A method for increasing the productivity of a distributed firewall based on Proxmox in corporate computer networks
DOI:
https://doi.org/10.30837/2522-9818.2025.3.180Keywords:
method; distributed firewall; container; Proxmox; virtualization; delay; traffic filtering.Abstract
The subject of the study in the article is a method for increasing the performance of a distributed firewall based on LXC containers of the Proxmox VE environment for corporate computer networks. The goal of the work is to develop approaches to ensure a high level of efficiency of a distributed firewall for monitoring and managing traffic in corporate networks and virtualized networks, enabling the minimization of delays during traffic filtering and ensuring reliable operation of the corporate network under conditions of limited hardware resources. To solve the problem, the following research methods were applied: theoretical analysis of literature sources; analysis of the features of the application of containerization technology for implementing dynamic network traffic control, study of methods to improve computational resource utilization efficiency in environments with limited hardware resources, analysis of the advantages of distributed firewall regarding minimizing data transmission delays, increasing system throughput, and reducing unauthorized access risks; experimental validation of the functionality and efficiency of the distributed firewall. The results obtained indicate that the proposed method allows minimizing delays during traffic filtering and provides automatic scaling of the firewall`s functionality while maintaining the integrity of the network security system. The proposed approach provides a high level of CCM protection by segmenting the network with the assignment of a separate LXC container to serve each local subnet, which allows for targeted traffic filtering and flexible access policy management. Conclusions: the paper proposes a configuration of a distributed firewall in the Proxmox environment, including setting up a basic set of filtering rules to ensure the effective operation of a corporate computer network. The scientific novelty of the method lies in improvement of security mechanisms in scalable environments with limited hardware resources, enabling a high level of protection against external and internal threats, while maintaining fault tolerance and reliability of the network infrastructure. Experimental validation of the method’s functionality and efficiency confirmed the feasibility of its implementation to ensure stable and controlled access to the corporate computer network’s resources.
References
References
Vazhynskyi, V. B., Tkachov, V. M. (2023), "Problematyka bezpeky ta kryterii khnadiinosti multykhmarnykh seredovyshch. Natsionalnyi universytet “Poltavska politekhnika imeni Yuriia Kondratiuka". National University “Yuri Kondratyuk Poltava Polytechnic”, 75 р. available at: http://repositsc.nuczu.edu.ua/bitstream/123456789/19451/1/issue-galley-73%20%281%29.pdf
Swati, Roy, S., Singh, J., Mathew, J. (2025), "Securing IIoT systems against DDoS attacks with adaptive moving target defense strategies". Scientific Reports, 15(1), 9558 р. DOI: https://doi.org/10.1038/s41598-025-93138-7
Bytsiv, M. M. (2021), "Znachennia informatsiinykh tekhnolohii yak chynnyka innovatsii u diialnosti maloho ta serednoho biznesu", Biznes, innovatsii, menedzhment: problemy ta perspektyvy: zbirnyk tez dopovidei II Mizhnarodnoi nauk.-prakt. konferentsii, Natsionalnyi tekhnichnyi universytet Ukrainy «Kyivskyi politekhnichnyi instytut imeni Ihoria Sikorskoho», Р. 206-207. available at: https://confmanagement-proc.kpi.ua/article/view/231790
Bringhenti, D., Marchetto, G., Sisto, R., Valenza, F., Yusupov, J. "Automated Firewall Configuration in Virtual Networks," in IEEE Transactions on Dependable and Secure Computing, Vol. 20, No. 2, Р. 1559-1576, DOI: 10.1109/TDSC.2022.3160293
Zhurylo, O. Liashenko, O. (2024), "Arkhitektura ta systemy bezpeky IoT na osnovi tumannykh obchyslen", Innovative Technologies and Scientific Solutions for Industries, (1(27), Р. 54–66. DOI: 10.30837/ITSSI.2024.27.054
Anwar, R. W., Abdullah, T., Pastore, F. (2021), "Firewall Best Practices for Securing Smart Healthcare Environment: A Review". Applied Sciences, 11(19), 9183 р. DOI: https://doi.org/10.3390/app11199183
Togay, C., Kasif, A., Catal, C., Tekinerdogan, B. (2022), "A Firewall Policy Anomaly Detection Framework for Reliable Network Security", in IEEE Transactions on Reliability , Vol. 71, Р. 339-347, DOI: 10.1109/TR.2021.3089511
Kaur, H., Atif, M., Chauhan, R. (2020), "An Internet of Healthcare Things (IoHT)-Based Healthcare Monitoring System". In Advances in Intelligent Computing and Communication; Springer: Berlin, Germany, Р. 475–482.
Bringhenti, D., Valenza, F. (2024), "GreenShield: Optimizing Firewall Configuration for Sustainable Networks," in IEEE Transactions on Network and Service Management, Vol. 21, No. 6, Р. 6909-6923, DOI: 10.1109/TNSM.2024.3452150
Bringhenti, D., Marchetto, G., Sisto, R., Valenza, F. Yusupov, J. (2023), "Automated Firewall Configuration in Virtual Networks," in IEEE Transactions on Dependable and Secure Computing , Vol. 20, № 2, Р. 1559-1576, DOI: 10.1109/TDSC.2022.3160293
Tiwari, Aman, Sivani, Papini, Hemamalini, V. (2022), "An enhanced optimization of parallel firewalls filtering rules for scalable high-speed networks." Materials Today: Proceedings № 62, Р. 4800-4805. DOI:10.1016/j.matpr.2022.03.346
Sinha, M., Bera, P., Satpathy, M. (2021), "An Anomaly Free Distributed Firewall System for SDN", 2021 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA) , Dublin, Ireland, Р. 1-8, DOI: 10.1109/CyberSA52016.2021.9478256
Novorodovskyi, V. (2020), "Informatsiina bezpeka Ukrainy v umovakh rosiiskoi ahresii. Society". Document. Communication. № 9. Р. 150–179. DOI: https://doi.org/10.31470/2518-7600-2020-9-150-1179
Tkachov, V. M., Chepurna, I. S., Fesenko, T. H. (2024), "Metod multyrivnevoho vpn-tuneliuvannia dlia zabezpechennia viddalenoho dostupu do vuzliv ekstranet-merezhi", Visnyk Khersonskoho natsionalnoho tekhnichnoho universytetu. №. 3 (90). Р. 299-308. DOI: https://doi.org/10.35546/kntu2078-4481.2024.3.37
"Proxmox VE. Proxmox VE." (2025), available at: https://pve.proxmox.com/mediawiki/index.php?title=Main_Page&oldid=12223 (last accessed: 26.04.2025)
Ariyanto, Y. (2023), "Single server-side and multiple virtual server-side architectures: Performance analysis on Proxmox VE for e-learning systems". ITEGAM-JETIA, №9(44), Р. 25-34. DOI: https://doi.org/10.5935/jetia.v9i44.903
Ghandour, O., El Kafhali, S., Hanini, M. (2024), "Adaptive workload management in cloud computing for service level agreements compliance and resource optimization". Computers and Electrical Engineering, № 120, 109712 р. DOI:10.1016/j.compeleceng.2024.109712
Downloads
Published
How to Cite
Issue
Section
License
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
Our journal abides by the Creative Commons copyright rights and permissions for open access journals.
Authors who publish with this journal agree to the following terms:
Authors hold the copyright without restrictions and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License (CC BY-NC-SA 4.0) that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.
Authors are able to enter into separate, additional contractual arrangements for the non-commercial and non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in this journal.
Authors are permitted and encouraged to post their published work online (e.g., in institutional repositories or on their website) as it can lead to productive exchanges, as well as earlier and greater citation of published work.
