公开(公告)号：US20150113630A1

公开(公告)日：2015-04-23

申请号：US14584396

申请日：2014-12-29

申请人： Fortinet, Inc.

发明人： Andrew Krywaniuk

IPC分类号： H04L29/06

CPC分类号： H04L63/20 ,  H04L51/00 ,  H04L63/02 ,  H04L63/0245 ,  H04L63/0254 ,  H04L63/0263 ,  H04L63/0272 ,  H04L63/0281 ,  H04L63/1441 ,  H04L63/145

摘要： A computerized system and method for processing network content in accordance with at least one content processing rule is provided. According to one embodiment, the network content is received at a first interface. A transmission protocol according to which the received network content is formatted is identified and used to intercept at least a portion of the received network content. The intercepted portion of the network content is redirected to a proxy, which buffers the redirected portion of network content. The buffered network content is scanned in accordance with a scanning criterion and processed in accordance with the at least one content processing rule based on the result of the scanning The processed portion of network content may be forwarded using a second interface.

摘要翻译： 提供了一种根据至少一个内容处理规则来处理网络内容的计算机化系统和方法。 根据一个实施例，在第一接口处接收网络内容。 识别接收到的网络内容被格式化的传输协议，并用于拦截所接收的网络内容的至少一部分。 网络内容的拦截部分被重定向到代理，缓存重定向部分的网络内容。 缓冲的网络内容根据扫描标准被扫描，并且根据扫描的结果根据至少一个内容处理规则进行处理。网络内容的处理部分可以使用第二接口转发。

公开(公告)号：US10038668B2

公开(公告)日：2018-07-31

申请号：US13948341

申请日：2013-07-23

申请人： Fortinet, Inc.

发明人： Andrew Krywaniuk

IPC分类号： G06F15/173 ,  H04L29/06 ,  G06F15/16

CPC分类号： H04L63/02 ,  H04L63/0227 ,  H04L63/0272 ,  H04L63/1425

摘要： Methods and systems for processing network content associated with multiple virtual domains are provided. According to one embodiment, a service daemon process is instantiated within a firewall to handle content processing of network traffic of virtual domains by aggregating communication channels associated with the virtual domains and by applying an appropriate content processing policy for the corresponding virtual domain. A connection request is received by the firewall from a virtual domain. A child process is forked by the service daemon process to handle network traffic associated with the virtual domain. A communication channel is established between a kernel of the firewall and the service daemon process to transfer a portion of the network traffic between the service daemon process and the kernel. The child process is configured to perform content processing of the network traffic in accordance with a content processing policy associated with the virtual domain.

公开(公告)号：US08925065B2

公开(公告)日：2014-12-30

申请号：US13919488

申请日：2013-06-17

申请人： Fortinet, Inc.

发明人： Andrew Krywaniuk

IPC分类号： G06F21/00 ,  H04L29/06 ,  H04L12/58

CPC分类号： H04L63/20 ,  H04L51/00 ,  H04L63/02 ,  H04L63/0245 ,  H04L63/0254 ,  H04L63/0263 ,  H04L63/0272 ,  H04L63/0281 ,  H04L63/1441 ,  H04L63/145

摘要： A computerized system and method for processing network content in accordance with at least one content processing rule. In accordance with the inventive method, the network content is received at a first interface. The inventive system identifies a transmission protocol information of the received network content and uses the identified transmission protocol information to intercept at least a portion of the received network content formatted in accordance with a transmission protocol. The intercepted portion of the network content is redirected to a proxy, which buffers the redirected portion of network content. The buffered network content is scanned in accordance with a scanning criterion and processed in accordance with the at least one content processing rule based on the result of the scanning. The processed portion of network content may be forwarded using the second interface.

摘要翻译： 一种用于根据至少一个内容处理规则处理网络内容的计算机化系统和方法。 根据本发明的方法，在第一接口处接收网络内容。 本发明的系统识别所接收的网络内容的传输协议信息，并使用所识别的传输协议信息截取根据传输协议格式化的所接收的网络内容的至少一部分。 网络内容的拦截部分被重定向到代理，缓存重定向部分的网络内容。 根据扫描标准对缓冲的网络内容进行扫描，并根据扫描的结果根据至少一个内容处理规则进行处理。 网络内容的处理部分可以使用第二接口转发。

公开(公告)号：US20130305346A1

公开(公告)日：2013-11-14

申请号：US13919488

申请日：2013-06-17

申请人： Fortinet, Inc.

发明人： Andrew Krywaniuk

IPC分类号： H04L29/06

CPC分类号： H04L63/20 ,  H04L51/00 ,  H04L63/02 ,  H04L63/0245 ,  H04L63/0254 ,  H04L63/0263 ,  H04L63/0272 ,  H04L63/0281 ,  H04L63/1441 ,  H04L63/145

摘要： A computerized system and method for processing network content in accordance with at least one content processing rule. In accordance with the inventive method, the network content is received at a first interface. The inventive system identifies a transmission protocol information of the received network content and uses the identified transmission protocol information to intercept at least a portion of the received network content formatted in accordance with a transmission protocol. The intercepted portion of the network content is redirected to a proxy, which buffers the redirected portion of network content. The buffered network content is scanned in accordance with a scanning criterion and processed in accordance with the at least one content processing rule based on the result of the scanning. The processed portion of network content may be forwarded using the second interface.

摘要翻译： 一种用于根据至少一个内容处理规则处理网络内容的计算机化系统和方法。 根据本发明的方法，在第一接口处接收网络内容。 本发明的系统识别所接收的网络内容的传输协议信息，并使用所识别的传输协议信息截取根据传输协议格式化的所接收的网络内容的至少一部分。 网络内容的拦截部分被重定向到代理，缓存重定向部分的网络内容。 根据扫描标准对缓冲的网络内容进行扫描，并根据扫描的结果根据至少一个内容处理规则进行处理。 网络内容的处理部分可以使用第二接口转发。

公开(公告)号：US10009386B2

公开(公告)日：2018-06-26

申请号：US15639075

申请日：2017-06-30

申请人： Fortinet, Inc.

发明人： Andrew Krywaniuk

IPC分类号： G06F21/00 ,  H04L29/06 ,  H04L12/58

CPC分类号： H04L63/20 ,  H04L51/00 ,  H04L63/02 ,  H04L63/0245 ,  H04L63/0254 ,  H04L63/0263 ,  H04L63/0272 ,  H04L63/0281 ,  H04L63/1441 ,  H04L63/145

摘要： A computerized system and method for processing network content in accordance with at least one content processing rule is provided. According to one embodiment, the network content is received at a first interface. A transmission protocol according to which the received network content is formatted is identified and used to intercept at least a portion of the received network content. The intercepted portion of the network content is redirected to a proxy, which buffers the redirected portion of network content. The buffered network content is scanned in accordance with a scanning criterion and processed in accordance with the at least one content processing rule based on the result of the scanning. The processed portion of network content may be forwarded using a second interface.

公开(公告)号：US09825993B2

公开(公告)日：2017-11-21

申请号：US14994725

申请日：2016-01-13

申请人： Fortinet, Inc.

发明人： Andrew Krywaniuk

IPC分类号： G06F21/00 ,  H04L29/06 ,  H04L12/58

CPC分类号： H04L63/20 ,  H04L51/00 ,  H04L63/02 ,  H04L63/0245 ,  H04L63/0254 ,  H04L63/0263 ,  H04L63/0272 ,  H04L63/0281 ,  H04L63/1441 ,  H04L63/145

摘要： A computerized system and method for processing network content in accordance with at least one content processing rule is provided. According to one embodiment, the network content is received at a first interface. A transmission protocol according to which the received network content is formatted is identified and used to intercept at least a portion of the received network content. The intercepted portion of the network content is redirected to a proxy, which buffers the redirected portion of network content. The buffered network content is scanned in accordance with a scanning criterion and processed in accordance with the at least one content processing rule based on the result of the scanning. The processed portion of network content may be forwarded using a second interface.

公开(公告)号：US20150341313A1

公开(公告)日：2015-11-26

申请号：US14816030

申请日：2015-08-02

申请人： Fortinet, Inc.

发明人： Andrew Krywaniuk

IPC分类号： H04L29/06

CPC分类号： H04L63/029 ,  G06F21/44 ,  H04L9/3263 ,  H04L41/00 ,  H04L63/0428 ,  H04L63/0435 ,  H04L63/0442 ,  H04L63/061 ,  H04L63/0823 ,  H04L63/164 ,  H04L2209/64

摘要： Methods and systems for deploying management tunnels between managed and managing devices are provided. According to one embodiment, the use of PKI-authenticated serial numbers within network devices manufactured by a particular manufacturer enables one-step provisioning of one or more managed devices. A managed device is provisioned with the serial number of a management device manufactured by the particular manufacturer. When the managed device is installed within a network, the management device is located by the managed device with the assistance of a locator server and the managed device initiates establishment of an encrypted management tunnel with the management device. Prior to allowing the management device to use the management tunnel to perform management functionality in relation to the managed device, credentials of the management device are verified by the managed device by comparing the PKI-authenticated unique identifier of the management device to that which is stored within the managed device.

摘要翻译： 提供了在管理和管理设备之间部署管理隧道的方法和系统。 根据一个实施例，在由特定制造商制造的网络设备内使用PKI认证的序列号使得能够对一个或多个被管理设备进行一步配置。 管理设备被配备有由特定制造商制造的管理设备的序列号。 当被管理设备安装在网络中时，管理设备由被管理设备在定位器服务器的帮助下定位，被管理设备启动与管理设备建立加密的管理隧道。 在允许管理设备使用管理隧道执行与被管理设备相关的管理功能之前，管理设备的凭证由被管理设备通过将管理设备的PKI认证的唯一标识符与存储的管理设备的唯一标识符进行比较来验证 在受管设备内。

公开(公告)号：US20170302705A1

公开(公告)日：2017-10-19

申请号：US15639075

申请日：2017-06-30

申请人： Fortinet, Inc.

发明人： Andrew Krywaniuk

IPC分类号： H04L29/06 ,  H04L12/58

CPC分类号： H04L63/20 ,  H04L51/00 ,  H04L63/02 ,  H04L63/0245 ,  H04L63/0254 ,  H04L63/0263 ,  H04L63/0272 ,  H04L63/0281 ,  H04L63/1441 ,  H04L63/145

摘要： A computerized system and method for processing network content in accordance with at least one content processing rule is provided. According to one embodiment, the network content is received at a first interface. A transmission protocol according to which the received network content is formatted is identified and used to intercept at least a portion of the received network content. The intercepted portion of the network content is redirected to a proxy, which buffers the redirected portion of network content. The buffered network content is scanned in accordance with a scanning criterion and processed in accordance with the at least one content processing rule based on the result of the scanning. The processed portion of network content may be forwarded using a second interface.

公开(公告)号：US20170201488A1

公开(公告)日：2017-07-13

申请号：US15469205

申请日：2017-03-24

申请人： Fortinet, Inc.

发明人： Andrew Krywaniuk

IPC分类号： H04L29/06

CPC分类号： H04L63/029 ,  G06F21/44 ,  H04L9/3263 ,  H04L41/00 ,  H04L63/0428 ,  H04L63/0435 ,  H04L63/0442 ,  H04L63/061 ,  H04L63/0823 ,  H04L63/164 ,  H04L2209/64

摘要： Methods and systems for deploying management tunnels between managed and managing devices are provided. According to one embodiment, the use of PKI-authenticated serial numbers within network devices manufactured by a particular manufacturer enables one-step provisioning of one or more managed devices. A managed device is provisioned with the serial number of a management device manufactured by the particular manufacturer. When the managed device is installed within a network, the management device is located by the managed device with the assistance of a locator server and the managed device initiates establishment of an encrypted management tunnel with the management device. Prior to allowing the management device to use the management tunnel to perform management functionality in relation to the managed device, credentials of the management device are verified by the managed device by comparing the PKI-authenticated unique identifier of the management device to that which is stored within the managed device.

公开(公告)号：US09294286B2

公开(公告)日：2016-03-22

申请号：US13965316

申请日：2013-08-13

申请人： Fortinet, Inc.

发明人： Andrew Krywaniuk

IPC分类号： H04L29/06 ,  H04L9/32 ,  H04L12/24 ,  G06F21/44

CPC分类号： H04L63/029 ,  G06F21/44 ,  H04L9/3263 ,  H04L41/00 ,  H04L63/0428 ,  H04L63/0435 ,  H04L63/0442 ,  H04L63/061 ,  H04L63/0823 ,  H04L63/164 ,  H04L2209/64

摘要： Methods and systems for deploying management tunnels between managed and managing devices are provided. According to one embodiment, a managed device receives an address of a management device. The managed device has stored therein a pre-configured unique identifier of an authorized management device and a digital certificate assigned to the managed device prior to installation of the managed device within a network. A tunnel is established between the devices. The management device has stored therein a digital certificate assigned to the management device prior to installation of the management device within the network. The digital certificate of the management device is received by the managed device. Prior to allowing the management device to use the tunnel to perform management functionality in relation to the managed device, a unique identifier included within or associated with the digital certificate of the management device is confirmed with reference to the pre-configured unique identifier.

摘要翻译： 提供了在管理和管理设备之间部署管理隧道的方法和系统。 根据一个实施例，被管理设备接收管理设备的地址。 被管理设备已经在其中存储了在网络内安装被管理设备之前授权管理设备和分配给被管理设备的数字证书的预先配置的唯一标识符。 在设备之间建立隧道。 在将管理装置安装在网络内之前，管理装置已经存储了分配给管理装置的数字证书。 被管理设备接收到管理设备的数字证书。 在允许管理设备使用隧道执行与被管理设备相关的管理功能之前，参考预先配置的唯一标识符来确认包括在管理设备的数字证书中或与管理设备的数字证书相关联的唯一标识符。