Patents Assigned to Fortinet, Inc.
  • Publication number: 20250150393
    Abstract: An outbound packet is detected from a client device of a first spoke destined to a client device of a second spoke over SD-WAN through a hub connecting the first and second spokes with IPSec tunneling. The first spoke is on a local enterprise network, the second spoke is on a remote enterprise network and the hub is on wide area network, and each of the first spoke, the second spoke and the hub are each ADVPN2.0 compatible. Responsive to the detection, a health check is performed on the remote spoke. A path is selected between a local NAT device of multiple NAT devices of the first spoke and a remote NAT device of the multiple remote NAT devices of the second spoke, based on link quality data of the response. A NAT hole is punched between a selected local NAT and a selected inbound NAT and an IPSec tunnel is established, independent of the hub.
    Type: Application
    Filed: December 27, 2024
    Publication date: May 8, 2025
    Applicant: Fortinet, Inc.
    Inventors: Shangwei Duan, Wang Xi, Yong lin Han, Pin Yi Kuo
  • Publication number: 20250150488
    Abstract: An Operational Technology (OT) device database is trained by interrogating physical OT devices over the data communication network, and from responses, generating a profile for each interrogated physical OT device, each profile comprising at least data used to set up decoy OT devices that are virtualized to mirror each interrogated physical OT device. A list of local physical OT devices running on a remote private network is received from a specific deception appliance on the remote private network. OT device profiles are selected from the OT device database based on the list of local physical OT devices. The selected OT device profiles are transmitted to the specific deception appliance, at the remote private network. The specific deception appliance maintains VM machines for running decoy OT devices, based on the selected OT device profiles, on the remote private network.
    Type: Application
    Filed: June 30, 2023
    Publication date: May 8, 2025
    Applicant: Fortinet, Inc.
    Inventors: Jun Jiang, Hongquan Mi, Moshe Ben Simon
  • Publication number: 20250141933
    Abstract: Systems and methods for adjusting the behavior of an endpoint security agent based on a network location are provided. According to an embodiment, an agent of an endpoint device detects whether the endpoint has moved to a new network by monitoring for changes to an IP address associated with the endpoint. When the detecting is affirmative, the agent further determines whether a trusted network determination service associated with a cloud-based security service is reachable. When the determining is affirmative, the agent further identifies whether the new network is among a set of trusted networks that have been previously registered with the cloud-based security service by querying the trusted network determination service. When the identifying is affirmative, a particular security feature on the endpoint is configured for operation within a trusted network and when the identifying is negative, the particular security feature is configured for operation outside of a trusted networks.
    Type: Application
    Filed: December 31, 2024
    Publication date: May 1, 2025
    Applicant: Fortinet, Inc.
    Inventors: Gregory L. Galloway, Karl D. Melcher, Michael C. Starr, Scott M. Davis
  • Publication number: 20250133025
    Abstract: Various embodiments provide systems and methods for reordering processed network traffic.
    Type: Application
    Filed: December 31, 2024
    Publication date: April 24, 2025
    Applicant: Fortinet, Inc.
    Inventors: Xu Zhou, Yuan-Heng Chao
  • Patent number: 12284197
    Abstract: Reducing amounts of data ingested into a data warehouse, including: determining a duration associated with a subject described by event data provided to a data ingestion pipeline; determining, based on the duration, an interval for providing next event data; and providing, based on the interval, the next event data.
    Type: Grant
    Filed: June 30, 2022
    Date of Patent: April 22, 2025
    Assignee: Fortinet, Inc.
    Inventors: Jean-Philippe E. Martin, Úlfar Erlingsson, Yijou Chen
  • Patent number: 12278807
    Abstract: A SSH (secure shell) public key is received from a client device 120 120 on the enterprise network, and an EMS device 140 is queried based on the SSH public key. Responsive to confirmation of registration from the EMS server, an authentication certificate based on a user and the client device 120 120 is generated. An SSH session is initiated on behalf of the client device 120 120 including submitting the certificate and the SSH public key from the client device 120 120 to the external server.
    Type: Grant
    Filed: September 30, 2021
    Date of Patent: April 15, 2025
    Assignee: Fortinet, Inc.
    Inventors: Han Xiao, Wenping Luo
  • Patent number: 12279310
    Abstract: Responsive to receiving uplink traffic from a specific edge client on the edge client table, in-service monitoring for frame retries and collisions associated with the specific edge client is performed. Responsive to detecting that a rate of frame retries and collisions exceed a threshold, a BSS color change announcement frame is transmitted to the specific edge client comprising a second color. The BSS color change announcement directs the specific edge client to contend for medium access based on preambles observed from a specific overlapping BSS associated with the second BSS color rather than its home BSS. The default color can be restored after the uplink.
    Type: Grant
    Filed: September 30, 2022
    Date of Patent: April 15, 2025
    Assignee: Fortinet, Inc.
    Inventor: Ankur Jain
  • Patent number: 12278864
    Abstract: A source node from the cluster of nodes, responsive to receiving the file sharing command from other applications on the same node (e.g., on a virtual machine in the cluster of nodes), copies the shared file to a source workspace directory and compress, and then copy the compressed file to the file sync database. The command comprises a configuration template with file retrieval information. A target node from the cluster of nodes, listens for commands from other nodes in the cluster of nodes. Responsive to receiving the file sharing command, the compressed file is copied from the file sync database to a target workspace directory and decompress, and then copy the shared file to node.
    Type: Grant
    Filed: December 31, 2021
    Date of Patent: April 15, 2025
    Assignee: Fortinet, Inc.
    Inventors: Chaturbhuj Singh, Niraj Nandane, Pooja Singh
  • Patent number: 12273708
    Abstract: A station initiates fast BSS transition by a station from the source access point to the target access point. The target access point detects a failure by the Wi-Fi controller to retrieve a PMK-RO key for a requested PMKROName is detected. The PMKROName is parsed from an authentication request of the station. The failure can result in requiring a fresh BSS connection by the station. Responsive to the failure detection, a PMK-RO key is generated in cooperation with the Wi-Fi controller, to prevent requiring the fresh BSS connection. The PMK-R0 key further helps to support fast transition between access points.
    Type: Grant
    Filed: March 31, 2022
    Date of Patent: April 8, 2025
    Assignee: Fortinet, Inc.
    Inventor: Ankur Jain
  • Publication number: 20250112856
    Abstract: Multiple types of lines are made simultaneously available, including a Wi-Fi link, a cell link and a wired link. A list of running cloud applications is identified by monitoring A quality of each available link for each running cloud application is periodically tested, including measurements of latency, jitter and packet loss. A first link is selected for a first application and a second link is selected for a second application. Data packets related to the first application are transmitted over a first link and data packets related to the second application over the second link.
    Type: Application
    Filed: March 7, 2024
    Publication date: April 3, 2025
    Applicant: Fortinet, Inc.
    Inventors: Emilio Borbolla Galindo, Juan Ernesto Lopez Silva
  • Publication number: 20250113288
    Abstract: Scan reports are received by a Wi-Fi controller from a plurality of access points. Each scan report identifies neighboring BSSIDs with associated BSS-color within radio range and corresponding RSSI measurements. An OBSS can be detected by cross referencing scan reports. BSS color us modified to avoid a potential BSS collision. A station associated the potential BSS collision reports actual color collisions. An indication of the BSS color change is transmitted to one or more access points for local implementation.
    Type: Application
    Filed: September 30, 2023
    Publication date: April 3, 2025
    Applicant: Fortinet, Inc.
    Inventors: Shrikant Gambheer Patil, Ruchir Mishra
  • Publication number: 20250112936
    Abstract: Techniques relate generally to computer networks, and more specifically, for a web browser having a web browser extension for evaluating web requests using internal coordination to make asynchronous information synchronously available, prior to dispatching the web requests.
    Type: Application
    Filed: September 30, 2023
    Publication date: April 3, 2025
    Applicant: Fortinet, Inc.
    Inventors: Jeremy Allen Wildsmith, Mounir Elgharabawy
  • Publication number: 20250112905
    Abstract: A secure connection is established between an IAM server on a data communication network and an on-premises active directory using a zero trust tunnel based on TCP forwarding. An authentication request is received from a gateway device, for the user to access a service provider hosting applications, responsive to a user request for access to the service provider hosting applications. Responsive to recognizing the user of the authentication request being associated with the established SSO session, an assertion is returned to the gateway that the user is authenticated to access the service provider. An authentication request is received from the service provider, for access to a specific application. Responsive to the group information associated with the user, an assertion is returned to the service provider that user is authenticated for use of the specific application.
    Type: Application
    Filed: September 29, 2023
    Publication date: April 3, 2025
    Applicant: Fortinet, Inc.
    Inventors: David Allen Redberg, Yannick Dubuc
  • Publication number: 20250111055
    Abstract: During an initial bootup in a bootloader of an SOC, a random number that is unique to the device is stored in secured storage. During a first bootup, a two-dimensional random key is stored in secure storage for encoding the ENV parameters. During a second (subsequent) bootup, the ENV parameters that are current in unsecured storage are compared against the ENV parameters that previously existed in order to identify a mismatch. A remediation security action can be taken responsive to a mismatch between the baseline digest and a dynamic digest.
    Type: Application
    Filed: September 29, 2023
    Publication date: April 3, 2025
    Applicant: Fortinet, Inc.
    Inventors: Dengxue Yan, Jun Li
  • Publication number: 20250112954
    Abstract: Native Browser Isolation (NBI) distributes resource requirements over the network of clients that will be hosting a web browser. This works over the assumption that modern machines have the spare resources to run an isolated browser environment themselves, thus, not requiring a central mainframe to run the browser isolation (BI) system. The framework will provide means to run the browser in a separate environment from the host OS, provide graphic rendering for the isolated environment, as well as a mean to display the isolated graphics to the user as if it was a native application of the host OS.
    Type: Application
    Filed: September 30, 2023
    Publication date: April 3, 2025
    Applicant: Fortinet, Inc.
    Inventor: Karel Chanivecky Garcia
  • Publication number: 20250113251
    Abstract: An uplink utilization is monitored for each station connected to an access point over a wireless network, including jitter, latency, and dropped packets. Uplink utilization is monitored for access points that are neighbors to the access point, as determined from neighbor reports. An AI model is generated from monitoring data. When an uplink threshold of the access point has been exceeded at the access point. A new access point is selected from the AI model for at least one of the stations based at least on a least used uplink in addition to RF parameters.
    Type: Application
    Filed: September 29, 2023
    Publication date: April 3, 2025
    Applicant: Fortinet, Inc.
    Inventors: Karthikeyan Balasubramanian, Venkatesh Kannan
  • Publication number: 20250113254
    Abstract: Real-time statistics of station RU needs are received. Additionally, real-time statistics of access point RU allocation are received. Real-time statistics for stations and access point history are stored. An artificial intelligence (AI) predictive model is generated for each station based on historical traffic needs. AI model to allocate access point RUs for specific stations in real-time.
    Type: Application
    Filed: September 30, 2023
    Publication date: April 3, 2025
    Applicant: Fortinet, Inc.
    Inventors: Shrikant Gambheer Patil, Ruchir Mishra
  • Publication number: 20250112850
    Abstract: A processor has hardware acceleration enabled during passive link quality measurement. The processor comprises a forwarding engine to passively gather link quality details from existing network sessions concerning a plurality of links. The link quality details comprise latency, jitter and packet loss. An SD-WAN path selection module identifies a link from the plurality of links for data packets of a current session using the link quality details.
    Type: Application
    Filed: September 30, 2023
    Publication date: April 3, 2025
    Applicant: Fortinet, Inc.
    Inventors: Juan Ruiz Sanchez, Jorge Garcia Alvarez
  • Patent number: 12267365
    Abstract: A specific container is spawned by a docker module responsive to Kebernetes control instruction. Network connectivity is provided for the specific container to a data communication network through a networking bridge and a security policy is configured. After configuration, inbound or outbound data packets concerning the specific container are received and forwarded to a security policy KVM for scanning against security policies. Those that pass security scanning are forwarded to containers and external destinations.
    Type: Grant
    Filed: September 30, 2021
    Date of Patent: April 1, 2025
    Assignee: Fortinet, Inc.
    Inventor: Sérgio Henrique Marcelino Castro da Rosa
  • Patent number: 12267345
    Abstract: Using user feedback for attack path analysis in an anomaly detection framework, including: performing an attack path analysis for a cloud deployment; receiving, from a user, user feedback for an attack vector of the attack path analysis; and initiating, based on the user feedback, a workflow for modifying one or more parameters for generating the attack path analysis.
    Type: Grant
    Filed: May 24, 2023
    Date of Patent: April 1, 2025
    Assignee: Fortinet, Inc.
    Inventors: Úlfar Erlingsson, Jay Parikh, Yijou Chen