Fortinet Patent Grants

Extension of Wi-Fi services multicast to a subnet across a Wi-Fi network using software-defined network (SDN) to centrally control data plane behavior

Granted: October 17, 2017
Patent Number: 9794757
Wi-Fi services multicast to a subnet in a software-defined network (SDN) are extended. An SDN controller centrally monitors a data plane of a Wi-Fi network. Advertisements for services within a first subnet by an advertising station are forwarded to the SDN controller. Parameters of the service of the advertising station are extracted for storage by performing deep packet inspection on the one or more packets. Queries for services within a second subnet by a querying station are also…

Multicast and unicast messages in a virtual cell communication system

Granted: October 17, 2017
Patent Number: 9794801
Reliable multicast delivery in wireless communication, even when a WS doesn't know its AP, is determined at the AP without the sending device. Multicast packets are received at each AP having destinations. Without altering those packets, the AP encapsulates them in an A-MSDU packet. Each A-MSDU packet is sent individually to each destination, and might encapsulate more than one multicast packet. Destinations might receive two streaming messages faster than if sent separately. AP's might…

Automatic channel layering in a wi-fi communication system

Granted: October 17, 2017
Patent Number: 9794846
Deploying multiple access points on multiple wireless communication channels to optimize coverage area. Additional channels provide additional communication capability which multiple AP's, and their associated stations, can collectively use. An additional set of AP's can be disposed in the additional communication channel, with multiple communication channels possibly physically intersecting. The system control element collects information from devices in the wireless communication…

Operation of a dual instruction pipe virus co-processor

Granted: September 26, 2017
Patent Number: 9773113
Circuits and methods are provided for detecting, identifying and/or removing undesired content. According to one embodiment, a content object that is to be virus processed is stored by a general purpose processor to a system memory. Virus scan parameters for the content object are set up by the general purpose processor. Instructions from a virus signature memory of a virus co-processor are read by the virus co-processor based on the virus scan parameters. The instructions contain…

Detection of undesired computer files using digital certificates

Granted: September 26, 2017
Patent Number: 9774569
Methods and systems for detecting undesirable computer files based on scanning and analysis of information contained within an associated digital certificate chain are provided. According to one embodiment, a file having associated therewith a certificate chain is received. A type and structure of the file are identified. A location of the certificate chain is determined based on the identified type and structure. A signature of the file is formed by extracting a targeted subset of…

Accelerating data communication using tunnels

Granted: September 26, 2017
Patent Number: 9774570
Methods and systems are provided for increasing application performance and accelerating data communications in a WAN environment. According to one embodiment, packets are received at a flow classification module operating at the Internet Protocol (IP) layer of a first wide area network (WAN) acceleration device via a private tunnel, which is operable to convey application layer data for connection-oriented applications between WAN acceleration devices. The packets are passed to a WAN…

Detection of undesired computer files using digital certificates

Granted: September 26, 2017
Patent Number: 9774607
Methods and systems for detecting undesirable computer files based on scanning and analysis of information contained within an associated digital certificate chain are provided. According to one embodiment, a file having associated therewith a certificate chain is received. A type and structure of the file are identified. A location of the certificate chain is determined based on the identified type and structure. A signature of the file is formed by extracting a targeted subset of…

Updating content detection devices and systems

Granted: September 26, 2017
Patent Number: 9774621
A method of updating a content detection module includes obtaining content detection data, and transmitting the content detection data to a content detection module, wherein the transmitting is performed not in response to a request from the content detection module. A method of sending content detection data includes obtaining content detection data, selecting an update station from a plurality of update stations, and sending the, content detection data to the selected update station. A…

Intelligent telephone call routing

Granted: September 26, 2017
Patent Number: 9774724
Systems and methods for intelligently routing an incoming telephone call to an internal extension based on the calling history are provided. According to one embodiment, a session log, containing information regarding sessions between internal extension numbers and external telephone numbers, is maintained by a call monitor of a telephone system. The internal extension numbers are associated with telephone extensions within the telephone system and the external telephone numbers are…

DHCP agent assisted routing and access control

Granted: September 19, 2017
Patent Number: 9769115
Systems and methods for increasing layer 2 visibility of layer 3 network devices so as to facilitate implementation of device-oriented policy actions by layer 3 network devices are provided. According to one embodiment, unique physical addresses of one or more host devices are retrieved by a dynamic host configuration protocol (DHCP) agent that is operatively coupled with a DHCP server. The physical addresses are mapped to corresponding Internet Protocol (IP) addresses assigned by the…

Examining and controlling IPv6 extension headers

Granted: September 19, 2017
Patent Number: 9769119
Methods and systems for selectively blocking, allowing and/or reformatting IPv6 headers by traversing devices are provided. According to one embodiment, reputation information regarding observed senders of Internet Protocol (IP) version 6 (IPv6) packets and packet fragments is maintained by a traversing device based on conformity or nonconformity of extension headers contained within the IPv6 packets with respect to a set of security checks performed by the traversing device. When an…

Optimization of MU-MIMO beamforming in a wi-fi communication network based on mobility profiles

Granted: September 19, 2017
Patent Number: 9769828
An access point associated on Wi-Fi portion of the communication network selectively groups stations according to a mobility profile. The mobility profile includes factors that characterize at least an amount of movement and current location for a station. Each station is assigned to a beamforming group of similar mobility profiles. A type of beamforming transmission is selected for each beamforming group based on mobility profiles of associated stations. The type of beamforming…

Wireless communication antennae for concurrent communication in an access point

Granted: September 12, 2017
Patent Number: 9761958
One or more access points in a wireless communication system, wherein at least one of those access points includes a set of more than one antennae capable of concurrent communication, and at least one of those more than one antennae is isolated from a remainder of that set of antennae during concurrent communication. Isolation includes one or more of disposed a first antenna in a null region of a second antenna, disposing a first antenna to communicate polarized and substantially…

Policy based content filtering

Granted: September 12, 2017
Patent Number: 9762540
Methods and systems for processing application-level content of network service protocols are described. According to one embodiment, a network connection is received at a networking subsystem of a firewall. The connection is characterized by a source IP address, a destination IP address and a network service protocol. The network service protocol of the network connection is determined. A matching firewall policy is identified for the connection. When the connection is allowed, it is…

Power saving in Wi-Fi devices utilizing bluetooth

Granted: September 12, 2017
Patent Number: 9763186
The present description provides methods, computer program products, and systems for saving power in Wi-Fi devices utilizing Bluetooth. A Wi-Fi radio transitions to deep sleep mode from active mode while a Bluetooth radio remains active. An active Wi-Fi connection to the access point can be maintained by the station while in deep sleep mode as needed to prevent being disassociated. Responsive to the indication of data packets waiting at the access point, sent over the Bluetooth radio,…

Data leak protection in upper layer protocols

Granted: September 5, 2017
Patent Number: 9756017
Methods and systems for Data Leak Prevention (DLP) in a private network are provided. According to one embodiment, a packet is received by a network security device. An upper layer protocol associated with the packet is identified. It is determined whether the identified upper layer protocol is one of multiple candidate upper layer protocols having a potential to carry sensitive information with reference to a database identifying the candidate upper layer protocols, corresponding…

Context-aware pattern matching accelerator

Granted: September 5, 2017
Patent Number: 9756081
Methods and systems for improving accuracy, speed, and efficiency of context-aware pattern matching are provided. According to one embodiment, a packet stream is received by a first stage of a CPMP hardware accelerator of a network device. A pre-matching process is performed by the first stage to identify a candidate packet that matches a string or over-flow pattern associated with IPS or ADC rules. A candidate rule is identified based on a correlation of results of the pre-matching…

Intelligent telephone call routing

Granted: September 5, 2017
Patent Number: 9756176
Systems and methods for intelligently routing an incoming telephone call to an internal extension based on the calling history are provided. According to one embodiment, a session log is maintained by a call monitor of a telephone system. The session log contains multiple call session records relating to telephone calls between internal extension numbers and external telephone numbers. An incoming telephone call from a telephone external to the telephone system is received by the call…

System and method for software defined behavioral DDoS attack mitigation

Granted: August 22, 2017
Patent Number: 9742800
Systems and methods for software defined behavioral DDoS attack mitigation are provided. According to one embodiment, a method is provided for mitigating DDoS attacks. A DDoS attack mitigation appliance of multiple mitigation appliances controlled by a DDoS attack mitigation central controller receives DDoS attack mitigation policies through a network connecting the controller and the mitigation appliance. A DDoS attack is mitigated by the mitigation appliance based on the received…

Configuring initial settings of a network security device via a hand-held computing device

Granted: August 22, 2017
Patent Number: 9742872
Process, equipment, and computer program product code for configuring a network security device using a hand-held computing device are provided. Default initial settings for a network security device are received by a mobile application running on a hand-held computing device. The default initial settings represent settings that allow the network security device to be remotely managed via a network to which the network security device is coupled. The default initial settings are…