Issue No.06 - November/December (2009 vol.13)
Pablo Neira Ayuso , University of Seville
Rafael M. Gasca , University of Seville
Laurent Lefèvre , INRIA
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MIC.2009.128
Firewalls are perimeter security solutions that are useful for addressing the unwanted traffic issue. However, designers must also appropriately address the network performance, availability, and complexity problems that firewalls introduce. The authors survey existing cluster-based fault-tolerant firewall architectures and discuss their trade-offs in these three areas. They present a preliminary evaluation of these architectures and discuss the need for state replication in stateful firewall clusters. They also discuss the difficulties of providing a simple, performance, and fault-tolerant cluster-based firewall solution.
firewalls, networks, fault tolerance, unwanted traffic
Pablo Neira Ayuso, Rafael M. Gasca, Laurent Lefèvre, "Demystifying Cluster-Based Fault-Tolerant Firewalls", IEEE Internet Computing, vol.13, no. 6, pp. 31-38, November/December 2009, doi:10.1109/MIC.2009.128