Fortinet, Inc.
ESTABLISHING A SECURE INTERNET CONNECTION BETWEEN AN ENDPOINT AGENT AND A CLOUD-BASED SECURITY SERVICE

Abstract:

Systems and methods for establishing a secure connection between an endpoint agent and a cloud-based security service are provided. According to one embodiment, a DNS request is issued by an agent running on an endpoint device to a secure Internet connection service of a cloud-based security service that includes multiple pools of geographically distributed VPN servers. A DNS response to the DNS request is received containing an IP address of a particular VPN server within a pool of the multiple pools. The pool is selected by the secure Internet connection service based on a geographic location of the endpoint device inferred by a source IP address of the DNS request. The particular VPN server is selected from multiple VPN servers in the pool based on its status. A secure Internet connection is established between the agent and the particular VPN server via a particular logical port.