This Article 
 Bibliographic References 
 Add to: 
Demystifying Cluster-Based Fault-Tolerant Firewalls
November/December 2009 (vol. 13 no. 6)
pp. 31-38
Pablo Neira Ayuso, University of Seville
Rafael M. Gasca, University of Seville
Firewalls are perimeter security solutions that are useful for addressing the unwanted traffic issue. However, designers must also appropriately address the network performance, availability, and complexity problems that firewalls introduce. The authors survey existing cluster-based fault-tolerant firewall architectures and discuss their trade-offs in these three areas. They present a preliminary evaluation of these architectures and discuss the need for state replication in stateful firewall clusters. They also discuss the difficulties of providing a simple, performance, and fault-tolerant cluster-based firewall solution.

1. G. Lyon, Nmap Network Scanning,, 2009;
2. M. Gouda and A. Liu, "A Model of Stateful Firewalls and Its Properties," Proc. Int'l Conf. Dependable Systems and Networks (DSN 05), IEEE Press, 2005, pp. 128–137.
3. D.E. Taylor, "Survey and Taxonomy of Packet Classification Techniques," ACM Computing Surveys, vol. 37, no. 3, 2005, pp. 238–275.
4. F. Baker, Requirements for IP Version 4 Routers, IETF RFC 1812, 1995;
5. A.B. King, Website Optimization: Speed, Search Engine &Conversion Rate Secrets, O'Reilly, 2008;

Index Terms:
firewalls, networks, fault tolerance, unwanted traffic
Pablo Neira Ayuso, Rafael M. Gasca, Laurent Lefèvre, "Demystifying Cluster-Based Fault-Tolerant Firewalls," IEEE Internet Computing, vol. 13, no. 6, pp. 31-38, Nov.-Dec. 2009, doi:10.1109/MIC.2009.128
Usage of this product signifies your acceptance of the Terms of Use.