Press Release
Stonesoft establishes new synchronisation patent to improve efficiency of firewall clustering
HELSINKI, Finland – June 4th, 2007 –Stonesoft, an innovative provider of integrated network
security and business continuity solutions, has developed and patented a new method for
intelligently handling connection information relating to the clustering of security gateways
(firewalls). This will prove particularly important for the future development of improved firewall
and VPN technology.
Stonesoft’s latest patent is called ‘Synchronisation of Security Gateway State Information’
and was officially granted US patent number: US 7,162,737 on 9th January 2007.
Clustering of security gateways is a mature technology that improves both reliability and
performance. In a cluster, each gateway handles an appropriate share of connections. The normal
operation of a cluster must account for nodes coming online and going offline. This churn requires
intelligent mechanisms capable of moving connections from one node to another. In certain
situations it is also possible that packets belonging to one connection or several connections
related to each other are handled by different nodes of the cluster. In order to get this handling
right, connection information must be synchronised across the nodes. Generally, this information is
replicated from each node to other nodes periodically.
Stonesoft’s new patented invention improves this mechanism by allowing additional
synchronisation actions to take place in predetermined situations or replacing periodical
synchronisation completely.
For example, synchronisation can now be initiated by new connections through a cluster
member, if the node is known to start an offline transition (stopping the traffic and letting the
other nodes continue handling it) or the node detects a situation where other nodes need to take
part in handling a specific connection or group of connections. Other nodes might also request
synchronisation. It is also no longer necessary to synchronise all the information to all nodes if
backup groups can be created.
Another element of the patent ensures that connections that span across multiple members of
the cluster are properly handled by delaying packets belonging to connections not yet synchronised.
Stonesoft believes there are major advantages of this method over traditional periodical
synchronisation.
“This invention will allow our customers to save both bandwidth and memory on the cluster
nodes, ensuring cost-efficient use of hardware and network resources. Additionally, more complex
protocols will now be available for practical and reliable inspection by a security gateway
cluster,” said Ilkka Hiidenheimo, chief executive officer of Stonesoft. “With this patent,
Stonesoft further establishes its position as a forward-thinking, innovative company in the
industry.”
Stonesoft´s StoneGate solution has already received a number of patents to date, both in the
US and in Europe.
About Stonesoft Corporation
Stonesoft Corporation (HEX: SFT1V) is an innovative provider of integrated network security
and business continuity. Stonesoft is a global company focused on enterprise level customers
requiring advanced network security and always-on business connectivity with low TCO, best
price-to-performance ratio, and highest ROI. StoneGate Security Platform unifies firewall, VPN and
IPS, blending network security, end-to-end availability and award-winning load balancing into a
unified and centrally managed system for distributed enterprises. Founded in 1990, Stonesoft
Corporation has corporate headquarters in Helsinki, Finland; Americas headquarters in Atlanta,
Georgia; and Asia Pacific headquarters in Singapore.
www.stonesoft.com
For more details, please contact:
Stonesoft Corporation
Ilkka Hiidenheimo
CEO
Tel. +358 9 476 711
E-mail: ilkka.hiidenheimo@stonesoft.com
Monday, June 4, 2007
