Patents Assigned to Stonesoft Oy
-
Patent number: 7573823Abstract: The invention relates to methods for selection of packet transmission routes between two network sites in a case, in which the sites are connected to the rest of the network via a plurality of connections each. According to the invention, the source network site is arranged to select which connection is used at the source end and which connection is used at the destination end, and base the selections at least partly on the basis of a round trip time value and a packet success rate value. The selection criteria can advantageously be time dependent.Type: GrantFiled: January 19, 2005Date of Patent: August 11, 2009Assignee: Stonesoft OyInventor: Matti Halme
-
Patent number: 7392537Abstract: The invention provides an arrangement for managing a network security application comprising a full management user interface for conducting management operations for the network security application, and a limited management user interface for conducting a limited number of management operations of the full management user interface for the network security application over a wireless remote connection.Type: GrantFiled: October 8, 2001Date of Patent: June 24, 2008Assignee: Stonesoft OyInventors: Jari Satomaa, Hannu Pudas, Mika Jalava
-
Patent number: 7280540Abstract: In a network element cluster having a plurality of nodes, distribution decisions are determined on the basis of certain field(s) of data packets according to predetermined criteria, and data packets are distributed to nodes of the network element cluster according to the distribution decisions. Data packets are processed by said nodes of the network element cluster, and the processing involves selecting at least partly arbitrary value(s) for at least one of the field(s) of at least one data packet. Such value(s) are selected for at least one of said certain field(s) of a third data packet, such that distribution decisions determined according to the predetermined criteria result in the same node in the cluster processing inbound and outbound packets of the same session ID.Type: GrantFiled: October 19, 2001Date of Patent: October 9, 2007Assignee: Stonesoft OyInventors: Matti Halme, Esa Harjulahti, Tommi Virtanen, Timo Virtanen, Tuomo Syvanne
-
Patent number: 7146421Abstract: A method for handling dynamic state information used for handling data packets, which arrive at a network element node of a network element cluster, said network element cluster having at least two nodes and each node handling separate sets of data packets. In a node there is maintained 206 a first, node-specific data structure comprising entries representing state information needed for handling sets of data packets handled in said node. In said node there is also maintained 208 a second, common data structure comprising at least entries representing state information needed for handling sets of data packets handled in one other node of said network element cluster. The contents of said common data structure effectively differs from the contents of said node-specific data structure. Data packets are distributed 202, 204 to nodes of the cluster by means of distribution identifiers allocated 200 to nodes.Type: GrantFiled: October 19, 2001Date of Patent: December 5, 2006Assignee: Stonesoft OyInventor: Tuomo Syvanne
-
Patent number: 7130266Abstract: A method for handling data packets in a network element, such as a gateway, said data packets belonging to a set of data packets. Data packets are captured, and captured data packets are processed. Captured data packets are accepted for processing or declined from processing based on said captured data packet and data packets captured prior to said data packet. When at least one captured data packet is processed, a modification command affecting at least said at least one captured data packet is determined, and a list of modification commands is maintained, said list enabling modification of captured data packets. Captured data packets are modified based on said list of modification commands, and data packets are released. It is also possible to process the captured data packets without determining modification commands, and release the data packets without modifying them.Type: GrantFiled: September 10, 2001Date of Patent: October 31, 2006Assignee: Stonesoft OyInventors: Tommi Virtanen, Riku Salminen
-
Patent number: 7130305Abstract: Processing of data packets within a network element cluster having a plurality of network element nodes is described. The network element cluster has a cluster network address common to said plurality of nodes. Distribution decisions are determined for first data packets, a first data packet being a data packet initiating opening of a packet data connection to said cluster network address, according to predetermined criteria. For each node of the network element cluster those first data packets, which are to be processed in said particular node, are selected according to the distribution decisions. Node-specific lists about opened packet data connections for which a node is responsible are maintained, and using these node-specific lists second data packets, which are data packets relating to any opened packet data connection specified in a node-specific list, are processed.Type: GrantFiled: July 2, 2001Date of Patent: October 31, 2006Assignee: Stonesoft OyInventors: Arttu Kuukankorpi, Joni Pajarinen, Christian Jalio, Marko Nippula
-
Patent number: 7127739Abstract: A method (400, 610) for handling information about packet data connections arriving at a security gateway element, in order to have in a connection data structure information about packet data connections in accordance with current screening information is presented. In the method, data packet header information about packet data connections in accordance with first screening information is stored (401) in said connection data structure, and updated screening information, said updated screening information forming either by itself or in connection with said first screening information second screening information, is being received (402).Type: GrantFiled: September 21, 2001Date of Patent: October 24, 2006Assignee: Stonesoft OYInventor: Tuomo Syvanne
-
Patent number: 7099284Abstract: The invention relates to methods for controlling of transmission of data in IP networks. According to the invention, the sequence numbers and sending times of transmitted IPSec packets are stored, acknowledgement is sent for every N:th received IPSec packet or after any IPSec packet if T seconds have elapsed after sending a previous acknowledgement packet, the acknowledgement comprising the sequence number of the particular IPSec packet after the reception of which the acknowledgement is sent and the counter values indicating the number of packets and bytes received, and at least the round trip time, packet success rate and throughput value are determined from the reception time of the acknowledgement and the stored sending time associated with the sequence number in the acknowledgement and the counter values indicating the number of packets and bytes received.Type: GrantFiled: November 29, 2000Date of Patent: August 29, 2006Assignee: Stonesoft OyInventor: Matti Halme
-
Patent number: 6996573Abstract: A method for processing data packets in a gateway element comprises the steps of: comparing a data packet to screening information comprising a set of rules, and processing a data packet according to a rule belonging to the set of rules, the header information of said data packet matching the header information of said rule. The method is characterized in that said screening information is hierarchically structured so that it comprises a first rule, which specifies first header information, and a subset of rules relating to said first rule, and in that in said step of comparing a data packet, said data packet is compared to said subset of rules only if the header information of the data packet matches the header information of the first rule. A gateway element, an arrangement, and a data structure comprising screening information are also presented.Type: GrantFiled: October 12, 2001Date of Patent: February 7, 2006Assignee: Stonesoft OyInventor: Tuomo Syvanne
-
Patent number: 6912200Abstract: The invention relates to methods for selection of packet transmission routes between two network sites in a case, in which the sites are connected to the rest of the network via a plurality of connections each. According to the invention, the source network site is arranged to select which connection is used at the source end and which connection is used at the destination end, and base the selections at least partly on the basis of a round trip time value and a packet success rate value. The selection criteria can advantageously be time dependent.Type: GrantFiled: November 29, 2000Date of Patent: June 28, 2005Assignee: Stonesoft OyInventor: Matti Halme
-
Patent number: 6885633Abstract: The invention is related to structures used for providing fault tolerance in computer data networks. According to the invention, fault tolerance is achieved by redundancy, i.e. by using at least two network nodes in parallel. The network nodes have at least two physical network interface to a network, only one of which is active during normal operation. In the case of two network nodes being used, both of these have two physical network interfaces to the same network. A first network interfaces on the first node has the same IP and MAC address as one interface on the second node, and the second network interface on the first node has the same IP and MAC address as the other interface on the second node. The IP and MAC addresses of the two interfaces of each node are different, whereby the two nodes provide a first IP address and a corresponding first MAC address, and a second IP address and a corresponding second MAC address.Type: GrantFiled: April 10, 2000Date of Patent: April 26, 2005Assignee: Stonesoft OyInventor: Olli Mikkonen
-
Patent number: 6856621Abstract: The invention relates to methods for transmission of data, more particularly for transmission of data in clustered structures in IP networks. According to the invention, the cluster units are configured to be members of an IP multicast group specific to the cluster. The switch or switches directly connected to the cluster units are arranged to monitor multicast group membership reports from the cluster units, and therefore obtain knowledge about which ports of the switch or switches are connected to cluster units. Advantageously, the switch or switches may also send membership queries to find out, which ports are connected to members of the cluster multicast group. Consequently, when the switch receives a packet with a multicast MAC address and the IP address of the cluster, the switch sends the packet to only those ports to which cluster units are connected, and not to all ports of the switch as according to the prior art.Type: GrantFiled: October 10, 2000Date of Patent: February 15, 2005Assignee: Stonesoft OyInventor: Jari Artes
-
Patent number: 6650621Abstract: The invention relates to distribution of IP traffic between more than one route between a node and an IP network. The invention is concerned with a new method for distribution of connections between a plurality of possible routes for transmission of IP packet traffic between a source node and end nodes, each of the routes being associated with a plurality of IP addresse. According to the invention, a route is selected for a new connection to be established between the source node and an end node for transmission of packet traffic, the selected route is taken into use by translating source IP addresses of packets transmitted from the source node to said end node to an IP address associated with the selected route, and said selection of a route is performed on the basis of predefined criteria. Preferably, the selection of the route is performed on the basis of round trip times measured by a new method using packet replication.Type: GrantFiled: October 5, 1999Date of Patent: November 18, 2003Assignee: Stonesoft OyInventor: Jukka Maki-Kullas