Fortinet Patent Grants

Identifying nodes in a ring network

Granted: March 21, 2017
Patent Number: 9602303
Methods and systems for determining a token master on a ring network are provided in which possession of an arbitration token permits a blade participating in the ring network to transmit a packet. According to one embodiment, when an event at a blade represents expiration of a timeout period for receipt of the token, a new token is transmitted onto the ring network. When the event represents receipt of the token, then the priority of the originating blade is compared that of the first…

Inline inspection of security protocols

Granted: March 21, 2017
Patent Number: 9602498
Systems and methods for inline security protocol inspection are provided. According to one embodiment, a security device receives an encrypted raw packet from a first network appliance and buffers the encrypted raw packet in a buffer. An inspection module accesses the encrypted raw packet from the buffer, decrypts the encrypted raw packet to produce a plain text and scans the plain text by the inspection module.

Security threat detection

Granted: March 21, 2017
Patent Number: 9602527
Systems and methods for retrospective scanning of network traffic logs for missed threats using updated scan engines are provided. According to an embodiment, a network security device maintains a network traffic log that includes information associated with network activities observed within a private network. Responsive to an event, the network traffic log is retrospectively scanned in an attempt to identify a threat that was missed by a previous signature-based scan or a previous…

System and method for software defined behavioral DDoS attack mitigation

Granted: March 21, 2017
Patent Number: 9602535
Systems and methods for software defined behavioral DDoS attack mitigation are provided. According to one embodiment, a method is provided for controlling multiple distributed denial of service (DDoS) mitigation appliances. A DDoS attack mitigation central controller configures attack mitigation policies for the DDoS attack mitigation appliances. The DDoS attack mitigation policies are sent to the DDoS attack mitigation appliances through a network connecting the DDoS attack mitigation…

Policy-based selection of remediation

Granted: March 21, 2017
Patent Number: 9602550
Methods and systems for remediating a security policy violation on a computer system are provided. According to one embodiment, information regarding a program-code-based operational state of a host asset is collected by a light weight sensor (LWS) running on the host asset via a survey tool. The information is transmitted by the LWS to a remote server via an external network. Multiple security policies are enforced by the remote server with respect to the host asset based on the…

Network advertising system

Granted: March 7, 2017
Patent Number: 9589284
Systems and methods for transmitting content to a client via a communication network are provided. According to one embodiment, an insertion server running within a firewall device of a network observes a content request of an application protocol by monitoring or proxying transport communication protocol connections established through the firewall device. The content request is (i) originated by a client device coupled to the network, (ii) directed to a destination device coupled to…

Facilitating content accessibility via different communication formats

Granted: February 28, 2017
Patent Number: 9584472
Facilitating content accessibility via different communication formats is disclosed. In some embodiments, in response to receiving a content request from an IPv6 enabled client, the requested content is provided to the IPv6 enabled client in IPv6 format, wherein the requested content is originally obtained in IPv4 format from an IPv4 enabled server and translated into IPv6 format.

Facilitating content accessibility via different communication formats

Granted: February 28, 2017
Patent Number: 9584473
Methods and systems for facilitating content accessibility via different communication formats are provided. According to one embodiment, a method is provided for directing content requests to an appropriate content delivery network. A content request is received from a client. The content request relates to web page content published by a content publisher in an Internet Protocol version 4 (IPv4) format or an Internet Protocol version 6 (IPv6) format that is obtained by the content…

Examining and controlling IPv6 extension headers

Granted: February 28, 2017
Patent Number: 9584478
Methods and systems for selectively blocking, allowing and/or reformatting IPv6 headers by traversing devices are provided. According to one embodiment, reputation information regarding observed senders of Internet Protocol (IP) version 6 (IPv6) packets and packet fragments is maintained by a traversing device based on conformity or nonconformity of extension headers contained within the IPv6 packets with respect to a set of security checks performed by the traversing device. When an…

Presentation of threat history associated with network activity

Granted: February 28, 2017
Patent Number: 9584536
Methods and systems for extracting, processing, displaying, and analyzing events that are associated with one or more threats are provided. According to one embodiment, threat information, including information from one or more of firewall logs and historical threat logs, is maintained in a database. Information regarding threat filtering parameters, including one or more of types of threats to be extracted from the database, parameters of the threats, network-level details of the…

Managing transmission and storage of sensitive data

Granted: February 28, 2017
Patent Number: 9584587
Systems and methods for injecting sensitive data into outgoing traffic that is to be sent to a remote server from a client by a network security appliance logically interposed between the server and the client are provided. According to one embodiment, the method includes intercepting, by a network security appliance, outgoing traffic from the client to the server. The network security appliance identifies a submission command within the outgoing traffic that is used for submitting…

Direct cache access for network input/output devices

Granted: February 28, 2017
Patent Number: 9584621
Methods and systems for improving efficiency of direct cache access (DCA) are provided. According to one embodiment, a set of DCA control settings are defined by a network I/O device of a network security device for each of multiple I/O device queues based on network security functionality performed by corresponding CPUs of a host processor. The control settings specify portions of network packets that are to be copied to a cache of the corresponding CPU. A packet is received by the…

Method and system for dedicating processors for desired tasks

Granted: January 3, 2017
Patent Number: 9535760
Improving the performance of multitasking processors are provided. For example, a subset of M processors within a system with N processors is dedicated for a desired task. The M (where M>0) of the N processors are dedicate to a task, thus, leaving N?M (N minus M) processors for running normal operating system (OS). The processors dedicated to the task may have their interrupt mechanism disabled to avoid interrupt handler switching overhead. Therefore, these processors run in an…

Secure cloud storage distribution and aggregation

Granted: January 3, 2017
Patent Number: 9536103
Methods and systems for vendor independent and secure cloud storage distribution and aggregation are provided. According to one embodiment, an application programming interface (API) is provided by a cloud storage gateway device logically interposed between third-party cloud storage platforms and users of an enterprise. The API facilitates storing of files, issuing of search requests against the files and retrieval of content of the files. A file storage policy is assigned to each user,…

Facilitating content accessibility via different communication formats

Granted: January 3, 2017
Patent Number: 9537820
Methods and systems for facilitating content accessibility via different communication formats are provided. According to one embodiment, a method is provided for directing content requests to an appropriate server. Information indicative of one or more communication formats via which a client device is capable of communication is caused to be stored on a client device by (i) sending to the client device a web page having embedded therein one or more of IPv4 and IPv6 test content; and…

Systems and methods for passing network traffic content

Granted: January 3, 2017
Patent Number: 9537826
A method for transmitting content data includes receiving content data, and passing at least a portion of the content data based on a size of the received content data. A method for transmitting content data includes receiving content data, and passing at least a portion of the content data based on a prescribed rate. A method for transmitting content data includes receiving content data, and passing at least a portion of the content data before performing policy enforcement on the…

Systems and methods for categorizing network traffic content

Granted: January 3, 2017
Patent Number: 9537871
A method for categorizing network traffic content includes determining a first characterization of the network traffic content determining a first probability of accuracy associated with the first characterization, and categorizing the network traffic content based at least in part on the first characterization and the first probability of accuracy. A method for use in a process to categorize network traffic content includes obtaining a plurality of data, each of the plurality of data…

Directed station roaming in cloud managed Wi-Fi network

Granted: January 3, 2017
Patent Number: 9538446
Directing station roaming in a cloud-managed Wi-Fi network. Management messages are received from a controller that is located remotely from the Wi-Fi communication network by an access point. When an RSSI (received signal strength indication) value between the station and the access point falls below a threshold, the access point (i.e., controller access point) determines which neighboring access point would be a best fit for a hand-off, with limited real-time input form the cloud-based…

Steering connection requests for an access point to a best-serving access point

Granted: January 3, 2017
Patent Number: 9538460
Network devices are steered to preferred access points using a probability function. A probe request for connection is received from a network device. The probe request can be from a network device attempting to use a wireless network (e.g., a IEEE 802.11-type network or other suitable type of network). A probability function that defines a likelihood of granting the network device a connection is used to determine whether to accept or deny the response. The probe response is then sent…

Power saving in Wi-Fi devices utilizing bluetooth

Granted: January 3, 2017
Patent Number: 9538468
The present description provides methods, computer program products, and systems for saving power in Wi-Fi devices utilizing Bluetooth. A Wi-Fi radio transitions to deep sleep mode from active mode while a Bluetooth radio remains active. An active Wi-Fi connection to the access point can be maintained by the station while in deep sleep mode as needed to prevent being disassociated. Responsive to the indication of data packets waiting at the access point, sent over the Bluetooth radio,…