Prosecution Insights
Last updated: July 17, 2026
Application No. 18/982,334

INTELLIGENT DEPLOYMENT REGION SELECTION AND SCALING OF CLOUD-BASED FIREWALLS

Non-Final OA §103
Filed
Dec 16, 2024
Priority
Oct 04, 2021 — continuation of 12/199,948
Examiner
DOAN, TAN
Art Unit
2445
Tech Center
2400 — Computer Networks
Assignee
Palo Alto Networks Inc.
OA Round
1 (Non-Final)
73%
Grant Probability
Favorable
1-2
OA Rounds
1y 5m
Est. Remaining
97%
With Interview

Examiner Intelligence

Grants 73% — above average
73%
Career Allowance Rate
236 granted / 324 resolved
+14.8% vs TC avg
Strong +24% interview lift
Without
With
+24.2%
Interview Lift
resolved cases with interview
Typical timeline
3y 0m
Avg Prosecution
18 currently pending
Career history
351
Total Applications
across all art units

Statute-Specific Performance

§101
1.1%
-38.9% vs TC avg
§103
87.5%
+47.5% vs TC avg
§102
8.5%
-31.5% vs TC avg
§112
2.7%
-37.3% vs TC avg
Black line = Tech Center average estimate • Based on career data from 324 resolved cases

Office Action

§103
DETAILED ACTION In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Masters et al. (US20170220372A1) in view of Zhu et al. (US20140164619A1). Regarding claim 1, Masters discloses a method comprising ([Abstract] shows a traffic management system (TMS) to deploy component virtual machines (CVM) to the cloud; para [0023] shows each CVM may be configured to perform network firewall operations): obtaining a first usage metric value associated with a first cloud firewall deployed in a first cloud region, wherein the first usage metric indicates usage of the cloud firewall (para [0023] shows each CVM may be configured to perform network firewall operations; para [0024] shows the TMS may deploy one or more CVMs locally and/or to one or more public and/or private clouds. The deployment of the CVMs may be dynamically updated based on monitored usage patterns; para [0099] shows the TMS may be enabled to deploy a CVM to a cloud that is geographically (and/or logically) more appropriate to accomplish a given task), evaluating the first usage metric value based on criteria for scaling cloud firewalls (para [0022] shows the TMS may deploy the CVMs based on anticipated usage patterns, capacity limits, or any other specific criterion; para [0023] shows each CVM may be configured to perform network firewall operations; para [0024] shows the deployment of the CVMs may be dynamically updated based on monitored usage patterns; para [0095] shows the scalability may be based on a number of CVMs employed; para [0104-0105] shows the deployment of one or more CVMs may be dynamically updated based on a workload of each CVM (i.e., the CVMs may be load balanced, overloaded and/or failed)); scaling cloud firewalls up based on determining that the first usage metric value satisfies one of the criteria, wherein scaling cloud firewalls up comprises (para [0099] shows the TMS may be enabled to deploy a CVM (e.g., to scale firewalls up) to a cloud that is geographically more appropriate to accomplish a given task, for example, the CVM may be deployed on a Cloud that is geographically (and/or logically) closer to the servers that are more appropriate to accomplish tasks related to a given customer than another cloud), based on determining that the first usage metric value satisfies a first of the criteria for scaling firewalls up, deploying an additional cloud firewall in at least one of the first cloud region and another of a plurality of cloud regions (para [0099] shows the TMS may be enabled to deploy a CVM (e.g., to scale firewalls up) to a cloud that is geographically more appropriate to accomplish a given task, for example, the CVM may be deployed on a Cloud that is geographically (and/or logically) closer to a given customer than another cloud). Masters shows the deployment of the CVMs (e.g., firewalls) may be dynamically updated based on monitored usage patterns ([Abstract]) but fails to explicitly disclose scaling cloud firewalls down, wherein scaling cloud firewalls down comprises removing the first cloud firewall. However, Zhu discloses scaling cloud firewalls down, wherein scaling cloud firewalls down comprises removing the first cloud firewall ([Abstract] shows firewall virtual machines provides firewalling services for traffic associated with the virtual applications; para [0005] shows the ability to move a virtual machine from one physical site to another; para [0020] shows determining that a decreased number of firewall virtual machines is required by the decreased number of application virtual machines; and shutting down a firewall virtual machine.) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Masters with the teaching of Zhu in order to only using the resources of the physical computer(s) as needed (Zhu; para [0004]). Regarding claim 2, Masters-Zhu discloses the method of claim 1, wherein determining that the first usage metric value satisfies the first criterion comprises determining that the first usage metric value exceeds a threshold (Masters; para [0022] shows the TMS may automatically deploy the CVMs (e.g., firewalls) based on a number of maintained connections; para [0090] shows the TMS may perform load balancing across the plurality of CVMs such that a load of each of the plurality of CVMs is within a given threshold. Zhu; para [0014] shows detecting that a firewall ratio threshold associated with the virtualized application is exceeded by the increased number of application virtual machines). Regarding claim 3, Masters-Zhu discloses the method of claim 2, wherein determining that the first usage metric value satisfies the first criterion comprises determining that the first usage metric value exceeds the threshold (Masters; para [0090] shows the TMS may perform load balancing across the plurality of CVMs such that a load of each of the plurality of CVMs is within a given threshold. Zhu; para [0014] shows detecting that a firewall ratio threshold associated with the virtualized application is exceeded by the increased number of application virtual machines) and is attributable to users with a location corresponding to a second cloud region of the plurality of cloud regions that differs from the first cloud region and that does not have a cloud firewall available, wherein deploying the additional cloud firewall comprises deploying a second cloud firewall in the second cloud region (Masters; para [0093] shows if the anticipated usage for a given task is above a predefined threshold value, then a CVM may be deployed to perform the task; para [0099] shows the TMS may be enabled to deploy a CVM (e.g., to scale firewalls up) to a cloud that is geographically more appropriate to accomplish a given task, for example, the CVM may be deployed on a Cloud that is geographically (and/or logically) closer to a given customer than another cloud. Zhu; [Abstract] shows firewall virtual machines; para [0005] shows the ability to manipulate and move a virtual machine from one physical site to another in order to provide the elasticity to scale up or down in size). Regarding claim 4, Masters-Zhu discloses the method of claim 3, further comprising determining locations of users to which the first usage metric value is attributable based on Internet Protocol (IP) addresses associated with the users (Masters; para [0052] shows information that may be employed to determine a physical location of the device including IP address, or the like.) Regarding claim 5, Masters-Zhu discloses the method of claim 3, further comprising orchestrating connection of the users within the second cloud region to the second cloud firewall (Masters; para [0022] shows the TMS may automatically deploy the CVMs (e.g., firewalls) based on a number of maintained connections; para [0099] shows the TMS may be enabled to deploy a CVM (e.g., to scale firewalls up) to a cloud that is geographically more appropriate to accomplish a given task, for example, the CVM may be deployed on a Cloud that is geographically (and/or logically) closer to a given customer than another cloud. Zhu; [Abstract] shows firewall virtual machines; para [0005] shows the ability to manipulate and move a virtual machine from one physical site to another in order to provide the elasticity to scale up or down in size). Regarding claim 6, Masters-Zhu discloses the method of claim 1, wherein determining that the first usage metric value satisfies the second criterion comprises determining that the first usage metric value is below a threshold (Masters; para [0092] shows CVMs (e.g., firewalls) may be deployed when a resource performance falls below a threshold; para [0093] shows if the anticipated usage for a given task is above a predefined threshold value, then a CVM may be deployed to perform the task). Regarding claim 7, Masters-Zhu discloses the method of claim 6, wherein determining that the first usage metric value satisfies the second criterion comprises determining that the first usage metric value is below the threshold (Masters; para [0099] shows the TMS may be enabled to deploy a CVM (e.g., firewall) to a cloud that is geographically more appropriate to accomplish a given task. For example, the CVM may be deployed on a Cloud that is geographically (and/or logically) closer to a given customer than another cloud) and determining that there is another cloud firewall deployed in another of the plurality of cloud regions (Masters; para [0099] shows a CVM that monitors a server may be deployed on a Cloud that is geographically (and/or logically) closer to the servers than another cloud. Zhu; para [0006] shows many data centers can include firewall services), wherein removing the first cloud firewall from the first cloud region scales cloud firewalls deployed in the first cloud region down to zero (Zhu; para [0005] shows the ability to move a virtual machine from one physical site to another; para [0009] shows determining that a decreased number of firewall virtual machines is required by the decreased number of application virtual machines; and shutting down a firewall virtual machine.) Regarding claim 8, Masters-Zhu discloses the method of claim 7, further comprising reconnecting users of the first cloud firewall to a second cloud firewall in a second cloud region of the plurality of cloud regions, wherein the second cloud region is the closest one of the plurality of cloud regions to the first cloud region that has cloud firewall availability (Master; para [0099] shows the TMS may be enabled to deploy a CVM (e.g., firewall) to a cloud that is geographically more appropriate to accomplish a given task. For example, the CVM may be deployed on a Cloud that is geographically (and/or logically) closer to a given customer than another cloud.) Regarding claim 9, Masters discloses one or more non-transitory machine-readable media having program code stored thereon, the program code comprising instructions to (para [0053]): evaluate a first usage metric value obtained for a cloud firewall deployed in a first cloud region of a plurality of cloud regions based on scaling criteria (para [0022] shows the traffic management system (TMS) may deploy the component virtual machines (CVMs) based on anticipated usage patterns, capacity limits, or any other specific criterion; para [0023] shows each CVM may be configured to perform network firewall operations; para [0024] shows the deployment of the CVMs may be dynamically updated based on monitored usage patterns; para [0095] shows the scalability may be based on a number of CVMs employed; para [0099] shows the TMS may be enabled to deploy a CVM. For example, the CVM may be deployed on a Cloud that is geographically (and/or logically) closer to a given customer than another cloud); based on a determination that the first usage metric value satisfies a first of the scaling criteria, deploy an additional cloud firewall in one of the plurality of cloud regions, wherein the one of the plurality of cloud regions is determined based at least partly on locations of users to which the first usage metric value is attributable, wherein the first scaling criterion is a criterion for scaling firewalls up (para [0099] shows the TMS may be enabled to deploy a CVM (e.g., to scale firewalls up) to a cloud that is geographically more appropriate to accomplish a given task, for example, the CVM may be deployed on a Cloud that is geographically (and/or logically) closer to the servers that are more appropriate to accomplish tasks related to a given customer than another cloud), Masters fails to teach based on a determination that the first usage metric value satisfies a second of the scaling criteria, terminate the cloud firewall in the cloud region, wherein the second scaling criterion is a criterion for scaling firewalls down. However, Zhu discloses based on a determination that the first usage metric value satisfies a second of the scaling criteria, terminate the cloud firewall in the cloud region, wherein the second scaling criterion is a criterion for scaling firewalls down ([Abstract] shows firewall virtual machines provides firewalling services for traffic associated with the virtual applications; para [0005] shows the ability to move a virtual machine from one physical site to another; para [0009] shows determining that a decreased number of firewall virtual machines is required by the decreased number of application virtual machines; and shutting down a firewall virtual machine.) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Masters with the teaching of Zhu in order to only using the resources of the physical computer(s) as needed (Zhu; para [0004]). Regarding the dependent claims 10-13, claims 10-13 are directed to the machine-readable media of independent claim 9. Claims 10-13 require limitations that are similar to those recited in the method claims 2-3 and 6-7 to carry out the method steps. And since the references of Masters and Zhu combined teach the method including limitations required to carry out the method steps, therefore claims 10-13 would have also been obvious in view of the method disclosed in Masters and Zhu combined. Regarding the claims 14-20, claims 14-20 are directed to an apparatus. Claims 14-20 require limitations that are similar to those recited in the method claims 1-3 and 5-8 to carry out the method steps. And since the references of Masters and Zhu combined teach the method including limitations required to carry out the method steps, therefore claims 14-20 would have also been obvious in view of the method disclosed in Masters and Zhu combined. Citation of Relevant Prior Art The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Hu et al. (US20230179638A1) discloses in para [0081] the Firewall Manager 431 may deploy a new Firewall to mitigate the risk. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to TAN DOAN whose telephone number is (571)270-0162. The examiner can normally be reached Monday - Friday 8am - 5pm ET. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Oscar Louie can be reached at (571) 270-1684. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /TAN DOAN/Primary Examiner, Art Unit 2445
Read full office action

Prosecution Timeline

Dec 16, 2024
Application Filed
Jun 03, 2026
Non-Final Rejection mailed — §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12683786
DYNAMIC AND INTELLIGENT TOKEN-BASED RESOURCE EVENT FACILITATION NETWORK
2y 4m to grant Granted Jul 14, 2026
Patent 12670275
CONFIGURATION DATA PROTECTION
2y 4m to grant Granted Jun 30, 2026
Patent 12627574
SYSTEM AND METHOD FOR MANAGING COMPUTING DEVICES
3y 7m to grant Granted May 12, 2026
Patent 12619733
OPTIMIZING ACCURACY OF SECURITY ALERTS BASED ON DATA CLASSIFICATION
3y 10m to grant Granted May 05, 2026
Patent 12621348
NETWORK SECURITY POLICY MANAGEMENT
3y 7m to grant Granted May 05, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

1-2
Expected OA Rounds
73%
Grant Probability
97%
With Interview (+24.2%)
3y 0m (~1y 5m remaining)
Median Time to Grant
Low
PTA Risk
Based on 324 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month