivasan, when used with the system of Trojanowski in view of Srinivasan further in view of Wesinger further in view of Soundararajan further in view of Rangegowda’s “receiving a packet from” and “sending the packet back to” a managed forwarding element, will maintain the integrity of the routing of the system’s port by ensuring that each packet communicated between a firewall and the system’s managed forwarding element is routed through a negotiated port.  Therefore, Examiner concludes that it would have been obvious for one of ordinary skill in the art to arrive at the above-claimed invention.
Regarding claims 31 and 38, Trojanowski in view of Srinivasan further in view of Wesinger further in view of Soundararajan further in view of Rangegowda teaches all of the limitations of claims 22 and 36, as previously stated, and further teaches wherein identifying which of the plurality of sets of processing rules (Trojanowski: 145a…n, FIG. 2 / Wesinger: C1,2...N, FIG. 5 / Rangegowda: 308/310, FIG. 3) applies to the packet N to apply/enforce [see Wesinger ¶ 76, 79]) comprises:
after receiving the packet, reading a slice identifier (Trojanowski: 318, FIG. 3) appended to the packet (Trojanowski: 310/340, FIG. 3) (note: identifier 318 must be read to traverse through Trojanowski’s firewall [see Trojanowski ¶ 51, 56, 72]); and
matching the slice identifier with a particular set of processing rules (Trojanowski: Configuration A, FIG. 6) that corresponds to a particular one of the plurality of distributed firewalls (Trojanowski: 151, FIG. 1B) (note: Trojanowski indicates that identifier 318 must be matched in order to retrieve 510 rules 145 [see Trojanowski ¶ 51, 56, 64, 72]).
Regarding claims 32 and 39, Trojanowski in view of Srinivasan further in view of Wesinger further in view of Soundararajan further in view of Rangegowda teaches all of the limitations of claims 31 and 38, as previously stated, and further teaches wherein the packet is a first packet (Trojanowski: Pkt1, FIG. 6), the particular set of processing rules is a first set of processing rules (Wesinger: C1, FIG. 5), the slice identifier is a first slice identifier (Trojanowski: 318, FIG. 3), and the particular distributed firewall is a first distributed firewall (Trojanowski: 151, FIG. 1B / Wesinger: VH1, FIG. 5 / Soundararajan: 112a, FIG. 2) (Trojanowski ¶ 78, 80 “config_object_pointer 318...to configuration A/first set of processing rules is included”; Trojanowski ¶ 45 “firewall 151”; Wesinger ¶ 76, 79 
receiving a second packet (Trojanowski: Pkt3, FIG, 6), with a second slice identifier (Trojanowski: 318, FIG. 3) appended, from the managed forwarding element (Srinivasan: 630, FIG. 6A) executing on the physical host computer (Srinivasan: 106, FIG. 6A) (Srinivasan ¶ 11, 23, 38 “packet/frame 616 is forwarded to/received by...SVM 112 [] represented by arrow 624...SVM 112 may be configured...as firewall”; note: Pkt3 is received by firewall 125 [see Trojanowski ¶ 78 and FIG. 6]);
matching the second slice identifier with a second set of processing rules (Wesinger: C2, FIG. 5) of the plurality of sets of processing rules enforced by the firewall application (Trojanowski: 151, FIG. 1B / Wesinger: VHN, FIG. 5 / Soundararajan: 112b, FIG. 3A), different from the first set of processing rules, the second set of processing rules corresponding to a second distributed firewall (Wesinger: VH2, FIG. 5 / Soundararajan: 112b, FIG. 3A) of the plurality of distributed firewalls (Wesinger  ¶ 76, 79 “configuration file [] C2/second set of processing rules”; Soundararajan ¶ 18 “a second distributed firewall/Firewall VM 112b”; note: identifier 318 must correspond in order to retrieve 510 Configuration B, which is different from a first firewall Configuration A [see Trojanowski ¶ 72, 78, 80]); and
determining (Trojanowski: 555, FIG. 5) whether to allow the second packet based on the second set of processing rules (Trojanowski ¶ 75, 78 “make a determination 555 as to whether packet 340 needs to be dropped or passed”; Wesinger  ¶ 76, 79 “configuration file [] C2/second set of processing rules”).

At the time that the invention was made, one of ordinary skill in the art would have recognized the ability to utilize the teachings of Wesinger for having a second set of processing rules that correspond to a second firewall.  The teachings of Wesigner, when used within the system of Trojanowski in view of Srinivasan further in view of Wesinger further in view of Soundararajan further in view of Rangegowda’s plurality of sets of processing rules and plurality of distributed firewalls, will make the system more dynamic by enabling each of its second distributed firewall’s configuration(s) to be customized individually from the first distributed firewall’s configuration(s).  Therefore, Examiner concludes that it would have been obvious for one of ordinary skill in the art to arrive at the above-claimed solution.
Regarding claim 33, Trojanowski in view of Srinivasan further in view of Wesinger further in view of Soundararajan further in view of Rangegowda teaches all of the limitations of claim 32, as previously stated, and further teaches: wherein the first  ¶ 50, 56 “linkage and management...provided between a packet arriving at host 120 and firewall configurations”; Trojanowski ¶ 64 “pointer 318…identifies/points to the object 145 that defines how the processing...will treat packet 340”; Trojanowski ¶ 80, 78 “for packet objects 1...pkt1 [] that is configuration A, and for packet object 3 (pkt3) it is configuration B”; Srinivasan ¶ 38 “virtual switch 630/212”).
At the time that the invention was made, one of ordinary skill in the art would have recognized the ability to utilize the teachings of Srinivasan for using a managed forwarding element to manage packets.  The teachings of Srinivasan, when used with the appending feature of the system of Trojanowski in view of Srinivasan further in view of Wesinger further in view of Soundararajan further in view of Rangegowda’s linkage and management functionality, will enable intra-network transmission of slice identifiers by having them appended to packets by the managed forwarding element responsible the transmitting them within its local network.  Therefore, Examiner concludes that it would have been obvious for one of ordinary skill in the art to arrive at the above-claimed solution.
Regarding claims 34 and 40, Trojanowski in view of Srinivasan further in view of Wesinger further in view of Soundararajan further in view of Rangegowda teaches all of the limitations of claims 22 and 36, as previously stated, and further teaches: wherein each set of processing rules (Trojanowski: 145a…n, FIG. 2 / Wesinger: C1,2...N, FIG. 5) of the plurality of sets of processing rules comprises a set of rules for determining 
Regarding claim 37, Trojanowski in view of Srinivasan further in view of Wesinger further in view of Soundararajan further in view of Rangegowda teaches all of the limitations of claim 36, as previously stated, and further teaches: wherein the plurality of sets of processing rules (Trojanowski: 105, FIG. 1A / Wesinger: C1,2...N, FIG. 5) are received by the firewall application from a network (Trojanowski: 115, FIG. 1A) control system (Trojanowski: 110, FIG. 1A / Wesinger: 510, FIG. 5) that also configures (Srinivasan: 404 and 406, FIG. 4) the managed forwarding element (Srinivasan: 108, FIG. 1) (Trojanowski ¶ 41 “configuration 105/145 received from DSM 110”; Srinivasan ¶ 30, 31, 32 “virtual switch 108 may receive a network policy/configuration”; Wesinger ¶ 76 “Each…firewall/VHN has a separate CN/set of processing rules”).
At the time that the invention was made, one of ordinary skill in the art would have recognized the ability to utilize the teachings of Srinivasan for using a configuration control system to configure a managed forwarding element.  The teachings of Srinivasan, when used within the system of Trojanowski in view of Srinivasan further in view of Wesinger further in view of Soundararajan further in view of Rangegowda’s managed forwarding element, will improve the system by enabling its managed forwarding element to be configured remotely.  Therefore, Examiner 
Regarding claim 42, Trojanowski in view of Srinivasan further in view of Wesinger further in view of Soundararajan further in view of Rangegowda teaches all of the limitations of claim 36, as previously stated, and further teaches: wherein when the identified set of processing rules (Trojanowski: 145a…n, FIG. 2) specifies to drop (Trojanowski: 555-550, FIG. 5) the packet (Trojanowski: 340, FIG. 3 / Srinivasan: 616, FIG. 6A), the firewall application does not send the packet back to the managed forwarding element (Srinivasan: 630 FIG. 6A) executing on the physical host computer (Srinivasan: 106, FIG. 6A)  (Trojanowski ¶ 44, 48 “firewall processing…at end of processing…specify if packet is to be dropped”; Srinivasan ¶ 11, 23, 38 “SVM 112 may be configured...as firewall...Once processed by the SVM 112, packet/frame 616 is sent back towards port 612 on virtual switch 630”; note: when Trojanowski’s firewall configuration “drops” a packet, that packet will not be “sent” [see Trojanowski ¶ 75, 39]).
At the time that the invention was made, one of ordinary skill in the art would have recognized the ability to utilize the teachings of Srinivasan for having a firewall send a packet back to a managed forwarding element after the firewall processes the packet.  The teachings of Srinivasan, when used with the system of Trojanowski in view of Srinivasan further in view of Wesinger further in view of Soundararajan further in view of Rangegowda’s processing rules for dropping a packet, will prevent the foregoing feature of Srinivasan’s teachings (i.e., “having a firewall send a packet back to a managed forwarding element after the firewall processes the packet”) from unnecessarily increasing the transmission load of the system’s firewall(s) by having .
Claims 35 and 41 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Trojanowski in view of Srinivasan further in view of Soundararajan further in view of Rangegowda further in view of Jain et al. (US 2003/0131116 A1, hereinafter Jain).
Regarding claims 35 and 41, Trojanowski in view of Srinivasan further in view of Wesinger further in view of Soundararajan further in view of Wesinger further in view of Rangegowda teaches all of the limitations of claims 34 and 40, as previously stated.
However, Trojanowski in view of Srinivasan further in view of Wesinger further in view of Soundararajan further in view of Rangegowda does not explicitly disclose, yet Jain teaches: wherein the information about the packets comprises stateful transport connection information (¶ 23 “information extracted from the packet, which is necessary for stateful inspection firewall”).
At the time that the invention was made, one of ordinary skill in the art would have recognized the ability to utilize the teachings of Jain for having a packet’s information include stateful transport connection information.  The teachings of Jain, when used within the system of Trojanowski in view of Srinivasan further in view of Wesinger further in view of Soundararajan further in view of Rangegowda’s packet, will provide the system with another layer of security and improve security by enabling the system’s firewall to operate with network address translation.  Therefore, Examiner .

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Kalish Bell whose telephone number is (571) 272-5294. The examiner can normally be reached 9am-5pm, M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool.  To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of published or unpublished applications may be obtained from Patent Center.  Unpublished application information in Patent Center is available to registered users.  To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov.  Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format.  For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).  If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/Jeffrey Nickerson/Supervisory Patent Examiner, Art Unit 2432                                                                                                                                                                                                        

/KALISH K BELL/Examiner, Art Unit 2432





    
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
    

    
        1 Retrieved on July 8, 2021 at: “https://en.wikipedia.org/wiki/Distributed_computing”.
        2 Retrieved on July 8, 2021 at: “https://en.wikipedia.org/wiki/Virtual_security_switch”.
        3 Retrieved on July 8, 2021 at: “https://ipwithease.com/difference-between-virtual-router-and-logical-system-in-juniper/”.