Firewall Schemes at Different Layers
from to on 24 Apr 16:34

This is a network defense design scheme question.

In a scenario where your organization is designing multi-layered firewall deployment and management, how granular  do you create rules at each of these three layers?

Example site is a main/HQ site that also houses your data center (basic 3 tier model).

  1. Site has your main internet gateway and VPN termination point. As am example, it’s a Cisco or other ZBF. It has four zones: (1) Internet, (2) VPNs from other sites/clients, (3) your corporate LAN including data center, (4) Guest/untrusted/Iot.

  2. Between your gateway and the rest of your corporate network/datacenter, you have transparent proxy firewall/IPS/monitor. It’s bridging traffic between gateway and data center.

  3. Within data center, hosts have software host based firewalls, all centrally managed by management product.



threaded - newest on 24 Apr 18:04 collapse

Rules are defined as narrowly as possible to accomplish the goal.