Skip to Main content Skip to Navigation
Journal articles

FT-FW: A cluster-based fault-tolerant architecture for stateful firewalls

Abstract : Nowadays, stateful firewalls are part of the critical infrastructure of the Internet. Basically, they help to protect network services and users against attackers by means of access control and protocol conformance checkings. However, stateful firewalls are problematic from the fault-tolerance perspective since they introduce a single point of failure in the network schema. In this work, we summarize and enhance our previous research efforts that aim to provide a full fault-tolerant solution for stateful firewalls. These efforts have focused on the design and the implementation of the cluster-based Fault-Tolerant stateful Firewall (FT-FW) architecture. We provide details on our proposed solution and we extensively evaluate important network performance and availability aspects that we did not cover so far. The evaluation experiments are based on our Free/OpenSource implementation that has become the most popular solution for Linux-based stateful firewalls.1
Document type :
Journal articles
Complete list of metadata
Contributor : Laurent Lefèvre Connect in order to contact the contributor
Submitted on : Monday, December 17, 2012 - 3:09:25 PM
Last modification on : Thursday, May 12, 2022 - 5:08:02 PM




Pablo Neira, M. Rafael, Laurent Lefevre. FT-FW: A cluster-based fault-tolerant architecture for stateful firewalls. Computers and Security, Elsevier, 2012, 31 (4), pp.524-539. ⟨10.1016/j.cose.2012.01.011⟩. ⟨hal-00766074⟩



Record views