Browse Prior Art Database

Distributed Virtual Firewall

IP.com Disclosure Number: IPCOM000126291D
Original Publication Date: 2005-Aug-10
Included in the Prior Art Database: 2005-Aug-10
Document File: 1 page(s) / 505K

Publishing Venue

Siemens

Related People

Juergen Carstens: CONTACT

Abstract

Firewalls are needed not only by terminals/workstations but by whole networks too. Terminals require customized and reliable network access and protection against local attacks. On the network side it is wanted to reduce the garbage traffic, and to avoid a “bottle-neck” and to get fast response to network incident. Up to now there are three types of firewalls available: The edge firewall, the distributed firewall and the personal software firewall. The traditional edge firewall fails to handle inner data and is a potential “bottle-neck”, because the complete traffic is routed through this device. The distributed firewall solutions require additional equipment and are not centrally manageable. The personal firewall solutions ignore the network’s requirements.

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 77% of the total text.

Page 1 of 1

S

Distributed Virtual Firewall

Idea: Shu Meng, CN-Beijing; Bing Yuan, CN-Beijing; Chunyou Gao, CN-Beijing; Yanfeng He, CN-

Beijing

Firewalls are needed not only by terminals/workstations but by whole networks too. Terminals require customized and reliable network access and protection against local attacks. On the network side it is wanted to reduce the garbage traffic, and to avoid a "bottle-neck" and to get fast response to network incident. Up to now there are three types of firewalls available: The edge firewall, the distributed firewall and the personal software firewall. The traditional edge firewall fails to handle inner data and is a potential "bottle-neck", because the complete traffic is routed through this device. The distributed firewall solutions require additional equipment and are not centrally manageable. The personal firewall solutions ignore the network's requirements.

It is proposed, to use central controlled distributed firewall architectures. This solution combines many distributed firewall modules and a central firewall to provide multiple functions, such as ACL (Access Control Lists), anti-virus and anti-attack (Fig. 1). The distributed firewall modules are located at the access points of the network and do some pre-selection work, e.g. ACL and traffic control. The central firewall takes care of all the complex inspections, e.g. anti-virus and anti-attack. Based on this firewall architecture the end user is provided with a virtual firewall...