ForCES-Based Firewall with Stateful Packet Inspection
In order to meet the extensibility and flexibility requirement of next generation network, ForCES working group of IETF proposes an architecture with the separation of Forwarding Element and Control Element. A firewall with ForCES architecture will have enough flexibility on security function extensibility. This paper not only designs the ForCES architecture of status package inspection firewall and related LFB (Logic Functional Block), but also implements a prototype system and carries out tests and analysis. The experiment result testifies the feasibility of ForCES specification and provides the important technical parameter for the ForCES security application.
Yuhang Yang, Xilong Qu, Yiping Luo and Aimin Yang
L. G. Dong et al., "ForCES-Based Firewall with Stateful Packet Inspection", Advanced Materials Research, Vol. 216, pp. 440-444, 2011