A Novel Firewalls ConFigure Fault and Its Repair Method

With the expansion of enterprise networks and data centers, multilayer firewalls are deployed in these systems. In view of the new network fault in the multi-firewall network, people can not explain its formation mechanism and there is no effective repair method. This paper analyzes the causes of the network fault and points out that the network fault is caused by the inconsistency between the application flow routing and the firewall security policy. Based on this, this paper proposes a network Fault Detection and repair (FDR) method in multi-firewall networks to quickly locate and repair the network faults. In order to verify the effectiveness of FDR method, we designed and implemented a prototype system based on network function virtualization. The experimental results show that the fault can be accurately reproduced in multi-firewall network. FDR method can not only find the inconsistency between security policy and routing accurately and efficiently, but also recover the network fault quickly.