Support of Firewalls by Applications BOF (SOFA) Reported by Ellen Messmer/Network World The BOF invited attendees to discuss firewall implementations, with the view that there are user requirements for interoperability. Users discussed firewall architectures, including a network-layer firewall which blocks all packets, transport-layer firewalls which direct connections to the firewall, and application-layer firewalls which control entry and exit points for applications use, such as TELNET, FTP and e-mail. The need to exert firewall control over non-standard applications, such as Sybase and Lotus notes, was also discussed. The BOF attendees largely agreed that interoperability among firewall implementations is a growing concern since companies are allowing their customers, suppliers and trading partners access to their networks at an increasing rate, and firewalls appear to be a basic method for controlling that access. One BOF attendee discussed use of the SOCKS interface for transport-layer firewalls as a way to simplify firewall user access. But the BOF attendees voted not to create a working group at this time since it was not clear what kind of protocol development, if any, is needed for firewalls. However, one attendee pointed out that the Internet has historically had ``no notion of an external network and an internal network, and it's time for us to deal with that.'' The attendees did decide to start an on-line discussion group managed by Trusted Information Systems to discuss the issues further. The BOF attendees favored the idea of putting together an outline of concerns regarding firewall interoperability via this list. Specifically, these related concerns entailed: o Recognition of the concept of the ``virtual private internet'' o The need to define internal networks vis-a-vis external networks o Guidelines for application protocol developers o Guidelines for configuration parameters o A set of requirements for firewalls If such an outline can be written, it will be submitted as an Informational RFC.