Due to increasing reliance on network-accessible computers, network security has become a major issue for organizations and individuals. To help ensure the security of their computers, organizations and individuals frequently install security devices between their private networks and public networks. A goal of such security devices is to prevent unwanted or malicious information from the public network from affecting devices in the private network.
One example of a commonly deployed security device is a firewall. A firewall, for example, is a dedicated or virtual device that is configured to permit or deny traffic flows based on an organization's security policies. Firewall functionality can be implemented at various layers of the network stack, as specified with respect to the Open Systems Interconnection Basic Reference Model (“OSI Reference Model”). For example, a network layer firewall operates at the network layer (i.e., layer three (L3) of the OSI Reference Model) and is referred to an L3 device or network layer device. As another example, a layer two (L2) firewall operates within the second layer of the OSI Reference Model, also known as the data link layer, to restrict L2 network communications in accordance with an organization's policies. An L3 firewall may provide security features as well as packet forwarding, routing or other L3 functionality. A L2 firewall may provide security features along with switching or other L2 functionality. A third type of firewall, referred to as an application-layer firewall, operates above L3 of the network stack to assemble application-layer data and perform deep packet inspection to identify viruses or network attacks. A network device such as a switch or a router may incorporate firewall functionality in addition to switching or routing functionality.