Fortinet Patent Grants

Method and system for dedicating processors for desired tasks

Granted: January 3, 2017
Patent Number: 9535760
Improving the performance of multitasking processors are provided. For example, a subset of M processors within a system with N processors is dedicated for a desired task. The M (where M>0) of the N processors are dedicate to a task, thus, leaving N?M (N minus M) processors for running normal operating system (OS). The processors dedicated to the task may have their interrupt mechanism disabled to avoid interrupt handler switching overhead. Therefore, these processors run in an…

Secure cloud storage distribution and aggregation

Granted: January 3, 2017
Patent Number: 9536103
Methods and systems for vendor independent and secure cloud storage distribution and aggregation are provided. According to one embodiment, an application programming interface (API) is provided by a cloud storage gateway device logically interposed between third-party cloud storage platforms and users of an enterprise. The API facilitates storing of files, issuing of search requests against the files and retrieval of content of the files. A file storage policy is assigned to each user,…

Facilitating content accessibility via different communication formats

Granted: January 3, 2017
Patent Number: 9537820
Methods and systems for facilitating content accessibility via different communication formats are provided. According to one embodiment, a method is provided for directing content requests to an appropriate server. Information indicative of one or more communication formats via which a client device is capable of communication is caused to be stored on a client device by (i) sending to the client device a web page having embedded therein one or more of IPv4 and IPv6 test content; and…

Systems and methods for passing network traffic content

Granted: January 3, 2017
Patent Number: 9537826
A method for transmitting content data includes receiving content data, and passing at least a portion of the content data based on a size of the received content data. A method for transmitting content data includes receiving content data, and passing at least a portion of the content data based on a prescribed rate. A method for transmitting content data includes receiving content data, and passing at least a portion of the content data before performing policy enforcement on the…

Systems and methods for categorizing network traffic content

Granted: January 3, 2017
Patent Number: 9537871
A method for categorizing network traffic content includes determining a first characterization of the network traffic content determining a first probability of accuracy associated with the first characterization, and categorizing the network traffic content based at least in part on the first characterization and the first probability of accuracy. A method for use in a process to categorize network traffic content includes obtaining a plurality of data, each of the plurality of data…

Directed station roaming in cloud managed Wi-Fi network

Granted: January 3, 2017
Patent Number: 9538446
Directing station roaming in a cloud-managed Wi-Fi network. Management messages are received from a controller that is located remotely from the Wi-Fi communication network by an access point. When an RSSI (received signal strength indication) value between the station and the access point falls below a threshold, the access point (i.e., controller access point) determines which neighboring access point would be a best fit for a hand-off, with limited real-time input form the cloud-based…

Steering connection requests for an access point to a best-serving access point

Granted: January 3, 2017
Patent Number: 9538460
Network devices are steered to preferred access points using a probability function. A probe request for connection is received from a network device. The probe request can be from a network device attempting to use a wireless network (e.g., a IEEE 802.11-type network or other suitable type of network). A probability function that defines a likelihood of granting the network device a connection is used to determine whether to accept or deny the response. The probe response is then sent…

Power saving in Wi-Fi devices utilizing bluetooth

Granted: January 3, 2017
Patent Number: 9538468
The present description provides methods, computer program products, and systems for saving power in Wi-Fi devices utilizing Bluetooth. A Wi-Fi radio transitions to deep sleep mode from active mode while a Bluetooth radio remains active. An active Wi-Fi connection to the access point can be maintained by the station while in deep sleep mode as needed to prevent being disassociated. Responsive to the indication of data packets waiting at the access point, sent over the Bluetooth radio,…

Securing email communications

Granted: December 13, 2016
Patent Number: 9521114
Methods and systems are provided for securing email communications. According to one embodiment, a network device receives an outbound email originated by a computing device of an internal network and directed to a target recipient. It is determined whether a domain name of the target recipient is present in a global doppelganger database. When the domain name is determined to be present in the global doppelganger database, transmission of the outbound email to the target recipient is…

Cloud based logging service

Granted: December 13, 2016
Patent Number: 9521159
Methods and systems are provided for facilitating access to a cloud-based logging service. According to one embodiment, access to a cloud-based logging service is integrated within a network security appliance by automatically configuring access settings for the logging service and creating an account for the security appliance with the logging service. A log is created within the logging service by making use of the automatically configured access settings and the account. A request is…

Inheritance based network management

Granted: December 6, 2016
Patent Number: 9516034
Systems and methods for normalization of physical interfaces having different physical attributes are provided. According to one embodiment, information regarding multiple network devices is presented to a network manager. The network devices have substantially identical function. Two physical interfaces of two network devices that are to be normalized are identified. The physical interfaces are normalized by creating a virtual interface (VI) to which both correspond. A policy applicable…

Heterogeneous media packet bridging

Granted: November 29, 2016
Patent Number: 9509638
Methods and systems for bridging network packets transmitted over heterogeneous media channels are provided. According to one embodiment, a network switching/routing blade server comprises network modules, including a first and second set operable to receive packets having a first and second framing media format, respectively. A single bridging domain is provided by a shared bridging application. A memory stores data structures for translating between the first and second framing media…

Security information and event management

Granted: November 22, 2016
Patent Number: 9503421
Systems and methods are described for conducting work flows by an SIEM device to carry out a complex task automatically. According to one embodiment, an SIEM device may create a work flow that includes multiple security tasks that are performed by one or more security devices. When a security event is captured or the work flow is scheduled to be executed, the SIEM device starts the work flow by scheduling the security tasks defined in the work flow. The SIEM device then collects results…

Network policy assignment based on user reputation score

Granted: November 22, 2016
Patent Number: 9503477
A network controller device, systems, and methods thereof are described herein for enabling a mechanism of assigning network policies to one or more users based on their respective client reputation (CR) scores. CR scores indicate a measure of the level and kind of network activity that an internal resource does with external resources. Based on the evaluation of the CR score for a given user, system of the present invention can be configured to implement an appropriate policy on the…

Secure cloud storage distribution and aggregation

Granted: November 15, 2016
Patent Number: 9495556
Methods and systems for secure cloud storage are provided. According to one embodiment, a trusted gateway device establishes and maintains multiple cryptographic keys. A request is received by the gateway from a user of an enterprise network to store a file. The file is partitioned into chunks. A directory is created within a cloud storage service having a name attribute based on an encrypted version of a name of the file. For each chunk: (i) a cryptographic key is selected; (ii)…

Interface groups for rule-based network security

Granted: November 15, 2016
Patent Number: 9497162
Systems and methods for designating interfaces of a network security appliance as source/destination interfaces in connection with defining a security rule are provided. According to one embodiment, a security rule configuration interface is displayed through which a network administrator can specify parameters of security rules to be applied to traffic attempting to traverse the network security appliance. Information defining a traffic flow to be controlled by a security rule is…

Firewall interface configuration to enable bi-directional VoIP traversal communications

Granted: November 15, 2016
Patent Number: 9497166
Methods and systems for an intelligent network protection gateway (NPG) and network architecture are provided. According to one embodiment, a firewall provides network-layer protection to internal hosts against unauthorized access by hosts of an external network by performing network address translation (NAT) processing of Internet Protocol (IP) addresses. The firewall also provides application-layer protection on behalf of the internal hosts and supports Voice over IP (VoIP) services by…

Data leak protection

Granted: November 15, 2016
Patent Number: 9497192
Methods and systems for Data Leak Prevention (DLP) in an enterprise network are provided. According to one embodiment, a data leak protection method is provided. Information regarding a watermark filtering rule is received by a network security device. The information includes a sensitivity level and an action to be applied to files observed by the network security device that match the watermark filtering rule. A file attempted to be passed through the network security device is…

Detecting malicious resources in a network based upon active client reputation monitoring

Granted: November 15, 2016
Patent Number: 9497212
Systems and methods for detecting malicious resources by analyzing communication between multiple resources coupled to a network are provided. According to one embodiment, a method is performed for client reputation monitoring. A monitoring unit within a network observes activities relating to multiple monitored devices within the network. For each observed activity, the monitoring unit assigns a score to the observed activity based upon a policy of multiple polices established within…

Context-aware pattern matching accelerator

Granted: November 8, 2016
Patent Number: 9491143
Methods and systems for improving accuracy, speed, and efficiency of context-aware pattern matching are provided. According to one embodiment, a packet stream is received by a first stage of a CPMP hardware accelerator of a network device. A pre-matching process is performed by the first stage to identify a candidate packet that matches a string or over-flow pattern associated with IPS or ADC rules. A candidate rule is identified based on a correlation of results of the pre-matching…