Fortinet Customers’ Future Hangs On Ruling

A decision expected in Washington Monday will determine the fate of a startup security vendor.

Indeed, the very survival of Fortinet, at least as it exists in the United States, hangs on the decision coming from the U.S. International Trade Commission.

The ITC is expected to announce Monday its ruling on how to “remedy” Fortinet’s violation of a Trend Micro patent. The commission in May determined that the vendor had indeed violated Trend Micro’s antivrus patent.

In a best-case scenario for Fortinet, the commission will issue an exclusion order, which would bar it from bringing its Fortigate products into the United States. That decision would allow distributors and resellers to continue selling the product that is already here. But the commission could issue a cease-and-desist order, essentially shutting down U.S. sales of the company's Fortigate products outfitted with antivirus. Fortinet contends that it would still be able to sell its Fortigate products without antivirus protection, but resellers of the product said that antivirus is what makes the product compelling.

Because of heightened Internet security concerns, the commission is expected to let current customers keep their Fortinet products running, security experts say.

Either way, Fortinet will weather the storm, CFO Hal Covert said in an interview with CRN.

“We have believed all along that we have not violated the patent,” Covert said. “However, the patent was reviewed by the ITC, and they have ruled that we did.”

Covert added that the company generates 70 percent of its sales outside the United States, none of which will be affected by the ruling.

Even so, virus filtering is one of eight functions on Fortinet’s product line, and only the virus filtering has been ruled in violation, Covert said.

Fortinet’s appliance is one among several in the emerging unified threat management category of single-box appliances that serve as firewalls and VPNs, with antivirus, antispyware and other security options available.

Still, Fortinet engineers are working on a new approach to virus filtering that will not violate the patent in question, Covert said. Whichever way the ruling goes, Fortinet will have a software update within 60 to 90 days that avoids the patent issue, he said.

In the interim, Fortinet distributors in the United States should have enough inventory to meet demand until the enhancement is ready, Covert said.

Indeed, sources told CRN that Fortinet has been pressuring both distributors and resellers to increase inventory over the past month to boost the supply within the borders. Covert denied that the company had engaged in any pressure tactics, calling the current inventory within the United States “standard.”

But not everyone in the Fortinet chain is as confident as Covert. Several solution providers, speaking on the condition of anonymity, said that they already are taking on new product lines to replace Fortinet in case the ITC takes a hard line.

And last week, at least one Fortinet distributor was offering steep discounts on Fortinet products if resellers would take title before Monday, according to an East Coast Fortinet partner.

Still another option for the company would be to sign a licensing agreement for the technology with Trend Micro. Security leaders Symantec and McAfee already have signed licensing agreements to use the technology.

“We are actively talking with Trend Micro to resolve this,” Covert said. “We want an agreement that is fair and reasonable.”

Lane Bess, president of North American operations for Tokyo-based Trend Micro, told CRN that his company is open to a reasonable solution.

“We have been very open to options and suggestions from Fortinet,” Bess said. “Our goal has never been to put Fortinet out of business. Our goal is to protect our intellectual property and have companies pay us for the use of it.”