摘要 |
Embodiments of the present invention address deficiencies of the art in respect to IPsec SA recovery and provide a novel and non-obvious method, system and computer program product for selective IPsec SA recovery from security enforcement point outages. In one embodiment of the invention, a security enforcement point outage recovery method can be provided. The method can include compiling a listing of SAs for a security enforcement point and monitoring the security enforcement point for an outage. Responsive to detecting an outage in the security enforcement point, the listing can be pruned to include SAs that remain contextually valid or are utilized by the peer of the security enforcement point. Thereafter, only SAs in the pruned list can be re-established.
|