-
公开(公告)号:US10795912B2
公开(公告)日:2020-10-06
申请号:US16008800
申请日:2018-06-14
申请人: Fortinet, Inc.
IPC分类号: G06F16/23 , G06F16/27 , G06F9/54 , G06F9/455 , H04L29/06 , H04L12/707 , H04L12/24 , H04L12/741 , H04L12/721 , H04L12/759
摘要: Systems and methods for synchronizing an EMACVLAN FDB among cluster units of an HA cluster are provided. According to one embodiment, real-time synchronization of a first FDB maintained within a kernel space of a first network security operating system running on a primary unit and a second FDB maintained within a kernel space of a second network security operating system running on a secondary unit is performed by: transferring information regarding an entry from the kernel space of the first network security operating system to a first synchronization unit running within a user space of the first network security operating system, and causing the second forwarding database to be updated by the first synchronization unit in response to receipt of the information regarding the entry, by transmitting the information regarding the entry to a second synchronization unit running within the user space of the second network security operating system.
-
2.发明申请公开(公告)号:US20200236144A1
公开(公告)日:2020-07-23
申请号:US16834064
申请日:2020-03-30
申请人: Fortinet, Inc.
发明人: Michael Xie , Robert A. May , Xiadong Xu , Yong Wang , Jordan E. Thompson , Shenghe Wang
摘要: Systems and methods for implementing a cooperative security fabric (CSF) protocol are provided. According to one embodiment, an NSD of multiple NSDs participates in the dynamic construction of a CSF interconnecting the NSDs in a form of a tree, having multiple nodes each representing one of the NSDs, based on hierarchical interconnections between the NSD and directly connected upstream and downstream NSDs. A communication channel is established by a backend daemon of the NSD with a directly connected upstream node of the NSD within the CSF through which queries and replies are communicated and through which periodic keep-alive messages and responses are exchanged between the upstream node and the NSD. A CSF protocol is enforced by a forward daemon of the NSD that limits issuance of query messages to those originated by a source NSD representing an upstream node and directed to a destination NSD representing a downstream node.
-
3.发明授权公开(公告)号:US10686839B2
公开(公告)日:2020-06-16
申请号:US15855230
申请日:2017-12-27
申请人: Fortinet, Inc.
发明人: Michael Xie , Robert A. May , Xiadong Xu , Yong Wang , Jordan E. Thompson , Shenghe Wang
摘要: Systems and methods for implementing a cooperative security fabric (CSF) protocol are provided. According to one embodiment, a CSF of multiple network security devices (NSDs) deployed within a protected network is constructed in a form of a tree, having a root node, one or more intermediate nodes and one or more leaf nodes, based on hierarchical interconnections among the NSDs by determining a relative upstream or downstream relationship among each NSD. Backend daemons of the NSDs establish and maintain a bi-directional tunnel between each parent node within the CSF and its respective child nodes through which queries and replies are communicated and through which periodic keep-alive messages and responses are exchanged. Forward daemons of the NSDs enforce a CSF protocol that limits the issuance of query messages to those originated by an upstream node within the CSF and directed to a downstream node within the CSF.
-
4.发明申请公开(公告)号:US20180324217A1
公开(公告)日:2018-11-08
申请号:US15855230
申请日:2017-12-27
申请人: Fortinet, Inc.
发明人: Michael Xie , Robert A. May , Xiadong Xu , Yong Wang , Jordan E. Thompson , Shenghe Wang
IPC分类号: H04L29/06
摘要: Systems and methods for implementing a cooperative security fabric (CSF) protocol are provided. According to one embodiment, a CSF of multiple network security devices (NSDs) deployed within a protected network is constructed in a form of a tree, having a root node, one or more intermediate nodes and one or more leaf nodes, based on hierarchical interconnections among the NSDs by determining a relative upstream or downstream relationship among each NSD. Backend daemons of the NSDs establish and maintain a bi-directional tunnel between each parent node within the CSF and its respective child nodes through which queries and replies are communicated and through which periodic keep-alive messages and responses are exchanged. Forward daemons of the NSDs enforce a CSF protocol that limits the issuance of query messages to those originated by an upstream node within the CSF and directed to a downstream node within the CSF.
-
公开(公告)号:US20190286737A1
公开(公告)日:2019-09-19
申请号:US16008800
申请日:2018-06-14
申请人: Fortinet, Inc.
摘要: Systems and methods for synchronizing an EMACVLAN FDB among cluster units of an HA cluster are provided. According to one embodiment, real-time synchronization of a first FDB maintained within a kernel space of a first network security operating system running on a primary unit and a second FDB maintained within a kernel space of a second network security operating system running on a secondary unit is performed by: transferring information regarding an entry from the kernel space of the first network security operating system to a first synchronization unit running within a user space of the first network security operating system, and causing the second forwarding database to be updated by the first synchronization unit in response to receipt of the information regarding the entry, by transmitting the information regarding the entry to a second synchronization unit running within the user space of the second network security operating system.
-
6.发明授权公开(公告)号:US11019029B2
公开(公告)日:2021-05-25
申请号:US16834064
申请日:2020-03-30
申请人: Fortinet, Inc.
发明人: Michael Xie , Robert A. May , Xiaodong Xu , Yong Wang , Jordan E. Thompson , Shenghe Wang
摘要: Systems and methods for implementing a cooperative security fabric (CSF) protocol are provided. According to one embodiment, an NSD of multiple NSDs participates in the dynamic construction of a CSF interconnecting the NSDs in a form of a tree, having multiple nodes each representing one of the NSDs, based on hierarchical interconnections between the NSD and directly connected upstream and downstream NSDs. A communication channel is established by a backend daemon of the NSD with a directly connected upstream node of the NSD within the CSF through which queries and replies are communicated and through which periodic keep-alive messages and responses are exchanged between the upstream node and the NSD. A CSF protocol is enforced by a forward daemon of the NSD that limits issuance of query messages to those originated by a source NSD representing an upstream node and directed to a destination NSD representing a downstream node.
-
-
-
-
-
搜索结果
6 条记录 (耗时 0.02 秒)