Fortinet Patent Applications

UTM INTEGRATED HYPERVISOR FOR VIRTUAL MACHINES

Granted: December 29, 2016
Application Number: 20160378529
Systems and methods for integrating firewall and Unified Threat Management (UTM) features directly within a hypervisor are provided. According to one embodiment, a system is provided that includes multiple virtual machines (VMs) and an integrated hypervisor that manages the VMs. The integrated hypervisor has integrated therein a unified threat management (UTM) layer. In operation, the integrated hypervisor intercepts network traffic directed to or originated by the VMs and provides…

EMULATOR-BASED MALWARE LEARNING AND DETECTION

Granted: December 29, 2016
Application Number: 20160381042
Methods and systems are described for malware learning and detection. According to one embodiment, an antivirus (AV) engine includes a training mode for internal lab use, for example, and a detection mode for use in commercial deployments. In training mode, an original set of suspicious patterns is generated by scanning malware samples. A set of clean patterns is generated by scanning clean samples. A revised set of suspicious patterns is created by removing the clean patterns from the…

PROTOCOL BASED DETECTION OF SUSPICIOUS NETWORK TRAFFIC

Granted: December 29, 2016
Application Number: 20160381070
Embodiments of the present invention relate to identification of suspicious network traffic indicative of a Botnet and/or an Advanced Persistent Threat (APT) based on network protocol of such traffic. According to one embodiment, a traffic file is received at a network security device that is protecting a private network. The traffic file contains therein network traffic associated with the private network that has been captured and stored. The received traffic file is processed by the…

FLOW MANAGEMENT IN A LINK AGGREGATION GROUP SYSTEM

Granted: December 22, 2016
Application Number: 20160373294
Systems and methods for an end-to-end bidirectional symmetric data flow mapping in a LAG system are provided. According to one embodiment, a forward flow from a first end of the LAG system is received by a second end. The forward flow is from a first device connected to the first end and directed to a second device connected to the second end. The forward flow is transmitted by the second end to the second device. A corresponding backward flow is received by the second end that is from…

MANAGEMENT OF CERTIFICATE AUTHORITY (CA) CERTIFICATES

Granted: December 22, 2016
Application Number: 20160373434
Systems and methods for automatically installing CA certificates received from a network security appliance by a client security manager to make the CA certificate become a trusted CA certificate to a client machine are provided. In one embodiment, a client security manager establishes a connection with a network security appliance through a network, wherein the client security manager is configured for managing security of a client at the client side and the network security appliance…

HUMAN USER VERIFICATION OF HIGH-RISK NETWORK ACCESS

Granted: December 22, 2016
Application Number: 20160373471
Systems and methods for performing a human user test when a high-risk network access is captured by an intermediary security device are provided. According to one embodiment, a high-risk network access initiated by a device is identified by an intermediary security device. A human user test message is sent by the intermediary security device to a human user of the device to verify that the high-risk network access was initiated by or is otherwise authorized by the human user. A response…

AUTOMATICALLY DEPLOYED WIRELESS NETWORK

Granted: December 22, 2016
Application Number: 20160373942
Systems and methods are described for an automatically deployed wireless network. According to one embodiment, an access point controller (AC) determines the existence of a network anomaly at a position of a wireless network that is managed by the AC. Responsive thereto, the AC causes an unmanned vehicle that carries a movable access point (AP) to carry the movable AP to the position or proximate thereto and causes the movable AP to provide wireless network service to an area…

AUTOMATICALLY DEPLOYED WIRELESS NETWORK

Granted: December 22, 2016
Application Number: 20160373963
Systems and methods for an automatically deployed wireless network are provided. According to one embodiment, an access point controller (AC) determines the existence of a network anomaly at a position of a wireless network that is managed by the AC. Responsive thereto, the AC causes an unmanned vehicle that carries a movable access point (AP) to carry the movable AP to the position or proximate thereto and causes the movable AP to provide wireless network service to an area encompassing…

CLOUD BASED LOGGING SERVICE

Granted: December 15, 2016
Application Number: 20160366101
Methods and systems are provided for facilitating access to a cloud-based logging service. According to one embodiment, access to a cloud-based logging service is integrated within a network security appliance by automatically configuring access settings for the logging service and creating an account for the security appliance with the logging service. A log is created within the logging service by making use of the automatically configured access settings and the account. A request is…

NETWORK ADVERTISING SYSTEM

Granted: December 15, 2016
Application Number: 20160366238
Systems and methods for transmitting content to a client via a communication network are provided. An insertion server, running within a firewall device associated with a private IP network, detects establishment of a transport communication protocol connection between a client associated with the network and a destination located external to the network by examining packets as they pass through the network and pass by the insertion server. A content request of an application protocol…

LOAD BALANCING AMONG A CLUSTER OF FIREWALL SECURITY DEVICES

Granted: December 8, 2016
Application Number: 20160359806
A method for balancing load among firewall security devices (FSDs) is provided. According to one embodiment, imminent shutdown of a first cluster unit of an HA cluster of FSDs is gracefully handled by a switching device. A load balancing (LB) table, forming associations between hash values output by the LB function and corresponding ports of the switching device to which the cluster units are coupled, is maintained. The first cluster unit is coupled to a first port. Responsive to…

LOAD BALANCING AMONG A CLUSTER OF FIREWALL SECURITY DEVICES

Granted: December 8, 2016
Application Number: 20160359808
A method for balancing load among firewall security devices (FSDs) is provided. According to one embodiment, a switching device performs adaptive load balancing among cluster units of an HA cluster of firewall security devices. A load balancing (LB) function implemented by the switching device is configured based on information received from a network administrator. A LB table is maintained that forms associations between hash values output by the LB function and corresponding ports of…

VIRTUAL MEMORY PROTOCOL SEGMENTATION OFFLOADING

Granted: December 1, 2016
Application Number: 20160352652
Methods and systems for a more efficient transmission of network traffic are provided. According to one embodiment, presence of outbound payload data, distributed across a first and second payload buffer, within a user memory space of a network device that has been generated by a user process is determined by a bus/memory interface or a network interface unit. The payload data is fetched by performing direct virtual memory addressing of the user memory space including mapping virtual…

MANAGING TRANSMISSION AND STORAGE OF SENSITIVE DATA

Granted: December 1, 2016
Application Number: 20160352719
Systems and methods for injecting sensitive data into outgoing traffic on behalf of a user of a private network are provided. According to one embodiment, a network security appliance maintains a database of sensitive data. Secure submission of sensitive data of a user is facilitated by the security appliance in connection with interactions between a client and a server by: (i) intercepting outgoing traffic from the client to the server; (ii) determining whether the outgoing traffic…

CONTENT PRESENTATION BASED ON ACCESS POINT LOCATION

Granted: November 24, 2016
Application Number: 20160343029
Methods and systems for AP location based content presentation are provided. According to one embodiment, a web service receives from a widget executing within a web page requested by a wireless computing device of multiple wireless computing devices operating within an enterprise, a unique identifier of the wireless computing device. An access point (AP) identifier is determined for an AP of multiple APs of the enterprise that is servicing the wireless computing device by querying a log…

INHERITANCE BASED NETWORK MANAGEMENT

Granted: November 24, 2016
Application Number: 20160344588
Systems and methods for normalization of physical interfaces having different physical attributes are provided. According to one embodiment, information regarding multiple network devices is presented to a network manager. The network devices have one or more different physical attributes. Two physical attributes of two network devices that are to be normalized and that are among the one or more different physical attributes are identified. The physical attributes are normalized by…

FIREWALL POLICY MANAGEMENT

Granted: November 24, 2016
Application Number: 20160344696
Methods and systems are provided for creation and implementation of firewall policies. According to one embodiment, a firewall maintains a log of observed network traffic flows. An administrator may request the firewall to generate a customized report based on the logged network traffic by extracting information from the log based on specified report parameters. The report includes aggregated network traffic items and one or more corresponding action objects. Responsive to receipt of a…

DATA LEAK PROTECTION IN UPPER LAYER PROTOCOLS

Granted: November 24, 2016
Application Number: 20160344698
Methods and systems for Data Leak Prevention (DLP) in a private network are provided. According to one embodiment, a packet is received by a network security device. An upper layer protocol associated with the packet is identified. It is determined whether the identified upper layer protocol is one of multiple candidate upper layer protocols having a potential to carry sensitive information with reference to a database identifying the candidate upper layer protocols, corresponding…

ACCESS POINT STREAM AND VIDEO SURVEILLANCE STREAM BASED OBJECT LOCATION DETECTION AND ACTIVITY ANALYSIS

Granted: November 17, 2016
Application Number: 20160335484
Methods and systems for co-relating location and identity data available from Access Points (APs) and video surveillance systems are provided. According to one embodiment, data, including a unique identifier of an object and information regarding a first geo-position of the object, is received from an AP of a wireless network of a venue. A video feed captured by a camera system monitoring a portion of the venue and/or information regarding a second geo-position corresponding to the…

FILTERING HIDDEN DATA EMBEDDED IN MEDIA FILES

Granted: November 17, 2016
Application Number: 20160337316
Systems and methods for filtering unsafe content at a network security appliance are provided. According to one embodiment, a network security appliance captures network traffic and extracts a media file from the network traffic. The network security appliance then determines the presence of a hidden data item embedded in the media file in a machine-readable form. When such a hidden data item is identified, the network security appliance performs one or more actions on the media file…