In order to reduce the installation cost and the operation cost of a security product in a communication network, many features, such as a firewall feature, an antivirus feature, an URL (Uniform Resource Locator) filtering feature and an IPS (Intrusion Prevention System) feature, are increasingly incorporated into one gateway device. However, as a result of incorporating many features into a gateway device, the processing load on the gateway device increases, which causes the gateway device to behave as a bottleneck on the communication path.
In Patent Literature 1, a network configuration where a router packet path control device receives all packets having passed through a firewall once is disclosed. The router packet path control device transfers subsequent packets having the same features as the received packets directly to each network without through the firewall. This achieves reduction of the processing load on the firewall.
In Patent Literature 2, a technique that selects either one of a path that is through a security center or a communication path that connects directly to the other end of communication according to the other end of communication or an application corresponding to the communication to prevent an increase in the load on a server in the security center or the like is disclosed.
In Patent Literature 3, a technique that, when a mobile terminal performs communication by dynamically switching an available wireless system, does not use IPsec in the case where encryption is not required between the mobile terminal and a gateway device, and performs encryption using IPsec only in the case of using a wireless system requiring encryption is disclosed. This prevents an increase in the load on the gateway device.