Traffic-aware dynamic firewall policy management: Techniques and applications

Firewalls are important network security devices that protect networks by blocking unwanted traffic based on filtering policies. However, the structure of firewall policies has a major impact on firewall security and performance. In this article, we classify, describe, and compare traffic-aware firewall policy management techniques based on their objectives, schemes, complexity, applicability, and limitations. We classify traffic-aware firewall policy techniques into two categories based on their goals: matching optimization and early rejection optimization schemes. Matching optimization techniques try to minimize the matching time of normal network traffic. Early rejection techniques create a minimum set of policy preamble rules (constraints) that can potentially filter out the maximum amount of denied traffic. Both categories are self-adaptive to ensure that the performance gain will always supersede the dynamic management maintenance overhead. We believe that our work provides important insights on the operation and use of trafficaware filtering.