DCT

2:25-cv-00635

UMBRA Tech Ltd Uk v. Palo Alto Networks Inc

Log In

I. Executive Summary and Procedural Information

  • Parties & Counsel:
  • Case Identification: 2:25-cv-00635, E.D. Tex., 06/13/2025
  • Venue Allegations: Plaintiff alleges venue is proper in the Eastern District of Texas because Defendant maintains a regular and established place of business in the district, specifically identifying an office in Plano, Texas.
  • Core Dispute: Plaintiff alleges that Defendant’s network virtualization and security products and services infringe five U.S. patents related to multi-perimeter firewalls, advanced routing in virtual networks, and efficient content retrieval.
  • Technical Context: The technology at issue addresses performance and security in modern computer networks, particularly Software-Defined Wide Area Networking (SD-WAN), which allows distributed organizations to manage network traffic over multiple internet connections for improved efficiency and reliability.
  • Key Procedural History: The complaint indicates that the asserted patents are part of an active litigation campaign. All five patents were recently asserted against Fortinet, Inc., and three were asserted against Juniper Networks, Inc. The lead '482 patent was previously asserted against VMware, Inc. (dismissed) and is currently asserted against Cisco Systems, Inc. (stayed). Notably, a petition for Inter Partes Review (IPR) filed by Cisco against the '482 patent was denied institution by the Patent Trial and Appeal Board, a development that may be raised by the Plaintiff to suggest the patent’s strength.

Case Timeline

Date Event
2014-12-08 '105 Patent Priority Date
2015-04-07 '482, '256, '687, '328 Patent Priority Date
2020-02-25 U.S. Patent No. 10,574,482 Issued
2020-05-19 U.S. Patent No. 10,659,256 Issued
2022-11-15 U.S. Patent No. 11,503,105 Issued
2023-10-24 U.S. Patent No. 11,799,687 Issued
2024-12-03 U.S. Patent No. 12,160,328 Issued
2025-02-18 Defendant waived service in UMBRA v. Juniper Networks
2025-04-02 Complaint filed in UMBRA v. Fortinet
2025-06-13 Complaint Filing Date

II. Technology and Patent(s)-in-Suit Analysis

U.S. Patent No. 10,574,482 - “MULTI-PERIMETER FIREWALL IN THE CLOUD” (Issued Feb. 25, 2020)

The Invention Explained

  • Problem Addressed: The patent addresses the inefficiencies and security limitations of traditional network firewalls, which are typically placed at a single "edge" between a private local area network (LAN) and a broader public network like the Internet (Compl. ¶14; ’482 Patent, col. 1:56-67). This architecture forces traffic from remote offices to be routed back through a central headquarters to access the internet, creating latency and a single point of failure (Compl. ¶12).
  • The Patented Solution: The invention describes a distributed, multi-perimeter firewall system deployed within a cloud or a "Global Virtual Network" (GVN). The system uses multiple, specialized firewalls that cooperate and share threat information. For instance, a first firewall may perform fast but less thorough stateful packet inspection (SPI), while a second firewall performs slower, more comprehensive deep packet inspection (DPI) on the same traffic flow (’482 Patent, Abstract; Fig. 11). This distributed approach allows for more flexible, scalable, and efficient security enforcement tailored to modern, decentralized networks (’482 Patent, col. 2:36-46).
  • Technical Importance: This architecture enables the creation of scalable, on-demand "Firewall-as-a-Service" offerings within cloud environments, improving security and performance over rigid, hardware-centric firewall models, which is crucial for SD-WAN deployments (Compl. ¶11).

Key Claims at a Glance

  • The complaint asserts at least one unspecified claim of the '482 Patent (Compl. ¶28). Independent claim 1 is representative and includes the following essential elements:
    • An egress ingress point device.
    • A first access point server in communication with the egress ingress point device.
    • A second access point server in communication with the first access point server.
    • An endpoint device in communication with the second access point server.
    • A first perimeter firewall that communicates with the first access point server and performs stateful packet inspection (SPI) to prevent some traffic from passing from the first to the second access point server.
    • A second perimeter firewall that communicates with the second access point server and performs deep packet inspection (DPI) to prevent some traffic from passing from the second access point server to the endpoint device.
  • The complaint reserves the right to assert additional claims (Compl. ¶29).

U.S. Patent No. 10,659,256 - “SYSTEM AND METHOD FOR VIRTUAL INTERFACES AND ADVANCED SMART ROUTING IN A GLOBAL VIRTUAL NETWORK” (Issued May 19, 2020)

The Invention Explained

  • Problem Addressed: In conventional networks, there is often little to no control over the data paths traffic takes across the public internet, as routing is dependent on the policies of intermediary network operators (Compl. ¶15). This lack of control can result in slow speeds, high latency, and an inconsistent user experience, particularly for cloud applications (’256 Patent, col. 2:30-35).
  • The Patented Solution: The invention introduces the concept of a "virtual interface" (VIF) within a Global Virtual Network. A VIF acts as a logical software abstraction, or a "hook point," to which multiple network tunnels can be attached (’256 Patent, col. 1:20-23). An Advanced Smart Routing (ASR) system can then dynamically and automatically shift traffic between these tunnels based on real-time network conditions, without altering the underlying network configuration. This allows the system to intelligently select the optimal path for data, improving quality of service and overall performance (Compl. ¶15; ’256 Patent, Abstract).
  • Technical Importance: This VIF-based routing architecture is a foundational element of SD-WAN technology, enabling networks to intelligently and automatically manage traffic across different types of connections (e.g., broadband, LTE, MPLS) to optimize application performance (Compl. ¶11).

Key Claims at a Glance

  • The complaint asserts at least one unspecified claim of the '256 Patent (Compl. ¶35). Independent claim 9 is representative and includes the following essential elements:
    • An endpoint device comprising at least one tunnel manager and a first virtual interface.
    • A plurality of access point servers, each comprising at least one tunnel listener and a second virtual interface.
    • One or more tunnels connecting the tunnel manager and a tunnel listener.
    • Wherein the first virtual interface provides the endpoint device a logical point of access to the one or more tunnels.
  • The complaint reserves the right to assert additional claims (Compl. ¶36).

Multi-Patent Capsule: U.S. Patent No. 11,503,105

  • Patent Identification: U.S. Patent No. 11,503,105, “SYSTEM AND METHOD FOR CONTENT RETRIEVAL FROM REMOTE NETWORK REGIONS,” issued November 15, 2022.
  • Technology Synopsis: The patent addresses the problem of slow content retrieval from remote geographic locations over the internet, which often involves uncontrolled network paths with low bandwidth (Compl. ¶16). The solution utilizes a combination of smart-routing and point-to-multi-point topology to create concurrent, secure, and fast data streams from multiple remote regions to a user, improving speed and latency (’105 Patent, col. 2:1-13).
  • Asserted Claims: At least one unspecified claim (Compl. ¶42).
  • Accused Features: PAN's systems and methods for network virtualization and related services (Compl. ¶42).

Multi-Patent Capsule: U.S. Patent No. 11,799,687

  • Patent Identification: U.S. Patent No. 11,799,687, “SYSTEM AND METHOD FOR VIRTUAL INTERFACES AND ADVANCED SMART ROUTING IN A GLOBAL VIRTUAL NETWORK,” issued October 24, 2023.
  • Technology Synopsis: As a continuation of the '256 patent, this patent relates to the same technology for improving network quality of service in a Global Virtual Network (GVN) (Compl. ¶15). It describes using virtual interfaces (VIFs) as logical hook points for multiple network tunnels, enabling advanced smart routing to enhance performance and user experience (’687 Patent, col. 1:20-23).
  • Asserted Claims: At least one unspecified claim (Compl. ¶49).
  • Accused Features: PAN's systems and methods for network virtualization and related services (Compl. ¶49).

Multi-Patent Capsule: U.S. Patent No. 12,160,328

  • Patent Identification: U.S. Patent No. 12,160,328, “MULTI-PERIMETER FIREWALL IN THE CLOUD,” issued December 3, 2024.
  • Technology Synopsis: As a continuation of the '482 patent, this patent relates to a multi-perimeter firewall system within a cloud or virtualized network (Compl. ¶14). The technology aims to resolve problems with workload distribution and threat information sharing by using a distributed firewall system that can perform stateful and deep-packet inspections at different points in the network (’328 Patent, col. 5:62-6:05).
  • Asserted Claims: At least one unspecified claim (Compl. ¶56).
  • Accused Features: PAN's systems and methods for network virtualization and related services (Compl. ¶56).

III. The Accused Instrumentality

Product Identification

  • The complaint identifies the accused instrumentalities as "PAN systems and methods, including one or more hardware and software products for network virtualization and related services" (Compl. ¶28, ¶35, ¶42, ¶49, ¶56). The complaint states that specific products are identified in Exhibits 6-10, which were not included with the public filing (Compl. ¶29).

Functionality and Market Context

  • The complaint alleges that the accused products are implemented in "virtualized network architectures" and utilize the patented inventions to provide "convenience and efficiency for its customers" and to enhance "the customer engagement and experience" (Compl. ¶13). The allegations suggest the accused products relate to SD-WAN, cloud security, and other network optimization services that have "significant commercial value" (Compl. ¶13).

No probative visual evidence provided in complaint.

IV. Analysis of Infringement Allegations

The complaint does not contain a narrative infringement theory in its body. Instead, it refers to preliminary claim charts attached as Exhibits 6-10, which were not provided with the publicly filed complaint (Compl. ¶29, ¶36, ¶43, ¶50, ¶57). The complaint explicitly states that this analysis is "necessarily preliminary" and reserves the right to amend it following discovery (Compl. ¶29). Without these exhibits, a detailed analysis of the infringement allegations is not possible based on the complaint alone.

  • Identified Points of Contention:
    • Architectural Equivalence (’482 Patent): A central question for the '482 patent family will be whether the architecture of Palo Alto Networks' security products maps onto the claimed multi-component system. The dispute may focus on whether the accused products contain a distinct "first perimeter firewall" performing SPI and a separate "second perimeter firewall" performing DPI that cooperate as claimed, or whether they utilize a single, integrated security platform that performs these functions in a manner structurally different from the patent's description.
    • Functional Equivalence (’256 Patent): For the '256 patent family, the dispute will likely concern the technical implementation of Palo Alto Networks' routing technology. A key question is whether the accused SD-WAN products employ a software construct that meets the functional requirements of the claimed "virtual interface"—specifically, acting as a "logical hook point" for multiple, distinct tunnels to enable advanced routing decisions. The defense may argue that its products achieve intelligent routing through a fundamentally different mechanism that does not read on the claims.

V. Key Claim Terms for Construction

  • Term: "first perimeter firewall" and "second perimeter firewall" (’482 Patent, Claim 1)

    • Context and Importance: The definition of these terms is critical to determining whether the accused system has the claimed distributed architecture. Practitioners may focus on this term because the plaintiff will likely argue for a functional definition where different software modules within an integrated system can be separate "firewalls," while the defendant may argue the terms require physically or logically distinct devices, as depicted in certain patent figures.
    • Intrinsic Evidence for Interpretation:
      • Evidence for a Broader Interpretation: The claims require the firewalls to be "in communication with" their respective access point servers, which could be interpreted broadly to cover software modules communicating within a single hardware appliance (e.g., ’482 Patent, col. 26:10-22).
      • Evidence for a Narrower Interpretation: The patent's abstract and figures like Figure 11 distinguish between a "FW (SPI)" and a "FW (DPI)" as separate components in the system architecture, which could support a construction requiring two distinct entities or processes (’482 Patent, Abstract; Fig. 11).

  • Term: "virtual interface" (’256 Patent, Claim 9)

    • Context and Importance: This term is central to the '256 patent family's infringement theory. The case may depend on whether this term is construed broadly to cover any logical routing endpoint or more narrowly to require a specific software structure that serves as a "hook point" for multiple, independently managed tunnels.
    • Intrinsic Evidence for Interpretation:
      • Evidence for a Broader Interpretation: The specification describes a VIF as providing a "logical point of access to the one or more tunnels," a functional description that could be argued to cover various software-defined routing implementations (’256 Patent, p. 2 of spec, lines 45-48).
      • Evidence for a Narrower Interpretation: The complaint itself highlights that VIFs "act as hook points for multiple network tunnels and allow for the shifting of time and resource intensive operations," suggesting a specific functional role beyond a simple interface (Compl. ¶15). The patent's detailed description also contrasts the VIF-based approach with prior art tunnels, potentially limiting the term's scope to exclude conventional routing methods (’256 Patent, col. 2:20-26).

VI. Other Allegations

  • Indirect Infringement: The complaint's formal counts only allege direct infringement under 35 U.S.C. § 271(a) (Compl. ¶28, ¶35, ¶42, ¶49, ¶56). There are no specific factual allegations to support claims of induced or contributory infringement.
  • Willful Infringement: The complaint does not explicitly allege willful infringement. However, the Prayer for Relief includes a request for a declaration that the case is "exceptional under 35 U.S.C. § 285," which is the statutory basis for awarding attorneys' fees, often sought in cases involving allegations of willfulness or litigation misconduct (Compl. p. 14, ¶C).

VII. Analyst’s Conclusion: Key Questions for the Case

This litigation presents several fundamental questions for the court that will likely define the dispute's trajectory.

  • A primary procedural question will be one of evidentiary sufficiency: given that the complaint outsources all technical infringement details to unfiled exhibits, a key initial battleground will be whether Plaintiff’s allegations meet the plausibility standards required at the pleading stage, and how quickly it can produce concrete evidence mapping accused product functionality to the claims.
  • A core issue for the firewall patents ('482, '328) will be one of architectural identity: does Palo Alto Networks’ integrated security architecture embody the claimed multi-component system with distinct, cooperating "first" and "second" perimeter firewalls, or is there a fundamental mismatch between the claimed distributed model and the accused product's actual design?
  • For the routing patents ('256, '687), a key technical question will be one of functional definition: can the term "virtual interface," as described in the patent, be construed to cover the routing mechanisms in the accused SD-WAN products, or will the defendant demonstrate that its technology achieves intelligent path selection through a non-infringing alternative?