Method of synchronizing firewalls in a communication system based upon a server farm

Assignee

• International Business Machines Corporation · US

Inventors

• Jean-Marc Berthaud · Villeneuve-Loubet, FR
• Pascal Chauffour · Cagnes-sur-Mer, FR
• Jean-Claude Dispensa · Saint-Jeannet, FR
• Valerie Mahe · Nice, FR

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/20
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A method of synchronizing firewalls in a communication system comprising a server farm wherein any user connected to the Internet can access customer servers, and at least two firewalls using a Virtual Router Redundancy Protocol (VRRP) to set up as primary interface firewall the firewall which owns the primary interface of the VRRP group of interfaces to at least one customer server. The method includes initializing, in a secondary interface firewall, a synchronization message exchange with the primary firewall after receiving a packet for a connection having a state which is incompatible with the received packet or after the standard firewall processing of a packet corresponding to a new connection, and registering in a common connection table the state of any connection if the connection is new or if the connection state has changed.