DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 11/15/2021 has been entered.
 
Claim status in the amendment received on 11/15/2021:
Claims 1, 13, and 17 have been amended.
Claims 1-8, 10-15 and 17-19 are pending.

Response to Arguments
Applicant’s arguments have been considered but are moot because the arguments do not apply to any of the references being used in the current rejection.
Priority
Applicant’s claim for the benefit of a prior-filed application under 35 U.S.C. 119(e) or under 35 U.S.C. 120, 121, 365(c), or 386(c) is acknowledged. Applicant has not complied with one or more conditions for receiving the benefit of an earlier filing as follows:
The later-filed application must be an application for a patent for an invention which is also disclosed in the prior application (the parent or original nonprovisional application or provisional application). The disclosure of the invention in the parent application and in the later-filed application must be sufficient to comply with the requirements of 35 U.S.C. 112(a) or the first paragraph of pre-AIA  35 U.S.C. 112, except for the best mode requirement.  See Transco Products, Inc. v. Performance Contracting, Inc., 38 F.3d 551, 32 USPQ2d 1077 (Fed. Cir. 1994)
The disclosure of the prior-filed application, Application No. 16023284, fails to provide adequate support or enablement in the manner provided by 35 U.S.C. 112(a) or pre-AIA  35 U.S.C. 112, first paragraph for claims 1-8, 10-15 and 17-19 of this application.  
The features claimed, for example translating the segmentation rule and simulating the segmentation policy, as recited at least in the independent claims 1, 13 and 17, are not supported by the prior application. 
Accordingly, claims 1-8, 10-15 and 17-19 are not entitled to the benefit of the prior application.
Claim Objections
Claims 2-3, 14 and 18 are objected to because of the following informalities.
As to claims 2-3, 14 and 18, the claims recite the limitation “the network traffic”. However, there are multiple antecedent basis for this limitation in the claim. Appropriate correction is required.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim 1, 4-8, 10, 13, 15, 17 and 19  is/are rejected under 35 U.S.C. 103 as being unpatentable over  Goldschlag et al. (Pub. No.: US 20140130119 A1) in view of Joshi et al. (Pub. No.: US 20160294691 A1) and further in view of Singh et al. (Pub. No.: US 20070157286 A1).
As to claim 1, Goldschlag teaches a method comprising: accessing a segmentation policy (paragraph [0097], “…The policy management points either allocate one or more aspects of the federated policy to one or more policy enforcement points…”); 
determining a segmentation rule based on the segmentation policy (paragraph [0098], i.e. determining a policy element), wherein the segmentation rule is based on a characteristic of an entity determined without the use of an agent (paragraph [0098], “…characteristics, or capabilities of the policy enforcement point(s)…”, no agent is being used); 
determining an enforcement point associated with the segmentation rule, wherein the enforcement point is communicatively coupled to the network (paragraph [0101]);
translating the segmentation rule into a configuration associated with the enforcement point (paragraph [0101]); 
communicating the configuration to the enforcement point (paragraph [0101]).
Goldschlag does not explicitly teach simulating and updating the policy based on comparing network traffic to a simulated network traffic  and monitoring network traffic for policy violation.
However, in the same field of endeavor (computer network management) Joshi teaches simulating the segmentation policy against network traffic of a network to identify a violation of the segmentation policy based on the network traffic (paragraph [0036]), wherein simulating the segmentation policy comprises comparing actual network traffic from operation of the network with simulated network traffic of the network resulting from application of the segmentation policy to the actual network traffic (paragraph [0039]);
updating the segmentation policy, prior to applying the segmentation policy to the network, based on the violation to align the segmentation policy with the actual network traffic (paragraph [0040]).
Based on Goldschlag in view of Joshi, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention, to incorporate simulating and updating the policy based on comparing network traffic to a simulated network traffic (taught by Joshi) with configuring and deploying network policies (taught by Goldschlag) in order to identify and vet out possible unforeseen impacts on various other network traffic as motivated by Joshi (paragraph [0036]).

However, in the same field of endeavor (computer network management) Singh teaches monitoring network traffic for a violation of the segmentation policy resulting from the configuration at the enforcement point (paragraph [0025], i.e. monitoring the test traffic to determine enforcement or lack of enforcement of the policies and paragraph [0004]).
Based on Goldschlag in view of Joshi and further in view of Singh, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention, to incorporate monitoring network traffic for policy violation (taught by Singh) with simulating and updating the policy based on comparing network traffic to a simulated network traffic (taught by Joshi) with configuring and deploying network policies (taught by Goldschlag) in order to identify and vet out possible unforeseen impacts on various other network traffic as motivated by Joshi (paragraph [0036]), and in order to  ensure that the deployed network policies are being implemented in each network device as intended and report any policy violations as motivated by Singh (paragraphs [0005]-[0007]).
As to claim 4, Goldschlag teaches detecting the enforcement point being communicatively coupled to the network (paragraph [0101]).
As to claim 5, Goldschlag teaches wherein the configuration associated with the enforcement point comprises at least one of an access control list (ACL), a firewall command, or rule or a cloud packet filtering ACL (paragraph [0148], teaches at least a rule).
wherein the communicating the configuration to the enforcement point comprises using at least one of an application programming interface (API), command line interface (CLI), or a simple network management protocol (SNMP) interface (paragraph [0101], “…communicating it to the policy enforcement point(s)..”, teaches at least API).
As to claim 7, Goldschlag teaches wherein the enforcement point is at least one of a firewall, a router, a switch, a portion of cloud infrastructure, hypervisor, software-defined networking (SDN) controller, or virtual firewall (paragraph [0168], “…such as a network firewall…”).
As to claim 8, Goldschlag teaches accessing configuration information from the enforcement point (paragraphs [0098], “identification, attributes, characteristics, or capabilities of the policy enforcement point(s)”); translating the configuration information of the enforcement point into a portion of a segmentation policy (paragraph [0101]); and storing the portion of the segmentation policy (paragraph [0101], i.e. at the enforcement point).
As to claim 10, Goldschlag teaches wherein the characteristic of the entity is based on determining at least one of a classification of the entity or an identification of the entity (paragraphs [0098]).
As to claim 13, Goldschlag taches a system comprising: a memory; and a processing device, operatively coupled to the memory (paragraph [0013]), to: access a segmentation policy (paragraph [0097]); determine a segmentation rule based on the segmentation policy (paragraph [0098], i.e. policy element); determine an enforcement point associated with the segmentation rule, wherein the enforcement point is communicatively coupled to a network (paragraph [0101]); translate the segmentation rule into a configuration associated with the enforcement point (paragraph [0101]); communicate the configuration to the enforcement point (paragraph [0101]); access configuration information of the enforcement point (paragraph [0101], i.e. accessing policy requirements); translate the configuration information of the enforcement point into a portion of the segmentation policy (paragraph [0101], i.e. translating the policy requirements to a form usable by the enforcement point); store the portion of the segmentation policy(paragraph [0101], i.e. stored at the enforcement point).
Goldschlag does not explicitly teach simulating and updating the policy based on comparing network traffic to a simulated network traffic  and monitoring network traffic for policy violation.
However, in the same field of endeavor (computer network management) Joshi teaches simulate the segmentation policy against network traffic of a network to identify a violation of the segmentation policy based on the network traffic (paragraph [0036]), wherein simulating the segmentation policy comprises comparing actual network traffic from operation of the network with simulated network traffic of the network resulting from application of the segmentation policy to the actual network traffic (paragraph [0039]);
update the segmentation policy, prior to applying the segmentation policy to the network, based on the violation to align the segmentation policy with the actual network traffic (paragraph [0040]).

Goldschlag in view of Joshi does not explicitly teach monitoring network traffic for policy violation.
However, in the same field of endeavor (computer network management) Singh teaches monitor network traffic for a violation of the segmentation policy resulting from the configuration at the enforcement point (paragraph [0025], i.e. monitoring the test traffic to determine enforcement or lack of enforcement of the policies and paragraph [0004]).
Based on Goldschlag in view of Joshi and further in view of Singh, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention, to incorporate monitoring network traffic for policy violation (taught by Singh) with simulating and updating the policy based on comparing network traffic to a simulated network traffic (taught by Joshi) with configuring and deploying network policies (taught by Goldschlag) in order to identify and vet out possible unforeseen impacts on various other network traffic as motivated by Joshi (paragraph [0036]), and in order to  ensure that the deployed network policies are being implemented in each network device as intended and report any policy violations as motivated by Singh (paragraphs [0005]-[0007]).

As to claim 17, the limitations of claim 17 are substantially similar to claim 13. Please refer to claim 13 above.
As to claim 19, the limitations of claim 19 are substantially similar to claim 15. Please refer to claim 15 above.
Claims 2-3, 12, 14 and 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Goldschlag et al. (Pub. No.: US 20140130119 A1) in view of Joshi et al. (Pub. No.: US 20160294691 A1)  and Singh et al. (Pub. No.: US 20070157286 A1) and further in view of Gopta et al. (Pub. No.: US 20160359673 A1).
As to claim 2, Goldschlag teaches monitoring additional network traffic based on the segmentation policy (paragraph [0201]).
Goldschlag in view of Joshi and further in view of Singh does not explicitly teach determining the policy based on attributes of a network traffic.
However, in the same field of endeavor (network policies) Gopta teaches storing network traffic, wherein the network traffic comprises a plurality of communications between a plurality of devices (fig. 7, 702);
determining respective source and respective destinations of the communications of the network traffic (fig. 7, 704);
determining the segmentation policy based the respective source and respective destinations of the communications (fig. 7, 706).
Based on Goldschlag in view of Joshi and Singh and further in view of Gopta, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention, to incorporate determining the policy based on attributes of a network traffic (taught by Gopta)  with monitoring network traffic for policy violation (taught by Singh) with simulating and updating the policy based on comparing network traffic to a simulated network traffic (taught by Joshi) with configuring and deploying network policies (taught by Goldschlag) in order to identify and vet out possible unforeseen impacts on various other network traffic as motivated by Joshi (paragraph [0036]), and in order to  ensure that the deployed network policies are being implemented in each network device as intended and report any policy violations as motivated by Singh (paragraphs [0005]-[0007]), and in order to provide insight to an analytics engine for recognizing threats to a network, network misconfiguration, or other harmful network traffic, among other possibilities as motivated by Gopta (paragraph [0014]).
As to claim 3, Gopta further teaches determining a baseline of the network traffic over a period of time (paragraph [0032]). The limitations of claim 3 are rejected in view of the analysis of claim 2 above, and the claim is rejected on that basis.
As to claim 12, Goldschlag teaches wherein the plurality of entities comprises at least one of a device, an endpoint, a virtual machine, a service, a serverless service, a container, or a user (paragraphs [0098] and [0101]).

As to claim 18, the limitations of claim 18 are substantially similar to claim 14. Please refer to claim 14 above.
Claim 11 is/are rejected under 35 U.S.C. 103 as being unpatentable over Goldschlag et al. (Pub. No.: US 20140130119 A1) in view of Joshi et al. (Pub. No.: US 20160294691 A1)  and Singh et al. (Pub. No.: US 20070157286 A1)  and further in view of Hugard et al. (Pub. No.: US 20130275574 A1).
As to claim 11, Goldschlag in view of Joshi and further in view of Singh does not explicitly teach determining one or more characteristics of the entity is based on at least a source and a destination of a communication of the entity.
However in the same field of endeavor (device detection system) Hugard teaches determining one or more characteristics of the entity wherein the characteristic of the entity is based on a source and a destination of a communication of the entity (paragraph [0051]).
Based on Goldschlag in view of Joshi and Singh and further in view of Hugard, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention, to incorporate determining one or more characteristics of the entity  based on at least a source and a destination of a communication of the entity (taught by Hugard) with monitoring network traffic for policy violation (taught by Singh) with simulating and updating the policy based on comparing network traffic to a simulated network traffic (taught by Joshi) with configuring and deploying network policies (taught by Goldschlag) in order to identify and vet out possible unforeseen impacts on various other network traffic as motivated by Joshi .

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.  
The following references teaches simulating network policy to determine impact of the network policy on other network traffic:
Gupta et al. (Pub. No.: US 20160359912 A1). Please see at least paragraphs [0044] and [0072].
Overby, JR. (Pub. No.: US 20100050229 A1). Please see at least abstract.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ABDULKADER M ALRIYASHI whose telephone number is (313)446-6551. The examiner can normally be reached Monday - Friday, 8AM - 5PM Alt, Friday, EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/Abdulkader M Alriyashi/Primary Examiner, Art Unit 2447                                                                                                                                                                                                        11/20/2021