US 12,225,058 B2
Systems and methods for security policy organization using a dual bitmap
Shushan Wen, Pleasant Hill, CA (US); John Cortes, Santa Clara, CA (US); and Zhi Guo, San Jose, CA (US)
Assigned to Fortinet, Inc., Sunnyvale, CA (US)
Filed by Fortinet, Inc., Sunnyvale, CA (US)
Filed on Mar. 28, 2024, as Appl. No. 18/620,080.
Application 18/620,080 is a continuation of application No. 17/683,919, filed on Mar. 1, 2022, granted, now 12,052,287.
Prior Publication US 2024/0244085 A1, Jul. 18, 2024
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/40 (2022.01)
CPC H04L 63/20 (2013.01) [H04L 63/0236 (2013.01); H04L 63/104 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A method comprising:
maintaining, by a network device, information regarding a plurality of security policies within a dual bitmap based search tree in which a first bitmap and a second bitmap are formatted as information embedded in a node structure in the dual bitmap based search tree;
receiving, by the network device, a packet;
comparing, by the network device, at least a portion of a first field of the packet with a first range, where the first range corresponds to a first bit location in the first bitmap, and wherein the first bit location in the first bitmap is associated with at least a first security policy of the plurality of security policies;
after determining the at least a portion of the first field is within the first range, accessing, by the network device, a second bit location in the second bitmap, wherein the second bit location in the second bitmap corresponds to the first bit location in the first bitmap; and
based at least in part upon a value in the second bit location in the second bitmap, applying, by the network device, a set of one or more security policies of the plurality of security policies to the packet.