Reconciling multiple IPsec and firewall policies

Tuomas Aura, Moritz Y. Becker, Michael Roe, and Piotr Zielinski

Abstract

Manually configuring large firewall policies can be a hard

and error-prone task. It is even harder in the case of IPsec

policies that can specify IP packets not only to be accepted

or discarded, but also to be cryptographically protected in

various ways. However, in many cases the configuration

task can be simplified by writing a set of smaller, independent

policies that are then reconciled consistently. Similarly,

there is often the need to reconcile policies from

multiple sources into a single one. In this paper, we discuss

the issues that arise in combining multiple IPsec and

firewall policies and present algorithms for policy reconciliation.

Details

Publication typeInproceedings
Published inSecurity Protocols Workshop
> Publications > Reconciling multiple IPsec and firewall policies