Call for Paper - January 2024 Edition
IJCA solicits original research papers for the January 2024 Edition. Last date of manuscript submission is December 20, 2023. Read More

A Novel Technique for Effective Optimization of Cross Domain Network Protocol for Redundancy Removal in Firewall Policies

International Journal of Computer Applications
© 2015 by IJCA Journal
Volume 122 - Number 22
Year of Publication: 2015
Madhura M. Unde
Simran Khiani

Madhura M.unde and Simran Khiani. Article: A Novel Technique for Effective Optimization of Cross Domain Network Protocol for Redundancy Removal in Firewall Policies. International Journal of Computer Applications 122(22):16-21, July 2015. Full text available. BibTeX

	author = {Madhura M.unde and Simran Khiani},
	title = {Article: A Novel Technique for Effective Optimization of Cross Domain Network Protocol for Redundancy Removal in Firewall Policies},
	journal = {International Journal of Computer Applications},
	year = {2015},
	volume = {122},
	number = {22},
	pages = {16-21},
	month = {July},
	note = {Full text available}


In today's rapidly progressing professional world, internet is being used as a medium for almost every operation. Firewalls are extensively implemented to prevent unauthorized access to concealed networks and secure them. Based upon the applied policies a firewall can approve or decline the data packet by scrutinizing them. The large size and intricacy of modern networks result in big and complex firewall policies. Optimizing these policies is crucial for network performance inflation. Existing system facilitates inter-firewall or intra-firewall optimization within similar sets of administrative domains. They try to achieve optimization but at the cost of decreased network performance. In this paper, a protocol to increase the network performance while the cross domain firewall rules are optimized is explained. Rule optimization is achieved by redundant rule removal between the two firewalls. For boosting the performance and security, the data sent over the network will be encrypted and decrypted over a session key. Two types of rules i. e. network and user rules are supported. User can configure his own rules as per the required configuration in appropriate domain. Network rules will be common for both the domains and can be updated by the network administrator. The key technical experimentation is that firewall policies cannot be involved within similar domain areas because a firewall strategy contains exhaustive information and even potential security holes.


  • James F. Kurose and Keith W. Ross, "Computer Networking: A Top-Down Approach", Addison-Wesley Publication,6th Edition, pp. 641, Copyright 1996-2000
  • El- Sayed M and El- Alfy, "A Heuristic Approach for Firewall policy optimization", ICACT Conference: Advanced Communication Technology, vol. 3, pp. 1782-1787, FEB 2007.
  • Tihomir Katic and Predrag Pale, "Optimization of Firewall Rules", Information Technology Interfaces, 29th International Conference, pp. 685-690, June 2007
  • Fei Chen, Bezawada Bruhadeshwar, and Alex X. Liu, "Cross-Domain Privacy – Preserving Cooperative Firewall Optimization", IEEE/ACM transactions on Networking, vol. 21, Issue no. 3, pp. 857-868, June 2013.
  • A. X. Liu and M. G. Gouda, "Complete redundancy removal for packet classifiers in TCAMs", IEEE Transactions on Parallel and Distributed Systems, vol. 21, no. 4, pp. 424–437, April 2010.
  • J. Cheng, H. Yang, S. H. Wong, and S. Lu, "Design and implementation of Cross-domain cooperative firewall", IEEE International Conference on Network Protocols, pp. 284– 293, Oct. 2007
  • J. Brickell and V. Shmatikov, "Privacy-Preserving Graph Algorithms in the Semi-honest Model", Proceedings of the 11th international conference on Theory and Application of Cryptology and Information Security, pp. 236-252, 2005
  • E. Al – Shaer and H. Hamed, "Discovery of policy anomalies in Distributed firewalls", Twenty-third Annual Joint Conference of the IEEE Computer and Communications Societies, vol. 4, pp. 2605–2616, 2004
  • A. X. Liu, C. R. Meiners, and Y. Zhou, "All- match based complete redundancy removal for packet classifiers in TCAMs", The 27th Conference on Computer Communications. IEEE, pp. 574–582, 2008