| Summary: |
The purpose of this document is to collect and put under discussion
requirements for a protocol allowing for decomposition of
application-awareness from packet processing in firewalls. The
protocol will be used by application-aware entities to control
packet flows of applications traversing firewalls dynamically. This
kind of control allows applications using session control protocols
to traverse firewalls while still retaining restrictive packet
filtering policy. Network management tools may also utilize the
protocol to manage packet-processing policies. We suggest an
extensible framework that may be used for management of arbitrary
per-flow control states in network nodes.
|