A typical VPN (Virtual Private Network) is a network of point-to-point tunnels, where a tunnel is a Security Association (SA) between two security devices. Group VPNs have been developed that extend current Internet Protocol Security (IPsec) architecture to support group-shared SAs. The center of a group VPN includes a group server, which can be a cluster of servers.
Currently, VPN firewall security policies are configured statically via user configuration. If a user wants to modify VPN behavior then the user (e.g., a network administrator) must change the configuration manually and, thus, not in real time. With a group VPN, member access is dynamic. Thus, for effective implementation, configuration changes to the firewall security policies are needed in real-time.