Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Information Disclosure Statement
The information disclosure statement (IDS) submitted on December 15, 2021.The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
Allowable Subject Matter
Claim 1-18, 20-21 allowed.
The following is an Examiner’s statement of reasons for allowance:
The independent claim 1 generally describes displaying a web browser on device that is remote from an internal network providing users a selective access to the internal network by sending the user to a login page where two step authentication is used on user inputs of user id and password as well as a QR code for the second factor authentication from an external device such as a mobile device to create a one-time port forwarding rule to set up transmission control protocol (TCP) connection between the first (remote) device to the selected device within the internal network. SYN packets are sent by the first device in order to set up the TCP connection between the devices where the received SYN packets contain connection information as well as receiving response of SYN-ACK packets to set up the TCP connection. After the TCP connection is fully established, the one-time port forwarding is automatically deleted and finally a dynamic one-time port forwarding rule is created for authorizing user’s current IP address after two-factor authentication and enabling authenticated remote access on an internal network.  
Lapidous (US2019052630) et al discloses the following in paragraph [0148 and 0166]:
In the illustrated embodiment, computer 930 contains an authorizer module. A client 910 connects to this computer and submits to an authorization procedure. It may involve, for instance, providing user name and password, using public/private certificate exchange, multi-factor authentication or another authentication procedure known to a person skilled in the art. While being connected to the computer 930, client 910 provides an indication 912 that it wants to connect to the router 950. This indication can be provided, for instance, by issuing a request to a URL pointing to computer 930 but containing a subdomain, path or file name referencing router 950. In another implementation, user of the device 910 may select router 950 from the list provided by the computer 930 after being authorized.

For instance, instead of setting permanent port forwarding, the router 950 may open a specific port only for a pre-defined time, in coordination with the protection service (e.g. authorization server 930) and with additional parameters describing the connecting client 910.

Lapidous however does not, inter alia, disclose:
Effecting display, to the user in the web browser loaded on the first device, of an interface of the network security system portal proving a list of devices available to be connected to, each listed device corresponding to one of the determined one or more available hosts.
Receiving, at the network security device, data corresponding to input by the user at the first device representing a selection of a particular listed available device;
Based on the one-time port forwarding rule, updating one or more destination fields of the received SYN packet to be the IP address and port specified in the respective rule for the available host representing the selected particular device, and forwarding the received SYN packet to the particular device
Updating one or more source fields pf the SYN-ACK packet to specify the IP address of the network security device as the source IP address and the particular port as the source port, and forwarding the SYN-ACK packet to the first device;
Receiving, at the network security device, a response ACK packet sent by the first device representing a third step of a three-step handshake completing set up of the device representing a third step of a three-step handshake completing set up of the TCP connection between the first device and the particular device;

In a similar manner, the prior art of Teo (US20070094491), Turley (US20110219444) and Lancioni (US20190268307) disclose setting up TCP connection, receiving SYN packets sent by the first device as well as receiving a response ACK packet, as well as adding network security devices to a state table and updating the connection information in the state table  but all the listed prior art does not explicitly disclose using an effective display to provide a LIST of available devices that can be connected to, UPDATING destination fields of received SYN packet to be the IP address, UPDATING source fields of SYN-ACK packets to specify IP address of network security device as well as FORWARDING SYN-ACK packets to the first device. 

Independent Claims 20 and 21, while not identical to independent claim 1, recites the same patentable distinction(s) noted above with regards to independent claim 1, and is therefore allowed under the same rationale. 
Dependent Claims (2-18) being dependent on their respective independent claims are therefore allowed under the same rationale.
Any comments considered necessary by Applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled “Comments to Statement of Reasons for Allowance.”
Additionally, the closest prior art has been supplied in the record. 
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to AAYUSH ARYAL whose telephone number is (571)272-2838. The examiner can normally be reached 8:00 a.m. - 5:30 p.m..
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached on (571) 272-3685. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/AAYUSH ARYAL/Examiner, Art Unit 2435
/JOSEPH P HIRL/Supervisory Patent Examiner, Art Unit 2435