DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
Status of Claim
2.	Claims 1-15 are pending.  Claims 1, 6, and 11 are in independent forms.

Priority
3.	No foreign priority has been claimed. 

Information Disclosure Statement
4. 	The information disclosure statements (IDS's) submitted on 05/04/2021 and 06/21/2021 are in compliance with provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.
Drawings
5.	The drawings filed on 11/06/2020 are accepted.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-15 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-4, 6-10, 12-16,  and 18 of U.S. Patent No. 10,833,922.  Although the claims at issue are not identical, they are not patentably distinct from each other because the 10,833,922 patent contains all the limitations of the pending claims, albeit not identical but not patentably distinct and further limitations.

U.S. 10,476,893
1. A method for adding Internet Protocol (IP) 
addresses to a firewall, comprising: 
receiving a network packet that includes an 
external IP address associated with an external 
device, wherein the external device is a device 
not protected by the firewall; 

determining whether the external IP address is 
included in a group of IP addresses that are either 
blocked from receiving data from an internal 
device protected by the firewall or allowed to 
receive data from an internal device protected by 
the firewall; and 

in response to determining that the external IP 
address is not included in the group of IP 
addresses: 
identifying an Internet Service Provider (ISP) 
associated with the external IP address; 

causing a first user interface to be presented to a 
user, wherein the first user interface includes a 

associated with the external IP address; 














adding the external IP address to the 
group of IP addresses; and 

causing a second user interface to be presented 
that indicates a number of network packets that 
have been blocked and that are associated with 
the external IP address. 

determining whether to add the external IP 
address to the group of IP addresses based on 
input received via the first user interface. 
3. The method of claim 2, wherein the first user 
interface indicates the external IP address and 
the ISP associated with the external IP address. 


4. The method of claim 1, further comprising: 
identifying geographic information associated 
with the external IP address; and determining 
whether to add the external IP address to the 
group of IP addresses based on the geographic 
information associated with the external IP 
address. 
5. The method of claim 1, wherein the group of IP 
addresses are blocked from transmitting data to 
the internal device. 

addresses to a firewall, the system comprising: a 
memory; and a hardware processor that is 
coupled to the memory and that is programmed 
to: 
receive a network packet that includes an 
external IP address associated with an external 
device, wherein the external device is a device 
not protected by the firewall; 

determine whether  the external IP address is 
included in a group of IP addresses that are either 
blocked from receiving data from an internal 
device protected by the firewall or allowed to 
receive data from an internal device protected by 
the firewall; and 

in response to determining that the external IP 
address is not included in the group of IP 
addresses: 
identify an Internet Service Provider 
(ISP) associated with the external IP address; 


user, wherein the first user interface includes a 
preview that shows a web page of a domain 
associated with the external IP address; 














add the external IP address to the group of IP 
addresses; and 

cause a second user interface to be 
presented that indicates a number of network 

associated with the external IP address. 
7. The system of claim 6, wherein the hardware 
processor is further programmed to determine 
whether to add the external IP address to the 
group of IP addresses based on input received via 
the first user interface. 

8. The system of claim 7, wherein the first user 
interface indicates the external IP address and 
the ISP associated with the external IP address. 


9. The system of claim 6, wherein the hardware 
processor is further programmed to: identify 
geographic information associated with the 
external IP address; and determine whether to 
add the external IP address to the group of IP 
addresses based on the geographic information 
associated with the external IP address. 

IP addresses are blocked from transmitting data 
to the internal device. 
11. A non-transitory computer-readable medium 
containing computer executable instructions 
that, when executed by a processor, cause the 
processor to perform a method for adding 
Internet Protocol (IP) addresses to a firewall, the 
method comprising: 

receiving a network packet that includes an 
external IP address associated with an external 
device, wherein the external device is a device 
not protected by the firewall; 

determining whether the external IP address is 
included in a group of IP addresses that are either 
blocked from receiving data from an internal 
device protected by the firewall or allowed to 
receive data from an internal device protected by 
the firewall; and 


address is not included in the group of IP 
addresses: 
identifying an Internet Service Provider (ISP) 
associated with the external IP address; 

causing a first user interface to be presented to a 
user, wherein the first user interface includes a 
preview that shows a web page of a domain 
associated with the external IP address; 














addresses; and 

causing a second user interface to be presented 
that indicates a number of network packets that 
have been blocked and that are associated with 
the external IP address. 
12. The non-transitory computer-readable 
medium of claim 11, wherein the method further 
comprises determining whether to add the 
external IP address to the group of IP addresses 
based on input received via the first user 
interface. 
13. The non-transitory computer-readable 
medium of claim 12, wherein the first user 
interface indicates the external IP address and 
the ISP associated with the external IP address. 

14. The non-transitory computer-readable 
medium of claim 11, wherein the method further 

associated with the external IP address; and 
determining whether to add the external IP 
address to the group of IP addresses based on 
the geographic information associated with the 
external IP address. 
15. The non-transitory computer-readable 
medium of claim 11, wherein the group of IP 
addresses are blocked from transmitting data to 
the internal device. 

receiving a network packet that includes an external IP address associated with an external device, wherein the external device is a device not protected by the firewall;

determining whether the external IP address is included in a group of IP addresses maintained by the firewall that are either blocked from receiving data from an internal device protected by the firewall or allowed to receive data from an internal device protected by the firewall;

in response to determining that the external IP address is not included in the group of IP addresses:
identifying an Internet Service Provider (ISP) associated with the external IP address;

causing a user interface to be presented to a user, wherein the user interface includes a 

determining whether to add the external IP address to the group of IP addresses based at least in part on the ISP associated with the external IP address;
in response to determining that the external IP address is to be added to the group of IP addresses:
determining whether the ISP is included in a group of ISPs maintained by the firewall;
in response to determining that the ISP is not included in the group of ISPs maintained by the firewall, adding the ISP to the group of ISPs; and

adding the external IP address to the group of IP addresses; and

causing a user interface to be presented that indicates a number of network packets that have been blocked that are associated with the external IP address.



3.The method of claim 2, further comprising causing the user interface to be presented, wherein the user interface indicates the external IP address and the ISP associated with the external IP address.

4.The method of claim 1, further comprising identifying geographic information associated with the external IP address, wherein determining whether to add the external IP address to the group of IP addresses is based on the geographic information associated with the external IP address.

6.The method of claim 1, wherein the group of IP addresses are blocked from transmitting data to the internal device.


a hardware processor that is programmed to:


receive a network packet that includes an external IP address associated with an external device, wherein the external device is a device not protected by the firewall;

determine whether the external IP address is included in a group of IP addresses maintained by the firewall that are either blocked from receiving data from an internal device protected by the firewall or allowed to receive data from an internal device protected by the firewall;

in response to determining that the external IP address is not included in the group of IP addresses:
identify an Internet Service Provider (ISP) associated with the external IP address;



determine whether to add the external IP address to the group of IP addresses based at least in part on the ISP associated with the external IP address;
in response to determining that the external IP address is to be added to the group of IP addresses:
determine whether the ISP is included in a group of ISPs maintained by the firewall; 
in response to determining that the ISP is not included in the group of ISPs maintained by the firewall, add the ISP to the group of ISPs; and

add the external IP address to the group of IP addresses; and

cause a user interface to be presented that indicates a number of network packets that have 

8.The system of claim 7, wherein determining whether to add the external IP address to the group of IP addresses is based on input received via the user interface.


9.The system of claim 8, wherein the hardware processor is further programmed to cause the user interface to be presented, wherein the user interface indicates the external IP address and the ISP associated with the external IP address.


10.  The system of claim 7, wherein the hardware processor is further programmed to identify geographic information associated with the external IP address, wherein determining whether to add the external IP address to the group of IP addresses is based on the geographic information associated with the external IP address.


13.A non-transitory computer-readable medium containing computer executable instructions that, when executed by a processor, cause the processor to perform a method for adding Internet Protocol (IP) addresses to a firewall, the method comprising:

receiving a network packet that includes an external IP address associated with an external device, wherein the external device is a device not protected by the firewall;

determining whether the external IP address is included in a group of IP addresses maintained by the firewall that are either blocked from receiving data from an internal device protected by the firewall or allowed to receive data from an internal device protected by the firewall;

identifying an Internet Service Provider (ISP) associated with the external IP address;

causing a user interface to be presented to a user, wherein the user interface includes a preview that shows a web page of a domain associated with the external IP address;

determining whether to add the external IP address to the group of IP addresses based at least in part on the ISP associated with the external IP address;
in response to determining that the external IP address is to be added to the group of IP addresses:
determining whether the ISP is included in a group of ISPs maintained by the firewall; 
in response to determining that the ISP is not included in the group of ISPs maintained by the firewall, adding the ISP to the group of ISPs; and


causing a user interface to be presented that indicates a number of network packets that have been blocked that are associated with the external IP address.

14.The non-transitory computer-readable medium of claim 13, wherein determining whether to add the external IP address to the group of IP addresses is based on input received via the user interface.


15.The non-transitory computer-readable medium of claim 14, wherein the method further comprises causing the user interface to be presented, wherein the user interface indicates the external IP address and the ISP associated with the external IP address.
16. The non-transitory computer-readable medium of claim 13, wherein the method further comprises identifying geographic information 


18. The non-transitory computer-readable medium of claim 13, wherein the group of IP addresses are blocked from transmitting data to the internal device.






5. 	Claims 1-15 are rejected under 35 U.S.C. 103 as being unpatentable over Tagore et al. U.S. Patent Application Publication No. 2017/0005979 (hereinafter Tagore) in view of Lapidous et al. U.S. Patent Application Publication No. 2017/0063802 (hereinafter Lapidous) in further view of DeFrancesco et al. U.S. Patent Application Publication No. 2013/0311649 (hereinafter DeFrancesco) in further view of Bejarano Ardila U.S. Patent Application Publication No. 2017/0126740 (hereinafter Bejarano).
Regarding claim 1, Tagore discloses a method for adding Internet Protocol (IP) addresses to firewalls, comprising:
“receiving a network packet that includes an external IP address associated with an external device, wherein the external device is a device not protected by a firewall” (see Tagore par. 0065, network device 220 may receive, from endpoint device 210-1, a first network traffic flow (e.g., shown as "Network Traffic Flow 1"). As shown, the first network traffic flow may be associated with the first private network address (e.g., the IP address and network port of 10.1.1.1:1000) and the first external network address (e.g., an IP address and network port of 73.152.12.13:80));
causing a second user interface to be presented that indicates a number of network packets that have been blocked and that are associated with the external IP address (see Tagore par. 0054, 0064, if the external network address is not identified in the port conservation data structure (block 420--NO), process 400 may include adding, to the port conservation data structure, the private network address and the external network address (block 440). For example, based on assigning the conservation network address to the outbound network traffic flow, network device 220 may add, to the port conservation data structure, the private network address and the external network address of the outbound network traffic flow (e.g., the IP address/network port combination of the private network address, and the IP address/network port combination of the external network address));
Tagore does not explicitly discloses determining whether the external IP address is included in a group of IP addresses maintained by the firewall that are either blocked from receiving data from an internal device protected by the firewall or allowed to receive data from an internal device protected by the firewall; and in response to determining that the external IP address is not included in the group of IP addresses: adding the external IP address to the group of IP addresses.
However, in analogues art, Lapidous discloses determining whether the external IP address is included in a group of IP addresses maintained by the firewall that are either blocked from receiving data from an internal device protected by the firewall or allowed to receive data from an internal device protected by the firewall (see Lapidous pars. 0094-0100, router 210 blocks all outbound connections from the power switch 230, if they are not preceded by the inbound connections from the external IP address used by the outbound connection. In the depicted embodiment, one of the devices 110 sends inbound connection (C4) to the router 210, which is passed to the power switch 230. Router 210 remembers the source IP address of the connection C4 and, after the power switch 230 issues an outbound connection request (C5) to that source IP address, router 210 allows this request to go through, the source IP address of the external device 110 is added to the list of allowed outbound IP addresses only if the inbound request from that address was issued to one or more specific identifiers of the router 210); and in response to determining that the external IP address is not included in the group of IP addresses: adding the external IP address to the group of IP addresses (see Lapidous par. 0009, 0100, if the external address of the at least one outbound connection is not included in the white list, blocking the at least one outbound connection, the source IP address of the external device 110 is added to the list of allowed outbound IP addresses only if the inbound request from that address was issued to one or more specific identifiers of the router 210. For example, the source IP address is added to the list only if the inbound request is issued to a specific port on the router 210, or contains a specific URL pattern).
Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Lapidous into the system of Tagore to include a source IP address of the external device is added to the list of allowed outbound IP addresses only if the inbound request from that address was issued to one or more specific identifiers of the router  (see Lapidous par. 0100).
Tagore in view of Lapidous does not explicitly discloses identifying an Internet Service Provider (ISP) associated with the external IP address.
However, in analogues art, DeFrancesco discloses identifying an Internet Service Provider (ISP) associated with the external IP address (see DeFrancesco par. 0026, evaluate the IP address associated with a client computer request and determine whether the IP address belongs to an ISP (i.e. identifying an Internet Service Provider (ISP) associated with the external IP address) that provides residential internet service); 
Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of DeFrancesco into the system of Tagore and Lapidous in order to determine whether the IP address belongs to an ISP that provides residential 
internet service (see DeFrancesco par. 0026).
Tagore in view of Lapidous in further view of DeFrancesco does not explicitly discloses causing a first user interface to be presented to a user, wherein the first user interface includes a preview of the domain associate with the external IP address. 
However, in analogues art, Bejarano discloses causing a user interface to be presented to a user, wherein the user interface includes a preview of the domain associate with the external IP address (see Bejarano par. Fig. 13, par. 0096, interface generated by security management system 10 by which administrator 12 may view the source or destination details of the threat device, in one aspect of the disclosure. In one example, threat control module 17 of security management system 10 may present a user interface presenting device information including source device details 1301 and destination device details 1302. The user interface may present device details including the device IP, device name, organization name, organization ID, physical address of the device (e.g., street address, city, state/province, postal code, country), registration date, updated date, and a reference link to more information about the device).
Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Bejarano into the system of Tagore Lapidous, and DeFrancesco in order to include a security management system provides a system and interface with which administrator utilizes to view live or near-live threats, quickly assess a filtered representation of filtered threat data associated with a given threat for comprehensive analysis, and to 

Regarding claims 2, 7, and 12, Tagore in view of Lapidous in further view of DeFrancesco in further view of Bejarano discloses the method of claim 1, the system of claim 6, the non-transitory computer-readable medium of claim 11,
Lapidous further discloses discloses wherein determining whether to add the external IP address to the group of IP addresses is based on input received via the user interface (see Lapidous par. 0120).
Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Lapidous into the system of Tagore to include a source IP address of the external device is added to the list of allowed outbound IP addresses only if the inbound request from that address was issued to one or more specific identifiers of the router  (see Lapidous par. 0100).

Regarding claims 3, 8, and 13, Tagore in view of Lapidous in further view of DeFrancesco in further view of Bejarano discloses the method of claim 2, the system of claim 7, the non-transitory computer-readable medium of claim 12,
DeFrancesco further discloses causing the user interface to be presented, wherein the user interface indicates the external IP address and the ISP associated with the external IP address (see DeFrancesco par. 0026).
Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of DeFrancesco into the system of Tagore and Lapidous in order to determine whether the IP address belongs to an ISP that provides residential 
internet service (see DeFrancesco par. 0026).
Regarding claims 4, 9, and 14, Tagore in view of Lapidous in further view of DeFrancesco in further view of Bejarano discloses the method of claim 1, the system of claim 6, the non-transitory computer-readable medium of claim 11, 
Lapidous further discloses identifying geographic information associated with the external IP address, and determining whether to add the external IP address to the group of IP addresses is based on the geographic information associated with the external IP address (see Lapidous par. 0193, 0196).
Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Lapidous into the system of Tagore to include a source IP address of the external device is added to the list of allowed outbound IP addresses only if the inbound request from that address was issued to one or more specific identifiers of the router  (see Lapidous par. 0100).

Regarding claims 5, 10, and 15, Tagore in view of Lapidous in further view of DeFrancesco in further view of Bejarano discloses the method of claim 1, the system of claim 6, the non-transitory computer-readable medium of claim 11,
Lapidous further discloses wherein the group of IP addresses are blocked from transmitting data to the internal device (see Lapidous par. 0094).
Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Lapidous into the system of Tagore to include a source IP address of the external device is added to the list of allowed outbound IP addresses only if the inbound request from that address was issued to one or more specific identifiers of the router  (see Lapidous par. 0100).

Regarding claim 6, Tagore discloses a system for adding Internet Protocol (IP) addresses to a firewall, the system comprising:
“a Memory” (Fig 3, Memory 330) and 
a hardware processor (Fig. 3, Processor 320) that is programmed to:
“receiving a network packet that includes an external IP address associated with an external device, wherein the external device is a device not protected by a firewall” (see Tagore par. 0065, network device 220 may receive, from endpoint device 210-1, a first network traffic flow (e.g., shown as "Network Traffic Flow 1"). As shown, the first network traffic flow may be associated with the first private network address (e.g., the IP address and network port of 10.1.1.1:1000) and the first external network address (e.g., an IP address and network port of 73.152.12.13:80));
cause a second user interface to be presented that indicates a number of network packets that have been blocked and that are associated with the external IP address (see Tagore par. 0054, 0064, if the external network address is not identified in the port conservation data structure (block 420--NO), process 400 may include adding, to the port conservation data structure, the private network address and the external network address (block 440). For example, based on assigning the conservation network address to the outbound network traffic flow, network device 220 may add, to the port conservation data structure, the private network address and the external network address of the outbound network traffic flow (e.g., the IP address/network port combination of the private network address, and the IP address/network port combination of the external network address));
Tagore does not explicitly discloses determine whether the external IP address is included in a group of IP addresses maintained by the firewall that are either blocked from receiving data from an internal device protected by the firewall or allowed to receive data from an internal device protected by the firewall; and in response to determining that the external IP address is not included in the group of IP addresses: adding the external IP address to the group of IP addresses 
(see Lapidous pars. 0094-0100, router 210 blocks all outbound connections from the power switch 230, if they are not preceded by the inbound connections from the external IP address used by the outbound connection. In the depicted embodiment, one of the devices 110 sends inbound connection (C4) to the router 210, which is passed to the power switch 230. Router 210 remembers the source IP address of the connection C4 and, after the power switch 230 issues an outbound connection request (C5) to that source IP address, router 210 allows this request to go through, the source IP address of the external device 110 is added to the list of allowed outbound IP addresses only if the inbound request from that address was issued to one or more specific identifiers of the router 210); and in response to determining that the external IP address is not included in the group of IP addresses: adding the external IP address to the group of IP addresses (see Lapidous par. 0009, 0100, if the external address of the at least one outbound connection is not included in the white list, blocking the at least one outbound connection, the source IP address of the external device 110 is added to the list of allowed outbound IP addresses only if the inbound request from that address was issued to one or more specific identifiers of the router 210. For example, the source IP address is added to the list only if the inbound request is issued to a specific port on the router 210, or contains a specific URL pattern).
Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Lapidous into the system of Tagore to include a source IP address of the external device is added to the list of allowed outbound IP addresses only if the inbound request from that address was issued to one or more specific identifiers of the router  (see Lapidous par. 0100).

However, in analogues art, DeFrancesco discloses identify an Internet Service Provider (ISP) associated with the external IP address (see DeFrancesco par. 0026, evaluate the IP address associated with a client computer request and determine whether the IP address belongs to an ISP (i.e. identifying an Internet Service Provider (ISP) associated with the external IP address) that provides residential internet service).
Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of DeFrancesco into the system of Tagore and Lapidous in order to determine whether the IP address belongs to an ISP that provides residential 
internet service (see DeFrancesco par. 0026).
Tagore in view of lapidous in further view of DeFrancesco does not explicitly discloses cause a user interface to be presented to a user, wherein the user interface includes a preview of the domain associate with the external IP address. 
However, in analogues art, Bejarano discloses cause a first user interface to be presented to a user, wherein the user interface includes a preview of the domain associate with the external IP address (see Bejarano par. Fig. 13, par. 0096, interface generated by security management system 10 by which administrator 12 may view the source or destination details of the threat device, in one aspect of the disclosure. In one example, threat control module 17 of security management system 10 may present a user interface presenting device information including source device details 1301 and destination device details 1302. The user interface may present device details including the device IP, device name, organization name, organization ID, physical address of the device (e.g., street address, city, state/province, postal code, country), registration date, updated date, and a reference link to more information about the device).


Regarding claim 11, Tagore discloses a non-transitory computer-readable medium containing computer executable instructions that, when executed by a processor, cause the processor to perform a method for adding Internet Protocol (IP) addresses to a firewall, the method comprising:
receiving a network packet that includes an external IP address associated with an external device, wherein the external device is a device not protected by a firewall (see Tagore par. 0065, network device 220 may receive, from endpoint device 210-1, a first network traffic flow (e.g., shown as "Network Traffic Flow 1"). As shown, the first network traffic flow may be associated with the first private network address (e.g., the IP address and network port of 10.1.1.1:1000) and the first external network address (e.g., an IP address and network port of 73.152.12.13:80));
causing a second user interface to be presented that indicates a number of network packets that have been blocked and that are associated with the external IP address (see Tagore par. 0054, 0064, if the external network address is not identified in the port conservation data structure (block 420--NO), process 400 may include adding, to the port conservation data structure, the private network address and the external network address (block 440). For example, based on assigning the conservation network address to the outbound network traffic flow, network device 220 may add, to the port conservation data structure, the private network address and the external network address of the outbound network traffic flow (e.g., the IP address/network port combination of the private network address, and the IP address/network port combination of the external network address)).
Tagore does not explicitly discloses determining whether the external IP address is included in a group of IP addresses maintained by the firewall that are either blocked from receiving data from an internal device protected by the firewall or allowed to receive data from an internal device protected by the firewall; and in response to determining that the external IP address is not included in the group of IP addresses: adding the external IP address to the group of IP addresses.
However, in analogues art, Lapidous discloses determining whether the external IP address is included in a group of IP addresses maintained by the firewall that are either blocked from receiving data from an internal device protected by the firewall or allowed to receive data from an internal device protected by the firewall (see Lapidous pars. 0094-0100, router 210 blocks all outbound connections from the power switch 230, if they are not preceded by the inbound connections from the external IP address used by the outbound connection. In the depicted embodiment, one of the devices 110 sends inbound connection (C4) to the router 210, which is passed to the power switch 230. Router 210 remembers the source IP address of the connection C4 and, after the power switch 230 issues an outbound connection request (C5) to that source IP address, router 210 allows this request to go through, the source IP address of the external device 110 is added to the list of allowed outbound IP addresses only if the inbound request from that address was issued to one or more specific identifiers of the router 210); and in response to determining that the external IP address is not included in the group of IP addresses: adding the external IP address to the group of IP addresses (see Lapidous par. 0009, 0100, if the external address of the at least one outbound connection is not included in the white list, blocking the at least one outbound connection, the source IP address of the external device 110 is added to the list of allowed outbound IP addresses only if the inbound request from that address was issued to one or more specific identifiers of the router 210. For example, the source IP address is added to the list only if the inbound request is issued to a specific port on the router 210, or contains a specific URL pattern).
Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Lapidous into the system of Tagore to include a source IP address of the external device is added to the list of allowed outbound IP addresses only if the inbound request from that address was issued to one or more specific identifiers of the router  (see Lapidous par. 0100).
Tagore in view of Lapidous does not explicitly discloses identifying an Internet Service Provider (ISP) associated with the external IP address.
However, in analogues art, DeFrancesco discloses identifying an Internet Service Provider (ISP) associated with the external IP address (see DeFrancesco par. 0026, evaluate the IP address associated with a client computer request and determine whether the IP address belongs to an ISP (i.e. identifying an Internet Service Provider (ISP) associated with the external IP address) that provides residential internet service). 
Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of DeFrancesco into the system of Tagore and Lapidous in order to determine whether the IP address belongs to an ISP that provides residential 
internet service (see DeFrancesco par. 0026).
Tagore in view of Lapidous in further view of DeFrancesco does not explicitly discloses causing a user interface to be presented to a user, wherein the user interface includes a preview of the domain associate with the external IP address. 
However, in analogues art, Bejarano discloses causing a user interface to be presented to a user, wherein the user interface includes a preview of the domain associate with the external IP address (see Bejarano par. Fig. 13, par. 0096, interface generated by security management system 10 by which administrator 12 may view the source or destination details of the threat device, in one aspect of the disclosure. In one example, threat control module 17 of security management system 10 may present a user interface presenting device information including source device details 1301 and destination device details 1302. The user interface may present device details including the device IP, device name, organization name, organization ID, physical address of the device (e.g., street address, city, state/province, postal code, country), registration date, updated date, and a reference link to more information about the device).
Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Bejarano into the system of Tagore, Lapidous, and DeFrancesco in order to include a security management system provides a system and interface with which administrator utilizes to view live or near-live threats, quickly assess a filtered representation of filtered threat data associated with a given threat for comprehensive analysis, and to configure or modify various security policies of security devices  in response to the threat (see Bejarano par. 0034).

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SAMUEL AMBAYE whose telephone number is 571-270-7635.  The examiner can normally be reached on M-F 9:00 AM-6:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at
http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/SAMUEL AMBAYE/Examiner, Art Unit 2433                                                                                                                                                                                                        

/FATOUMATA TRAORE/Primary Examiner, Art Unit 2436