--> Selection of firewall mode mainly depends upon two criteria's
i) Security and Performance requirements
ii) Location of the firewall to be placed
--> Enterprise Firewalls can be deployed in four modes,
i) Distributed Enterprise Firewall
--> Performance and Security requirements are very less.
--> Security throughputs are ranging up to 10 Gbps.
--> Distributed Enterprise Firewalls can be placed at Branch offices or Small Medium Business Offices.
--> Distributed Enterprise Firewalls are having all the features such as NAT, IPS, Dynamic and Static Routing, VPN, Anti Virus, Firewall policies and cloud sandboxing in a single device.
ii) Internal Segmentation Firewall
--> Performance and Security requirements are more as they need to protect the servers & applications from internal users.
--> Security throughputs are ranging up to 100 Gbps.
--> Internal Segmentation Firewalls are placed at the between Distribution and Access Layer of the network.
--> Internal Segmentation Firewalls need to have features such as IPS, Dynamic and Static Routing, Anti Virus, Firewall policies ranging up to Application Layer and Sandboxing.
iii) Next Generation Firewall
--> This is most commonly used mode in enterprise firewalls.
--> Performance requirements are lower as Internet speeds in the enterprise are lower than network speeds.
--> Security throughputs are ranging up to 40 Gbps.
--> Next-Generation Firewalls are placed at the edge of the network ( Between Core Layer and Internet).
--> Next Generation Firewalls will be mostly default gateway for Internal networks as they are placed at the edge of the network.
--> Next Generation Firewalls need to have features such as NAT, IPS, Dynamic and Static Routing, VPN, Anti Virus, Firewall policies ranging up to Application Layer and Web/E-Mail/Content Filtering.
iv) Data Center Firewall
--> Performance and Security requirements are more than the other deployment modes as they need protect servers and applications.
--> Security throughputs are ranging up to 1 Tbps.
--> Data Center Firewalls are placed at the DMZ of the network.
--> Data Center Firewalls need to have features such as IPS, Dynamic and Static Routing, Anti Virus, Firewall policies ranging up to Application Layer.
Reference : Fortinet
Md.Kareemoddin
CCIE # 54759
i) Security and Performance requirements
ii) Location of the firewall to be placed
--> Enterprise Firewalls can be deployed in four modes,
i) Distributed Enterprise Firewall
--> Performance and Security requirements are very less.
--> Security throughputs are ranging up to 10 Gbps.
--> Distributed Enterprise Firewalls can be placed at Branch offices or Small Medium Business Offices.
--> Distributed Enterprise Firewalls are having all the features such as NAT, IPS, Dynamic and Static Routing, VPN, Anti Virus, Firewall policies and cloud sandboxing in a single device.
ii) Internal Segmentation Firewall
--> Performance and Security requirements are more as they need to protect the servers & applications from internal users.
--> Security throughputs are ranging up to 100 Gbps.
--> Internal Segmentation Firewalls are placed at the between Distribution and Access Layer of the network.
--> Internal Segmentation Firewalls need to have features such as IPS, Dynamic and Static Routing, Anti Virus, Firewall policies ranging up to Application Layer and Sandboxing.
iii) Next Generation Firewall
--> This is most commonly used mode in enterprise firewalls.
--> Performance requirements are lower as Internet speeds in the enterprise are lower than network speeds.
--> Security throughputs are ranging up to 40 Gbps.
--> Next-Generation Firewalls are placed at the edge of the network ( Between Core Layer and Internet).
--> Next Generation Firewalls will be mostly default gateway for Internal networks as they are placed at the edge of the network.
--> Next Generation Firewalls need to have features such as NAT, IPS, Dynamic and Static Routing, VPN, Anti Virus, Firewall policies ranging up to Application Layer and Web/E-Mail/Content Filtering.
iv) Data Center Firewall
--> Performance and Security requirements are more than the other deployment modes as they need protect servers and applications.
--> Security throughputs are ranging up to 1 Tbps.
--> Data Center Firewalls are placed at the DMZ of the network.
Reference : Fortinet
Md.Kareemoddin
CCIE # 54759
0 Comments