1. Field of the Invention
The present invention relates to network technology. More particularly, the present invention relates to firewalls.
2. Description of the Related Art
Firewalls are important tools for protecting networks or portions of networks. Typically, a firewall is used to filter traffic between portions of networks (e.g., between subnets), between a private network and other networks (e.g., the Internet), etc. Firewalls inspect packets routed from, e.g., one subnet to another based on policies configured in the firewall. The term “packet” will be used broadly herein to include frames, true packets and similar data units.
If a firewall is disposed between a private network and the Internet, the Internet is “outside” the firewall and the private network is “inside” the firewall. For example, the firewall may be configured to permit nodes inside the firewall to have unrestricted access to the Internet while inspecting packets from outside the firewall to filter out “spam,” viruses, etc.
Current firewalls typically operate at layer 3 (L3), though some operate at layer 2 (L2). Therefore, the deployment of a firewall typically implies that there are layer 3 (subnet) separations between the inside and outside segments. This is acceptable if the firewall is running on a network device functioning, e.g., as a router with a pre-existing subnet separation. However, complications arise when the firewall is to be placed within an existing network. In such situations, the network has to be re-subnetted to build it around the firewall, a task that is tedious and resource-intensive.
It would be desirable to implement improved methods and devices for implementing firewalls.