| 摘要 |
An apparatus comprising a policy enforcement point (PEP) configured to enforce firewall policies in a network, and a policy decision point (PDP) coupled to the PEP and configured to manage the PEP based on at least one firewall policy option received from at least one node. Also disclosed is a network component comprising at least one processor configured to implement a method comprising receiving a request from a node regarding a firewall policy entry, authenticating the node, processing the request to manage a firewall using a firewall control protocol, and sending a reply to the node regarding processing the request. Also disclosed is a method comprising signaling a PDP to establish a session associated with a source address and a requested protocol, and receiving an indication when the session is allowed.
|
