Firewall control for public access networks

摘要

An apparatus comprising a policy enforcement point (PEP) configured to enforce firewall policies in a network, and a policy decision point (PDP) coupled to the PEP and configured to manage the PEP based on at least one firewall policy option received from at least one node. Also disclosed is a network component comprising at least one processor configured to implement a method comprising receiving a request from a node regarding a firewall policy entry, authenticating the node, processing the request to manage a firewall using a firewall control protocol, and sending a reply to the node regarding processing the request. Also disclosed is a method comprising signaling a PDP to establish a session associated with a source address and a requested protocol, and receiving an indication when the session is allowed.

主权项

1. A network component comprising:
at least one memory; and at least one processor coupled to the memory, the processor configured to:
act as a policy decision point (PDP) that manages a firewall, wherein the firewall controls communications entering or leaving a network;receive a request to modify a firewall policy entry, wherein the request is received from an interior node that is positioned inside the network;authenticate the interior node;manage the firewall according to the request using a firewall control protocol; andsend a reply to the interior node regarding the request, wherein the request comprises:
a request message comprising a Session Identifier (Id), a Reserved field, and a Message Id, and at least one firewall policy option; oran initiation message to establish a secure association with the interior node comprising a Session Id, a Secure (Sec) Mode, a Reserved field, a Message Id, and at least one firewall policy option.