Building a cooperative security fabric of hierarchically interconnected network security devices

Assignee

• Fortinet, Inc. · US

Inventors

• Michael Xie · Palo Alto, US
• Robert A. May · Beeville, US
• Xiadong Xu · Surrey, CA
• Yong Wang · Redmond, US
• Jordan E. Thompson · Vancouver, CA
• Shenghe Wang · Surrey, CA

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04W24/02
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Systems and methods for implementing a cooperative security fabric (CSF) protocol are provided. According to one embodiment, a CSF of multiple network security devices (NSDs) deployed within a protected network is constructed in a form of a tree, having a root node, one or more intermediate nodes and one or more leaf nodes, based on hierarchical interconnections among the NSDs by determining a relative upstream or downstream relationship among each NSD. Backend daemons of the NSDs establish and maintain a bi-directional tunnel between each parent node within the CSF and its respective child nodes through which queries and replies are communicated and through which periodic keep-alive messages and responses are exchanged. Forward daemons of the NSDs enforce a CSF protocol that limits the issuance of query messages to those originated by an upstream node within the CSF and directed to a downstream node within the CSF.