HP Labs Technical Reports
Click here for full text:
Approaches to Multicast over Firewalls: an Analysis
Keyword(s): multicast; firewall; proxy
Abstract: Most commercial organisations use firewalls to constrain Internet packets passing between the outside and their internal networks, in order to increase overall host security. But firewalls block multicast traffic for security reasons. A possible security policy consists of specifying dynamically the set of allowed multicast group addresses and UDP ports to be relayed across the firewall. There are two different ways to support such a policy: an "explicit dynamic configuration" of the firewall or an "implicit dynamic configuration." With the "implicit" approach, the set of candidate addresses/ports is determined, based upon the contents of session announcements. With an "explicit" approach, this set of candidates is dynamically set, based upon an explicit request from an internal client. This report aims to introduce these two solutions and compare them.
Back to Index