PTAB

IPR2026-00041

Fortinet Inc v. Netskope Inc

Log In
Key Events
Petition
petition

1. Case Identification

2. Patent Overview

  • Title: Dynamically Configurable Firewall
  • Brief Description: The ’282 patent describes a network firewall system that protects network nodes by associating different sets of rules with each node. The invention purports to process data using hierarchical "chains of rules" that can be dynamically updated during runtime without operator interaction.

3. Grounds for Unpatentability

Ground 1: Claims 1-35 are anticipated by, or at a minimum obvious over, Coss

  • Prior Art Relied Upon: Coss (Patent 6,154,775).
  • Core Argument for this Ground:
    • Prior Art Mapping: Petitioner asserted that Coss discloses all limitations of the challenged claims. Coss teaches an "improved computer network firewall" that supports "multiple security domains" (the claimed "nodes"), each with a separate security policy or "distinct sets of access rules." These rules are applied sequentially in a hierarchical manner to filter packets. Crucially, Coss discloses that "[d]ynamic rules" can be loaded "at any time by trusted parties," including a "trusted application," which allows a rule set to be modified based on network events "without requiring that the entire rule set be reloaded." Petitioner argued this meets the key limitation of the rules being "dynamically self-configurable during runtime without operator interaction." Coss also describes a packet processing flow with specific steps where dynamic rules can be loaded, meeting the limitation of "defined places for dynamically updating."
    • Motivation to Combine (for §103 grounds): This ground was also argued in the alternative as obviousness under 35 U.S.C. §103. Petitioner contended that even if Coss does not explicitly disclose every limitation, a person of ordinary skill in the art (POSITA) would have found it obvious to implement Coss's dynamic firewall as claimed. Any minor differences would have been predictable variations or design choices.
    • Expectation of Success (for §103 grounds): A POSITA would have reasonably expected success in implementing the claimed methods using Coss’s teachings, as Coss provides a detailed framework for a dynamic, multi-domain firewall.

Ground 2: Claims 1-35 are obvious over Coss in view of Ke

  • Prior Art Relied Upon: Coss (Patent 6,154,775) and Ke (Application # 2003/0041266).
  • Core Argument for this Ground:
    • Prior Art Mapping: Petitioner argued that to the extent Coss is viewed as not explicitly teaching the configuration steps for defining nodes and associating them with network interfaces, Ke supplies this teaching. Ke discloses a multi-domain network security system that uses "Virtual Systems" or Virtual Local Area Networks (VLANs) as configurable security domains (the claimed "nodes"). Ke explicitly describes the steps for configuring these domains, including "adding two virtual interfaces for the...system" and associating distinct policies with each VLAN. This provides the express implementation details for the multi-domain architecture described more conceptually in Coss.
    • Motivation to Combine (for §103 grounds): A POSITA would combine Coss and Ke to improve the functionality and efficiency of a multi-domain firewall. Both references address the problem of managing different security policies across multiple network segments. A POSITA would have been motivated to implement Coss's dynamic rule-updating capabilities within the specific, cost-effective virtualized architecture of Ke. Coss itself provides a motivation by disclosing "host group[s]" that allow for dynamic host changes, and Ke’s teachings on configuring virtual domains would provide a known and advantageous method for achieving this flexibility and scalability.
    • Expectation of Success (for §10-3 grounds): A POSITA would have had a high expectation of success. The combination involves applying Ke’s well-understood VLAN configuration techniques to Coss’s conceptually similar "security domain" architecture. Integrating these compatible networking technologies would have been a straightforward implementation of known principles to achieve a predictable result.

4. Key Claim Construction Positions

  • "wherein the set of firewall rules is dynamically self-configurable during runtime": Petitioner proposed this term means a set of rules configured "without any human operator interaction while the node is evaluating whether to accept or deny the packet." This construction was based on amendments and arguments made during prosecution to distinguish prior art that required an advanced user to establish a policy.
  • "chains of rules forming various paths through a hierarchical structure": Petitioner proposed this term refers to "a list of one or more linear and serialized sequence of firewall rules." This aligns with the patent’s own definition of "chains of rules" as "serialized sequences" and its description of rule logic.
  • "defined places for dynamically updating the set of firewall rules during runtime": Petitioner proposed this refers to "one or more isolated locations within the sequence of firewall rules to add, remove, or change a rule while the node is evaluating" a packet. This construction was intended to capture the concept of runtime reconfiguration as opposed to an initial firewall configuration.

5. Relief Requested

  • Petitioner requests institution of an inter partes review and cancellation of claims 1-35 of Patent 8,397,282 as unpatentable.