DCT

4:25-cv-02360

Netskope Inc v. Fortinet Inc

Log In

I. Executive Summary and Procedural Information

  • Parties & Counsel:
  • Case Identification: 4:25-cv-02360, N.D. Cal., 06/13/2025
  • Venue Allegations: Plaintiff alleges venue is proper because Defendant Fortinet Inc maintains its principal place of business in the Northern District of California, a substantial part of the events giving rise to the claims occurred in the district, and Fortinet Inc has purposefully directed activities to the district.
  • Core Dispute: Plaintiff alleges that Defendant’s network security products, including its firewalls, operating systems, and access points, infringe nine patents related to network access control, security policy enforcement, and bandwidth management.
  • Technical Context: The technology concerns methods for securing computer networks by controlling user access, quarantining threats, and managing network resources like bandwidth in enterprise and cloud environments.
  • Key Procedural History: The complaint references a prior declaratory judgment action Netskope Inc filed against Fortinet Inc in the same district (Case 3:22-cv-01852) following what Netskope Inc characterizes as bad-faith licensing demands from Fortinet Inc. The complaint also notes that in the context of that prior litigation, Netskope Inc successfully challenged claims of several Fortinet Inc patents in inter partes review proceedings before the Patent Trial and Appeal Board (PTAB).

Case Timeline

Date Event
2002-10-10 ’639 Patent Priority Date
2003-08-11 ’936 Patent Priority Date
2004-03-10 ’336 Patent & ’282 Patent Priority Date
2005-03-10 ’710 Patent Priority Date
2006-06-01 ’426 Patent Priority Date
2009-07-20 ’153 Patent Priority Date
2009-09-22 ’936 Patent Issue Date
2010-04-02 ’983 Patent Priority Date
2011-04-08 ’697 Patent Priority Date
2012-02-14 ’639 Patent Issue Date
2012-07-17 ’983 Patent Issue Date
2012-12-04 ’426 Patent Issue Date
2013-01-15 ’336 Patent Issue Date
2013-03-12 ’282 Patent Issue Date
2013-09-24 ’710 Patent Issue Date
2014-01-21 ’697 Patent Issue Date
2014-02-25 ’153 Patent Issue Date
2017-01-01 Fortinet Inc CASB product launch (approx.)
2022-03-24 Netskope Inc files Declaratory Judgment action against Fortinet Inc
2024-03-06 PTAB finds claims of a Fortinet Inc patent unpatentable
2024-08-12 PTAB finds claims of a second Fortinet Inc patent unpatentable
2024-08-19 PTAB finds claims of a third Fortinet Inc patent unpatentable
2024-11-11 Netskope Inc notifies Fortinet Inc of infringement of Netskope Inc's Patents
2025-02-03 Court denies Netskope Inc's Motion to Supplement in prior action
2025-06-13 Complaint Filing Date

II. Technology and Patent(s)-in-Suit Analysis

U.S. Patent No. 8,356,336 - "System and Method for Double-Capture/Double-Redirect to a Different Location," issued January 15, 2013.

The Invention Explained

  • Problem Addressed: Prior art methods for network access control were rigid, often completely blocking unauthenticated users from any network resources (Compl. ¶287; ’336 Patent, col. 2:2-16). This created a poor user experience without providing a path for users to access limited, non-sensitive resources or find the authentication portal.
  • The Patented Solution: The invention establishes a "Pre-Authentication Capture Destination," also known as a "walled garden," which provides unauthenticated users with access to a limited, predefined set of network destinations (Compl. ¶287; ’336 Patent, col. 1:66-2:2). If an unauthenticated user attempts to access a resource outside this walled garden, the system automatically redirects them to a designated capture destination within the garden, rather than simply denying access (Compl. ¶288; ’336 Patent, col. 2:47-59). From this capture point, the user remains free to visit other allowed destinations within the walled garden without authenticating.
  • Technical Importance: This approach provided a more flexible and user-friendly method for managing guest or anonymous access on shared networks, improving security without entirely sacrificing usability (Compl. ¶287).

Key Claims at a Glance

  • The complaint asserts independent claims 1, 9, and 16 (Compl. ¶373).
  • Essential elements of independent claim 1 include:
    • Providing a network access controller in a shared network with a plurality of server computers and a set of network destinations.
    • Intercepting a request from an anonymous user's browser application to access a network resource.
    • Determining whether the requested resource is within the set of network destinations.
    • If the resource is in the set, directing the browser to the resource.
    • If the resource is not in the set, redirecting the browser to a "pre-authentication capture destination" from which the user is free to visit any destination in the allowed set without authentication.
  • The complaint does not explicitly reserve the right to assert dependent claims.

U.S. Patent No. 8,543,710 - "Method and System for Controlling Network Access," issued September 24, 2013.

The Invention Explained

  • Problem Addressed: Network administrators needed a way to confine a client's network access to a specific region, often for security reasons such as quarantining a potentially infected device or forcing a user to apply security patches before granting full access (Compl. ¶296; ’710 Patent, col. 1:61-2:8).
  • The Patented Solution: The invention describes a method where a network access gateway can select a client device and perform "quarantine control functions." These functions include restricting the client's network traffic to specific destinations and protocols, while also rendering a web page to the user that explains the restriction and provides an action to obtain unrestricted access (Compl. ¶¶296, 390; ’710 Patent, col. 3:41-6:28). This allows for isolating potential threats while guiding the user through remediation.
  • Technical Importance: The technology provided a systematic way to enforce network health and security policies by quarantining non-compliant devices, rather than just blocking them, thereby improving overall network integrity (Compl. ¶297).

Key Claims at a Glance

  • The complaint asserts independent claims 1, 8, and 15 (Compl. ¶390).
  • Essential elements of independent claim 1 include:
    • At a network access gateway, selecting a client device in a network segment.
    • Performing a plurality of quarantine control functions over the client device.
    • The functions include restricting network traffic to certain destination addresses and protocols.
    • The functions also include rendering a web page on the client device that contains an offer for the user to perform an action to obtain unrestricted access.
  • The complaint does not explicitly reserve the right to assert dependent claims.

Multi-Patent Capsules

  • Patent Identification: U.S. Patent No. 8,117,639, "System and Method for Providing Access Control," issued February 14, 2012.

    • Technology Synopsis: The patent describes provisioning network access on a per-user basis rather than a per-port basis (Compl. ¶306). After a user is authenticated, the system establishes provisioning rules associated with the user's profile to control access to one or more networks (Compl. ¶305).
    • Asserted Claims: Independent claims 1, 10, 17, and 27 (Compl. ¶407).
    • Accused Features: The FortiOS operating system and FortiGate products are accused of practicing user/device discrimination and applying user-specific firewall and class-of-service rules (Compl. ¶420).

  • Patent Identification: U.S. Patent No. 8,224,983, "System and Method for Dynamic Bandwidth Provisioning," issued July 17, 2012.

    • Technology Synopsis: The patent discloses a method for dynamically allocating network bandwidth to users based on profiles stored in an authentication database (Compl. ¶¶314, 424). An access control device regulates a user's bandwidth usage based on a limit and can dynamically update that limit based on user attributes or network conditions (Compl. ¶315).
    • Asserted Claims: Independent claims 1, 4, and 7 (Compl. ¶424).
    • Accused Features: The FortiGate products are accused of including traffic shaping and policing features that deliver guaranteed and maximum bandwidth by setting bandwidth limits based on user profiles (Compl. ¶431).

  • Patent Identification: U.S. Patent No. 8,327,426, "Single Sign On with Proxy Services," issued December 4, 2012.

    • Technology Synopsis: The patent discloses techniques for proxing services with a single sign-on (SSO) (Compl. ¶323). A principal authenticates to a first identity service, which then supplies an authentication message to a second, trusted identity service, allowing the principal to access the second service without a separate login (Compl. ¶323).
    • Asserted Claims: Independent claims 1, 8, and 14 (Compl. ¶441).
    • Accused Features: The FortiAuthenticator product is accused of acting as an identity and access management solution that performs the claimed machine-implemented SSO method (Compl. ¶454).

  • Patent Identification: U.S. Patent No. 7,593,936, "Systems and Methods for Automated Computer Support," issued September 22, 2009.

    • Technology Synopsis: The technology relates to detecting abnormal system states by receiving snapshots from a plurality of computers, creating an "adaptive reference model" of a normal state, and then comparing new snapshots to this model to identify anomalies (Compl. ¶329).
    • Asserted Claims: Independent claims 1 and 12 (Compl. ¶458).
    • Accused Features: FortiWeb Cloud and FortiEDR are accused of including "threat-hunting capabilities" and "machine learning enabled Anomaly Detection" that collect data, build adaptive models, and compare new data to those models to detect abnormal system states (Compl. ¶471).

  • Patent Identification: U.S. Patent No. 8,397,282, "Dynamically Adaptive Network Firewalls and Method, System and Computer Program Product Implementing Same," issued March 12, 2013.

    • Technology Synopsis: The patent describes an automated system for controlling data through a dynamically configurable firewall (Compl. ¶341). The firewall can dynamically add new network interface abstractions and tailor their behavior to client needs, automatically creating specific configurations with minimal human input (Compl. ¶341). The firewall rules are self-configurable during runtime (Compl. ¶475).
    • Asserted Claims: Independent claims 1, 12, and 24 (Compl. ¶475).
    • Accused Features: The FortiGate NGFW (Next-Generation Firewall) is accused of operating through policies that are "discrete compartmentalized sets of instructions" that control traffic flow and can be dynamically added, deleted, or cloned during runtime (Compl. ¶¶488, 489).

  • Patent Identification: U.S. Patent No. 8,661,153, "System and Method for Dynamic Bandwidth Provisioning," issued February 25, 2014.

    • Technology Synopsis: The patent discloses a control device that allocates network bandwidth on a per-user basis (Compl. ¶350). The system retrieves user profiles containing attributes for bandwidth allocation and can continuously control and update bandwidth limitations for multiple users (Compl. ¶351).
    • Asserted Claims: Independent claims 1, 10, and 15 (Compl. ¶492).
    • Accused Features: FortiGate products are accused of including "Traffic shaping" and Quality of Service (QoS) features that apply bandwidth limits and prioritize network traffic for users (Compl. ¶505).

  • Patent Identification: U.S. Patent No. 8,635,697, "Method and System for Operating System Identification in a Network Based Security Monitoring Solution," issued January 21, 2014.

    • Technology Synopsis: The patent relates to a method for network-based malware detection by receiving TCP packets, determining the operating system (OS ID) associated with the session, and comparing a malware signature to the packets to determine if malware is present (Compl. ¶359). An alert is then generated that includes the network address, malware ID, and OS ID (Compl. ¶509).
    • Asserted Claims: Independent claims 1, 15, and 24 (Compl. ¶509).
    • Accused Features: The FortiOS operating system is accused of performing network-based malware detection using both flow-based and proxy-based antivirus capabilities, which infringes the patented methods (Compl. ¶522).

III. The Accused Instrumentality

  • Product Identification: The primary accused instrumentalities for the lead patents are Fortinet Inc’s FortiGate network security appliances and FortiAP wireless access points (Compl. ¶¶378, 395).
  • Functionality and Market Context: The complaint alleges that FortiGate and FortiAP products are designed to manage and redirect network traffic to control both wired and wireless security (Compl. ¶386). This includes implementing "captive portal and walled garden features" that redirect unauthenticated users to a portal before granting access (Compl. ¶386). The products are also alleged to provide "network traffic quarantine control, from a single-pane-of-glass management console" (Compl. ¶403). The complaint uses a Gartner Magic Quadrant chart to allege that while Netskope Inc is a "market leader" in the Cloud Access Security Broker (CASB) market, Fortinet Inc is "not even mentioned" (Compl. ¶¶34-35). This chart, presented as Figure 1 in the complaint, shows Netskope Inc in the "Leaders" quadrant and Fortinet Inc's name absent from the graphic (Compl. p. 7).

IV. Analysis of Infringement Allegations

U.S. Patent No. 8,356,336 Infringement Allegations

Claim Element (from Independent Claim 1) Alleged Infringing Functionality Complaint Citation Patent Citation
intercepting at the network access controller a request to access a network resource from a browser application running on a client device... associated with an anonymous user FortiGate and FortiAP products are designed and programmed to manage and redirect network traffic to control security. ¶386 col. 2:47-59
determining whether the network resource referenced in the request is in the set of network destinations The products include "walled garden features" which inherently require determining whether a requested destination is within the allowed set. ¶386 col. 6:26-40
if the network resource is not in the set of network destinations... redirecting the browser application... to a pre-authentication capture destination The products' "captive portal and walled garden features... redirect unauthenticated users to a portal before granting access." ¶386 col. 6:53-62
wherein from the pre-authentication capture destination the anonymous user is free to visit any of the set of network destinations... without authentication The complaint alleges the products' walled garden features operate in a manner that infringes the claim, which suggests this functionality is present. ¶386 col. 6:62-10:15

U.S. Patent No. 8,543,710 Infringement Allegations

Claim Element (from Independent Claim 1) Alleged Infringing Functionality Complaint Citation Patent Citation
at a network access gateway device... selecting a client device in a first network segment of the network FortiGate products operate as network gateways that manage traffic from client devices on the network. ¶403 col. 2:9-14
performing a plurality of quarantine control functions over the client device FortiGate and FortiAP are programmed to manage security, including "network traffic quarantine control." ¶403 col. 3:41-45
restricting all network traffic emanating from the client device to... allowed network destination address[es] to selected one or more network protocols The accused products provide quarantine control, which involves restricting network traffic according to defined policies. ¶403 col. 4:1-12
rendering a web page to display on the client device from the network access gateway device... wherein the web page contains an offer for a user... to obtain unrestricted access The "single-pane-of-glass management console" allegedly provides the interface for managing and implementing these quarantine functions. ¶403 col. 4:32-47
  • Identified Points of Contention:
    • Scope Questions: A central issue for the ’336 Patent will be whether Fortinet Inc’s "captive portal" meets the specific claim limitation of a "pre-authentication capture destination" from which an anonymous user is "free to visit any of the set of network destinations... without authentication." The analysis may turn on the degree of freedom a user has after being redirected to the portal but before authenticating. For the ’710 Patent, a key question will be whether the accused "quarantine control" performs all steps of the claimed method, specifically the rendering of a web page that contains an "offer... to perform an action" for remediation.
    • Technical Questions: What evidence does the complaint provide that Fortinet Inc's quarantine feature restricts traffic in the specific two-part manner required by claim 1 of the ’710 Patent (i.e., restricting traffic outside the segment and restricting traffic to certain protocols)? The infringement analysis will depend on the precise operational details of the accused FortiGate and FortiAP features.

V. Key Claim Terms for Construction

  • The Term: "pre-authentication capture destination" (’336 Patent, Claim 1)

    • Context and Importance: This term is the core of the invention. Its definition will determine whether standard "captive portal" technology, which is common in the industry, falls within the scope of the claim. Practitioners may focus on this term because the distinction between a simple login wall and a destination that allows further, albeit limited, navigation is critical to the infringement analysis.
    • Intrinsic Evidence for Interpretation:
      • Evidence for a Broader Interpretation: The patent's stated goal is to improve upon prior art that simply blocked users, suggesting any system that redirects rather than blocks could be argued to fall within the spirit of the invention (Compl. ¶287; ’336 Patent, col. 2:2-16).
      • Evidence for a Narrower Interpretation: The claim explicitly requires that from this destination, the user is "free to visit any of the set of network destinations hosted on the plurality of server computers in the shared network without authentication." This language may be interpreted to require a specific architecture where a user, once redirected, has unfettered access to the entire "walled garden," a feature that might not be present in all captive portal implementations.

  • The Term: "rendering a web page to display on the client device" (’710 Patent, Claim 1)

    • Context and Importance: This step defines the interactive and remedial nature of the claimed quarantine method. The dispute may center on whether a simple block message or a standard network error page generated by the accused gateway constitutes "rendering a web page... contain[ing] an offer" as required by the claim.
    • Intrinsic Evidence for Interpretation:
      • Evidence for a Broader Interpretation: The specification discusses the purpose of constraining a user for reasons like applying security patches or requiring payment, which implies an interactive notification is a key part of the solution (Compl. ¶296; ’710 Patent, col. 1:61-2:8). Any web-based notification could be argued to meet this purpose.
      • Evidence for a Narrower Interpretation: The claim requires the web page to contain an "offer for a user of the client device to perform an action in order to obtain unrestricted access." This suggests a specific call to action must be presented, which might be absent from generic or default error pages generated by a firewall.

VI. Other Allegations

  • Indirect Infringement: The complaint alleges inducement of infringement for all asserted patents. For the ’336 Patent, it claims that Fortinet Inc's user documentation, specifically the "Configuration Guide FortiWiFi and FortiAP 7.2.0," instructs customers on how to configure the accused products in an infringing manner (Compl. ¶387). Similar allegations citing user manuals and product brochures are made for the ’710 Patent (Compl. ¶404).
  • Willful Infringement: The complaint alleges that Fortinet Inc had knowledge of the patents-in-suit no later than November 11, 2024, via a notification letter from Netskope Inc (Compl. ¶¶375, 392). It further alleges that Fortinet Inc's continued infringement after this date constitutes willful infringement. For some patents, the complaint alleges knowledge "at least as of the date of this Complaint" (Compl. ¶¶383, 400).

VII. Analyst’s Conclusion: Key Questions for the Case

  • A core issue will be one of definitional scope: can the term "pre-authentication capture destination," as defined in the ’336 Patent, be construed to cover the industry-standard "captive portal" features allegedly implemented in Fortinet Inc’s products? The outcome will likely depend on whether the accused functionality allows the specific degree of unfettered post-redirect, pre-authentication access required by the claim.
  • A second central question will be one of functional implementation: does the accused "quarantine control" functionality in Fortinet Inc's products perform the specific, multi-step method claimed in the ’710 Patent, including not only restricting traffic but also proactively "rendering a web page" with a specific "offer" for remediation? The case may turn on evidence showing a direct operational correspondence between the accused features and these claimed steps.
  • A broader theme will be the narrative context: how will the extensive history of pre-suit licensing negotiations and the prior, separate declaratory judgment action filed by Netskope Inc influence the proceedings? While legally distinct, the complaint frames this history as evidence of a pattern of behavior, which may be relevant to issues such as willfulness.