Sunnyvale, CA, United States
Sunnyvale, CA, United States

Fortinet, Inc. is an American multinational corporation founded in 2000 by brothers Ken and Michael Xie. The company sells high performance network security products and services including their flagship integrated network security solution, the FortiGate firewall. Fortinet distributes its systems and subscription-based services using the channel partner sales method via more than 20,000 partners worldwide. Fortinet is positioned as the revenue leader in Unified Threat Management .Fortinet competes in the UTM and network security industry against Cisco, Check Point, Juniper, and Palo Alto Networks, among others. Wikipedia.


Time filter

Source Type

A method for processing network traffic data includes receiving a packet, and determining whether the packet is a previously dropped packet that is being retransmitted. A method for processing network traffic content includes receiving a plurality of headers, the plurality of headers having respective first field values, and determining whether the first field values of the respective headers form a first prescribed pattern. A method for processing network traffic content includes receiving a plurality of packets, and determining an existence of a flooding attack without tracking each of the plurality of packets with a SYN bit.


Patent
Fortinet | Date: 2016-06-09

Methods and systems for balancing load among firewall security devices (FSDs) are provided. According to one embodiment, service group and VLAN associations are stored within a switching device for each front panel port and for each fabric slot of the switching device. Each of multiple FSDs providing security services for a protected network are coupled with a fabric slot. When a packet is received, the switching device: (i) tags the packet based on a VLAN ID corresponding to the VLAN to which front panel port on which it was received is assigned; (ii) identifies the service group based on the VLAN ID; (iii) selects a slot within the identified service group and thereby selects an FSD to associate with the forward traffic session and a corresponding reverse traffic session by performing a load balancing function on the packet; and (iv) causes the packet to be processed by the selected FSD.


A method for balancing load among firewall security devices (FSDs) is provided. According to one embodiment, imminent shutdown of a first cluster unit of an HA cluster of FSDs is gracefully handled by a switching device. A load balancing (LB) table, forming associations between hash values output by the LB function and corresponding ports of the switching device to which the cluster units are coupled, is maintained. The first cluster unit is coupled to a first port. Responsive to imminent shutdown of the first cluster unit: (i) a second cluster unit, coupled to a second port, is selected to perform security services on traffic sessions handled by the first cluster unit; and (ii) the LB table is updated by replacing reference(s) to the first port with reference(s) to the second port. Security services for subsequently received network traffic associated with the traffic sessions is performed by the second cluster unit.


A method for balancing load among firewall security devices (FSDs) is provided. According to one embodiment, a switching device performs adaptive load balancing among cluster units of an HA cluster of firewall security devices. A load balancing (LB) function implemented by the switching device is configured based on information received from a network administrator. A LB table is maintained that forms associations between hash values output by the LB function and corresponding ports of the switching device to which the cluster units are coupled. Network traffic received by the switching device is directed to appropriate cluster units based on the LB function and the LB table. A traffic load on each of the cluster units is monitored. Responsive to a deviation from a predefined ideal traffic distribution, an attempt is made to improve performance of the HA cluster by dynamically adjusting the LB balancing table to address the deviation.


Patent
Fortinet | Date: 2016-05-07

A method of updating a content detection module includes obtaining content detection data, and transmitting the content detection data to a content detection module, wherein the transmitting is performed not in response to a request from the content detection module. A method of sending content detection data includes obtaining content detection data, selecting an update station from a plurality of update stations, and sending the, content detection data to the selected update station. A method of building a content detection system includes establishing a first communication link between a central station and an update station, the central station configured to transmit content detection data to the update station, and establishing a second communication link between the update station and a content detection module.


A device for detecting network traffic content is provided. The device includes a first input port configured to receive one or more signatures, each of the one or more signatures associated with content desired to be detected, a second input port configured to receive data associated with network traffic content. The device also includes a processor configured to process the one or more signatures and the data to determine whether the network traffic content matches the content desired to be detected, and an output port configured to couple the device to a computer system of an intended recipient of the network traffic content. The output port passes the network traffic content to the computer system when it is determined that the network traffic content does not match the content desired to be detected.


An 802.11-compliant device for high throughput is disclosed. A plurality of TCP packets received in a buffer for transmission are stored. The plurality of TCP packets can be aggregated as A-MSDU sub-frames to form a A-MSDU frame in accordance with an IEEE 802.11 standard. Additionally, a plurality of A-MSDU frames can be aggregated as A-MPDU sub-frames to form a A-MPDU frame. The A-MPDU frame is compliant with a number of allowable sub-frames and a maximum size in accordance with an 802.11 standard. The A-MPDU frame is sent for transmission as an IEEE 802.11 packet.


A method of detecting a content desired to be detected includes receiving electronic data at a first host, determining a checksum value using the received electronic data, sending the checksum value to a processing station, the processing station being a second host that is different from the first host, and receiving a result from the processing station, the result indicating whether the electronic data is associated with a content desired to be detected. A method of detecting a content desired to be detected includes receiving electronic data at a receiving station, and determining whether the received electronic data is associated with a content desired to be detected, wherein the receiving station does not include content detection data for identifying the content desired to be detected.


Patent
Fortinet | Date: 2016-03-17

A method and apparatus for managing a transfer of data in a data network identifies data associated with a communication session between a first node and a second node in the data network. Further processing of the communication session occurs when a portion of the communication session meets a criterion and the communication session is permitted to continue when the portion of the communication session does not meet the criterion.


Spoof attacks on location based beacons are detected. A stream of beacons (e.g., IBEACONS) comprising at least a unique source identifier is generated. The stream of beacons is broadcast over a wireless communication channel to mobile devices within range. A list of broadcasted beacons is stored in a table along with a time and location of broadcast. Subsequent to broadcasting, a stream of beacons is detected. The detected beacon stream comprises a unique source identifier along with a time and a location of broadcast. The unique source identifier, the time and the location of at least one beacon of the detected beacon stream can be compared to the unique source identifier, the time and the location of at least one beacon of the broadcast beacon stream. Responsive to a match between the unique source identifiers and a mismatch of at least one of the time and locations, it is determined that the broadcast beacon stream has been spoofed by the detected beacon stream. Once a spoof has been detected, various remediation actions can be taken, such as sending alerts to admin, cautioning end users, and other security mode procedures.

Loading Fortinet collaborators
Loading Fortinet collaborators