A destination host on a first network may attempt to initiate a communication session with a source host on a second network. The attempt may be intercepted by a first policy enforcement point, which may forward a message to the source host associated with the communication session. The source host may send an acknowledgment to the destination host via the first policy enforcement point. A policy decision point may determine that the communication session is permissible. The policy decision point may send a response to the first policy enforcement point and a second policy enforcement point. The response may indicate an approval of the communication session. The source host may respond to the destination host through either a first connection path and the first policy enforcement point or a second connection and the second policy enforcement point.