DETAILED ACTION
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-8 are rejected under 35 U.S.C. 103 as being unpatentable over Jagadish et al. (US20160057067A1) in view of Vedula et al. (US20120243410A1).
Regarding claim 1, Jagadish discloses a method for transmitting data over a VPN connection, the method comprising (para [0117] shows the client 102 is on a public network 104 and the server 106 is on a private network 104′, such as a corporate network. The appliance 200 provides a SSL VPN connection 280 between a client 102 and a server 106): 
receiving, at a VPN concentrator [appliance 200 that combines client packets] (Fig 7A), from a VPN user device, an initiation request of a first connection [VLAN 704] from the VPN user device [client 102] to a target [server 106] communicably coupled to the VPN concentrator (para [0015] shows a client to access a server via an appliance; Fig 7A and para [0250] show the client may transmit a transport layer connection request to the appliance device 200 over the first VLAN 704; para [0252] shows the virtual server 275 of the appliance device 200 may combine the regular sized packets into a single jumbo sized packet and transmit the jumbo sized packet to the server), 
wherein the first connection is initialized to have an initial maximum segment size (MSS) [MSS 1460] that the VPN user device accepts (Fig 7A and para [0254] show the appliance device 200 to receive the transport layer connection request 732 (with MSS 1460) from a client);
terminating the first connection [VLAN 704] at the VPN concentrator (Fig 7A and para [0254] show in response to receiving the request to establish a transport layer connection from the client, the appliance device 200 to identify a first MSS 736 for the transport layer connection to be established; para [0248] shows the appliance device 200 can communicate with the client 102 over the first VLAN 704); 
establishing a second connection [VPN connection] between the VPN concentrator and the VPN user device, the second connection being across a VPN tunnel between the VPN concentrator and the VPN user device (para [0104] shows a tunneling protocol to provide a virtual private network between the client and the server; para [0115] shows the appliance 200 establishes a VPN or SSL VPN connection with the remote client 102); 
establishing a third connection [VLAN 706] between the VPN concentrator and the target (para [0248] shows the appliance device 200 can communicate with the server 106 over the second VLAN 706); 
setting a first MSS [MSS 736] for the second connection [VPN connection] and a second MSS [MSS 766] for the third connection [VLAN 706], wherein at least one of the first MSS or the second MSS is different from the initial MSS [MSS 1460], wherein the first MSS is used for transferring data over the second connection, and wherein the second MSS is used for transferring data over the third connection (para [0059] shows the appliance 200 provides a secure virtual private network connection from a first network 104 of the client 102 to the second network 104′ of the server 106, such as an SSL VPN connection; para [0277] shows the client 102 and the device 200 are aware of the MSS value for data packets transmitted between the client and the device 200 such that packets transmitted via the first transport layer connection, e.g. VPN connection, have an MSS value that does not exceed the MSS value 736 included in the response 734; para [0278] shows the appliance device 200 determines that an MSS value is less than the second MSS 766, e.g. over VLAN 706; Fig 7A shows the first MSS 736 or the second MSS 766 is different from the initial MSS 1460);
transmitting, between the VPN concentrator and the VPN user device, first data packets using the first MSS over the second connection (para [0248] shows the appliance device can communicate with the client 102 over the first VLAN 704; para [0115] shows the appliance 200 establishes a VPN or SSL VPN connection with the remote client 102; para [0277] shows the client 102 and the appliance device 200 are aware of the MSS value for data packets transmitted between the client and the device 200 such that packets transmitted via the first transport layer connection, e.g. VPN connection, have an MSS value that does not exceed the MSS value 736, e.g. over the VPN connection); and 
transmitting, between the VPN concentrator and the target, second data packets using the second MSS over the third connection (para [0248] shows the appliance device can communicate with the server 106 over the second VLAN 706; Fig 7A and para [0278] show the appliance device 200 determines the second MSS 766, e.g. over VLAN 706.)

Jagadish fails to teach at least one of the first MSS or the second MSS are set to prevent packet fragmentation that is due to VPN-related encapsulation overhead.
However, Vedula discloses the MSS is set to prevent packet fragmentation that is due to VPN-related encapsulation overhead (para [0006] shows when the IPSec protocol is used, encryption of an IP packet over a VPN tunnel will incur an IPSec overhead; para [0007] shows the overhead information may be useful in setting the Maximum Segment Size (MSS) accordingly to avoid packet fragmentation; para [0027] shows the MSS negotiation takes place during TCP connection establishment to arrive at an MSS which avoids fragmentation and which efficiently uses the underlying transport; para [0057] shows the VPN traffic to be sent on LAN.)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the teaching Jagadish with the teaching of Vedula in order to avoid fragmentation and to efficiently use the underlying transport (Vedula; para [0027]).

Regarding claim 2, Jagadish-Vedula as applied to claim 1 discloses the VPN concentrator calculates an independent round trip time (RTT) for at least one of the second connection, or the third connection (Jagadish; para [0075] shows the monitoring service 198 and/or monitoring agent 197 measures and monitors round-trip time metrics.)

Regarding claim 3, Jagadish-Vedula as applied to claim 1 discloses either or both of the second connection or the third connection is one of a cross-continental connection, a long-distance connection, or is used to send data packets greater than 1500 bytes (Jagadish; para [0042] shows the network environment comprises one or more local machine(s) 102 in communication with remote machine(s).)

	Regarding claim 4, Jagadish-Vedula as applied to claim 1 discloses during a Transport Control Protocol (TCP) session, the VPN user device requests content from a plurality of targets (Jagadish; Fig 1B and para [0042] show client(s) 102) in communication with one or more servers 106 a-106 n; para [0055] shows the appliance 205 provides Transport Control Protocol (TCP) optimizations), and 
wherein the VPN concentrator initiates a corresponding number of third connections to each of the plurality of targets, each of the corresponding number of third connections with the second MSS (Jagadish; para [0053] shows a first WAN and a second WAN may be deployed between the appliance 200 and one or more servers 106; para [0251] shows the virtual server may be configured to determine a server-side MSS value between the device and each server.)

Regarding claim 5, Jagadish-Vedula as applied to claim 1 discloses converting, at the VPN concentrator, the second data packets received from the target to the first data packets for being sent to the VPN user device, the first data packets having the first MSS, and the second data packets having the second MSS (Jagadish; Fig 7A and para [0252] show if the MSS values of the first and second transport layer connections are different, the virtual server 275 may adjust the packet sizes based on the corresponding MSS values. For instance, if a jumbo sized packet is received from the server, the virtual server may split the data in the jumbo sized packet into multiple regular sized packets and transmit the multiple regular sized packets to the client. Conversely, if multiple regular sized packets are received from the client, the virtual server 275 may combine the data in the regular sized packets into a single jumbo sized packet and transmit the jumbo sized packet to the server.)

Regarding claim 6, Jagadish-Vedula as applied to claim 5 discloses the converting comprises adding an encapsulation overhead to each of the second data packets (Jagadish; Fig 7A and para [0252] show the virtual server 275 may combine client packets (MSS 1460) into a single jumbo sized server packet and transmit the jumbo sized server packet (MSS 8960) to the server. Vedula; para [0007] shows since the encapsulation overhead is non-trivial, it is important for each VPN peer to take into account the actual underlying network protocol overhead in its available bandwidth calculations; para [0071] shows data packets contain a header section and a payload section. The header section is required to successfully deliver the packet, but causes a certain amount of network protocol overhead; para [0125] shows the VPN gateway 300 uses the computed overhead to set its path MTU and MSS to match the underlying network.)

Regarding claim 7, Jagadish-Vedula as applied to claim 6 discloses the converting further comprises buffering, queueing, deconstructing and reassembling a second data packet of the second data packets to generate a first data packet of the first data packets (Jagadish; para [0107] shows a buffer for queuing one or more network packets during processing; para [0252] shows if a jumbo sized packet is received from the server, the virtual server may split the data in the jumbo sized packet into multiple regular sized packets and transmit the multiple regular sized packets to the client. Conversely, if multiple regular sized packets are received from the client, the virtual server 275 may combine the data in the regular sized packets into a single jumbo sized packet and transmit the jumbo sized packet to the server.)

Regarding claim 8, Jagadish-Vedula as applied to claim 1 discloses at least maintaining or closing, at the VPN concentrator, the second connection and the third connection (Jagadish; para [0119] shows the appliance 200 closing and maintaining these transport layer connections.)
Claim Rejections - 35 USC § 102
(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 9-20 are rejected under 35 U.S.C. 102(a)(2) as being anticipated Jagadish.
Regarding claim 9, Jagadish discloses an apparatus [appliance 200] for transmitting data over a VPN connection, the apparatus comprising (para [0117] shows the client 102 is on a public network 104 and the server 106 is on a private network 104′, such as a corporate network. The appliance 200 provides a SSL VPN connection 280 between a client 102 and a server 106): 
at least one processor; and a memory coupled to the at least one processor, wherein the at least one processor is configured to execute instructions stored in the memory to (para [0079]): 
receive from a VPN user device an initiation request of a first connection between the VPN user device and a target communicably coupled to the apparatus (para [0117] shows a client 102 requests to establish a connection to a server 106. The appliance 200 provides a SSL VPN connection 280 between the client 102 and the server 106); 
terminate the first connection [VLAN 704] (Fig 7A and para [0248] show the appliance device can communicate with the client 102 over the first VLAN 704);
establish a second connection [VPN connection] between the apparatus and the VPN user device, the second connection being across a VPN tunnel between the apparatus and the VPN user device (para [0104] shows a tunneling protocol to provide a virtual private network between the client and the server; para [0115] shows the appliance 200 establishes a VPN or SSL VPN connection with the remote client 102);
establish a third connection [VLAN 706] between the apparatus and the target (para [0248] shows the appliance device 200 can communicate with the server 106 over the second VLAN 706; para [0248] shows the appliance device can communicate with the client 102 over the first VLAN 704 and communicate with the server 106 over the second VLAN 706);
set a first maximum segment size (MSS) [MSS 736] for the second connection [VPN connection], wherein the first MSS is used for transferring packets over the second connection (para [0059] shows the appliance 200 provides a secure virtual private network connection from a first network 104 of the client 102 to the second network 104′ of the server 106, such as an SSL VPN connection; para [0277] shows the client 102 and the device 200 are aware of the MSS value for data packets transmitted between the client and the device 200 such that packets transmitted via the first transport layer connection, e.g. VPN connection, have an MSS value that does not exceed the MSS value 736); 
set a second MSS [MSS 766] for a third connection [VLAN 706], wherein the second MSS is used for transferring packets over the third connection (para [0278] shows the appliance 200 determines that an MSS value specified by a profile configured for a virtual server of the device is less than the second MSS 766); 
transmit, between the apparatus and the VPN user device, first data packets using the first MSS over the second connection (para [0248] shows the appliance device can communicate with the client 102 over the first VLAN 704; para [0115] shows the appliance 200 establishes a VPN or SSL VPN connection with the remote client 102; para [0277] shows the client 102 and the appliance device 200 are aware of the MSS value for data packets transmitted between the client and the device 200 such that packets transmitted via the first transport layer connection, e.g. VPN connection, have an MSS value that does not exceed the MSS value 736); and 
transmit, between the apparatus and the target, second data packets using the second MSS over the third connection (para [0248] shows the appliance device can communicate with the server 106 over the second VLAN 706; Fig 7A and para [0278] show the appliance device 200 determines the second MSS 766, e.g. over VLAN 706.)

Regarding claim 10, Jagadish as applied to claim 9 discloses the apparatus calculates an independent round trip time (RTT) for at least one of the second connection, or the third connection (Jagadish; para [0075] shows the monitoring service 198 and/or monitoring agent 197 measures and monitors round-trip time metrics.)

	Regarding claim 11, Jagadish as applied to claim 9 discloses either or both of the second connection or the third connection is one of a cross-continental connection, a long-distance connection, or is used to send data packets greater than 1500 bytes (Jagadish; para [0042] shows the network environment comprises one or more local machine(s) 102 in communication with remote machine(s).)

	Regarding claim 12, Jagadish as applied to claim 9 discloses during a Transport Control Protocol (TCP) session, the VPN user device requests content from a plurality of targets (Jagadish; Fig 1B and para [0042] show client(s) 102) in communication with one or more servers 106 a-106 n; para [0055] shows the appliance 205 provides Transport Control Protocol (TCP) optimizations), and 
wherein the apparatus initiates a corresponding number of third connections to each of the plurality of targets. each of the corresponding number of third connections with the second MSS (Jagadish; para [0053] shows a first WAN and a second WAN may be deployed between the appliance 200 and one or more servers 106; para [0251] shows the virtual server may be configured to determine a server-side MSS value between the device and each server.)

Regarding claim 13, Jagadish as applied to claim 9 discloses the at least one processor is further configured to execute instructions to: convert, at the apparatus, the second data packets received from the target to the first data packets for being sent to the VPN user device, the first data packets having the first MSS, and the second data packets having the second MSS (Jagadish; Fig 7A and para [0252] show if the MSS values of the first and second transport layer connections are different, the virtual server 275 may adjust the packet sizes based on the corresponding MSS values. For instance, if a jumbo sized packet is received from the server, the virtual server may split the data in the jumbo sized packet into multiple regular sized packets and transmit the multiple regular sized packets to the client. Conversely, if multiple regular sized packets are received from the client, the virtual server 275 may combine the data in the regular sized packets into a single jumbo sized packet and transmit the jumbo sized packet to the server.)

	Regarding claim 14, Jagadish as applied to claim 13 discloses the instructions to convert comprise instructions to: add an encapsulation overhead to each of the second data packets (Jagadish; para [0244] shows traffic of one protocol is encapsulated within traffic of another protocol, e.g. an encapsulation overhead. Packets are encapsulated and encrypted or compressed.)

Regarding claim 15, Jagadish as applied to claim 13 discloses the instructions to convert further comprise instructions to: buffer, queueing, deconstructing and reassembling a second data packet of the second data packets to generate a first data packet of the first data packets (Jagadish; para [0107] shows a buffer for queuing one or more network packets during processing; para [0252] shows if a jumbo sized packet is received from the server, the virtual server may split the data in the jumbo sized packet into multiple regular sized packets and transmit the multiple regular sized packets to the client. Conversely, if multiple regular sized packets are received from the client, the virtual server 275 may combine the data in the regular sized packets into a single jumbo sized packet and transmit the jumbo sized packet to the server.)

	Regarding claim 16, Jagadish as applied to claim 9 discloses the at least one processor is further configured to execute instructions to: maintain or close, at the apparatus, the second connection and the third connection (Jagadish; para [0119] shows the appliance 200 closing and maintaining these transport layer connections.)

Regarding claim 17, Jagadish discloses a non-transitory computer readable medium comprising executable instructions, which when executed using at least one processor, cause the at least one processor to perform a method for transmitting data over a VPN connection, the method comprising (para [0079, 0117] shows the client 102 is on a public network 104 and the server 106 is on a private network 104′, such as a corporate network. The appliance 200 provides a SSL VPN connection 280 between a client 102 and a server 106): 
receiving, at a VPN concentrator [appliance 200], from a VPN user device, an initiation request of a first connection to a target communicably coupled to the VPN concentrator [appliance 200] (para [0117] shows a client 102 requests to establish a connection to a server 106. The appliance 200 provides a SSL VPN connection 280 between the client 102 and the server 106);
terminating the first connection [VLAN 704] at the VPN concentrator (Fig 7A and para [0248] show the appliance device can communicate with the client 102 over the first VLAN 704);
setting a first maximum segment size (MSS) [MSS 736] for a second connection [VPN connection] between the VPN user device and the VPN concentrator (para [0104] shows a tunneling protocol to provide a virtual private network between the client and the server; para [0115] shows the appliance 200 establishes a VPN or SSL VPN connection with the remote client 102; para [0277] shows the client 102 and the device 200 are aware of the MSS value for data packets transmitted between the client and the device 200 such that packets transmitted via the first transport layer connection, e.g. VPN connection, have an MSS value that does not exceed the MSS value 736); 
setting a second MSS [MSS 766] for a third connection [VLAN 706] between the VPN concentrator and the target (para [0278] shows the appliance 200 determines that an MSS value specified by a profile configured for a virtual server of the device is less than the second MSS 766); 
establishing the second connection across a VPN tunnel between the VPN concentrator and the VPN user device (para [0059] shows the appliance 200 provides a secure virtual private network connection from a first network 104 of the client 102 to the second network 104′ of the server 106, such as an SSL VPN connection); 
establishing the third connection (para [0248] shows the appliance device can communicate with the server 106 over the second VLAN 706); 
transmitting, between the VPN concentrator and the VPN user device, first data packets using the first MSS over the second connection (para [0248] shows the appliance device can communicate with the client 102 over the first VLAN 704; para [0115] shows the appliance 200 establishes a VPN or SSL VPN connection with the remote client 102; para [0277] shows the client 102 and the appliance device 200 are aware of the MSS value for data packets transmitted between the client and the device 200 such that packets transmitted via the first transport layer connection, e.g. VPN connection, have an MSS value that does not exceed the MSS value 736); and 
transmitting, between the VPN concentrator and the target, second data packets over the third connection (para [0248] shows the appliance device can communicate with the server 106 over the second VLAN 706; Fig 7A and para [0278] show the appliance device 200 determines the second MSS 766, e.g. over VLAN 706.)

Claims 18-20 are rejected for the same reasons as claims 10-12 respectively. 
Citation of Relevant Prior Art
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Dillon (US20130322255A1) shows in para [0049] the TCP connections run with a maximum segment size (MSS) that can be efficiently carried by the underlying transport and which avoids packet fragmentation; para [0065] the VPN router 200 uses the computer network protocol overhead to set its path maximum transmission unit (MTU) and its TCP maximum segment size (MSS) to match the underlying network between NOC 160 and remote site 120.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TAN DOAN whose telephone number is (571)270-0162. The examiner can normally be reached Monday - Friday 8am - 5pm ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, William Trost can be reached on 571-272-7872. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/TAN DOAN/Primary Examiner, Art Unit 2442