Stateful packet forwarding in a firewall cluster

摘要

A method is disclosed for processing data using multiple interconnected firewall devices. A connection is initiated between an internal host and an external network, through a home firewall device. A separate, receiving firewall device may then receive a data packet for the internal host as part of a flow. The receiving device attempts to determine the home device for the packet. The receiving device sends a multicast to all other firewall devices in the firewall cluster. The multicast includes the data packet and information about the receiving device. The home device receives the multicast and responds, indicating that it is the home device. The home device extracts the data packet from the multicast and forwards it to the internal host. The receiving device stores the response information along with other forwarding information that is used to automatically forward to the home device subsequent data packets for the flow.