Firewall and ALG handling packets with dynamically-assigned IP addresses or ports, e.g. VoIP

摘要

A dynamic network security system and control method thereof dynamically judges application of a firewall in a router where firewall and VoIP Application Layer Gateway (ALG) functions are integrated. A VoIP ALG (111) dynamically shares information (e.g., IP address, port) on a VoIP media packet with the firewal (112). The information is obtained from signalling information carried out with the VoIP caller using, e.g. RTP. The information is stored in the firewall Access Control List (ACL). Thus when a VoIP media packet enters the firewall intranet, the firewall application allows or blocks passage of the packet depending on the stored information. Unlike conventional methods set to statically apply firewall rule to particular IP and port, the firewall rule can be applied to or relieved from particular IP and port in real-time, and thus firewall policy can be operated more securely.