[wg-all] New document published: Firewall Traversal Protocol

Greg Newby gbnewby at alaska.edu
Mon Aug 20 09:30:32 EDT 2012 

OGF Community:

A new document has been published in the OGF series.  All OGF
documents (including any that are open for public comment) may be
found here:

  http://www.ogf.org/gf/docs/

* GFD-R-P.196 "Firewall Traversal Protocol (FiTP)," R. Niederberger via the Inffrastructure FVGA-WG.

 Abstract:
Firewalls control traffic flows between internal and external communication partners. Mostly traffic from inside to outside is allowed, but traffic coming from outside must be explicitly configured. The rules which packets may traverse the firewall and which not are normally configured manually by firewall administrators. To speed up such kind of access list changes, it would be desirable to dynamically signal access requests and automatically change those access lists. Though some protocols are inspectable by firewalls already like FTP, SIP and H.323, a general protocol, which could be used for signaling dynamically required access rules, is not available until now.

This paper proposes a standard protocol, which would allow such signaling in a secure manner. Firewalls which have installed a corresponding inspection module could be configured automatically, which would ease the configuration of such systems a lot.

The proposed protocol (FiTP) can be used in two ways. First of all, a firewall aware of FiTP, could automatically allow connections signaled by authorized users. Secondly, an intermediate solution could be implemented, so that firewalls unaware of FiTP could be configured by the server process, which is the end point of the FiTP control connection. Via this approach a smooth transition would be possible. Installations having old firewall hard- and/or software could use the new protocol already, before installing a system which is FiTP enabled.

  -- Greg Newby, OGF Editor

Dr. Gregory Newby, Director of the Arctic Region Supercomputing Center
Univ of Alaska Fairbanks-909 Koyukuk Dr-PO Box 756020-Fairbanks-AK 99775-6020
e: gbnewby at alaska.edu v: 907-450-8663 f: 907-450-8603 w: people.arsc.edu/~newby

More information about the wg-all mailing list