Firewall enterprise architecture v1

Nowadays understanding the data control from/to internal-external traffic is pretty much compulsary. Today I will try to explain this as detailed as I can. First of all how one enterprise traffic architecture looks like?
ASD

So .. we have external server/data center connected to a router which is leading to the internal servers/data center.

arrows

The arrows show that the traffic flow is passing freely (you can zoom the pictures by clicking on them). This is why we need to secure and to filter the incoming traffic. Usually the outcome is not a problem, let’s say never. But the real threat is the income.

The best practise in my opinion is putting two firewalls – internal and external + DMZ. The drama is where to put the DMZ? In this case we will design our topology with INTERNAL DMZ. Reasons why I choose this:

 

  • traffic from the external and untrusted source passes through two firewalls thus meeting the intention of dual firewalls.
  • traffic to the internal network is always more complicated, and has more flows. Consider all of the administration traffic to the servers in the DMZ. Therefore, passing internal traffic through a single firewall reduces the cost of ownership by reducing the numbers rules needed in the firewalls.
  • its easier to understand. Because all external flows pass through the external firewalls, it is consistent with operational troubleshooting.

 

Here is the diagram:
intfire

 

 

This is only one way for protecting an enterprise network. Later we will review DMZ bridge, external firewall DMZ, DMZ between the firewalls and so on. I will try to explain all the cases but I must note that for me this is the best practise.

 

11 thoughts on “Firewall enterprise architecture v1

  1. I just could not depart your website prior to suggesting that I actually enjoyed the standard info an individual provide in your guests? Is gonna be back steadily to check up on new posts

  2. I simply wanted to write a comment to be able to appreciate you for some of the unique guides you are sharing here. My particularly long internet investigation has at the end been paid with pleasant points to share with my partners. I ‘d assert that most of us readers actually are unequivocally lucky to exist in a fantastic website with many outstanding people with valuable tips. I feel pretty lucky to have used the website and look forward to so many more fun minutes reading here. Thank you once again for everything.

  3. I am commenting to let you understand of the helpful experience my girl enjoyed going through your site. She figured out such a lot of details, with the inclusion of what it’s like to have a great helping mindset to let many people very easily fully understand certain complex subject areas. You truly did more than visitors’ expectations. Thanks for offering these effective, safe, educational and as well as unique tips about that topic to Kate.

  4. I have to show some appreciation to the writer just for bailing me out of this particular matter. Just after surfing through the the net and coming across strategies that were not helpful, I assumed my entire life was done. Being alive devoid of the answers to the issues you have solved all through your main report is a crucial case, as well as the kind which may have negatively damaged my entire career if I had not come across your web blog. Your own capability and kindness in playing with all the stuff was useful. I’m not sure what I would have done if I had not discovered such a step like this. I am able to now look forward to my future. Thank you so much for your expert and effective guide. I will not be reluctant to propose the blog to anyone who should receive guide about this subject matter.

  5. I am also writing to let you be aware of what a great experience my girl went through studying your blog. She mastered such a lot of things, which included what it is like to have an awesome helping heart to have others smoothly have an understanding of some multifaceted subject areas. You really did more than her expectations. Thank you for producing the great, trusted, edifying and as well as easy tips about the topic to Tanya.

  6. I must show my respect for your kindness in support of those people that actually need help on the niche. Your very own commitment to passing the message across came to be certainly invaluable and have all the time allowed somebody like me to reach their dreams. Your personal warm and friendly guidelines entails a great deal to me and further more to my office colleagues. Best wishes; from all of us.

  7. I definitely wanted to write a note to say thanks to you for the pleasant solutions you are sharing on this site. My extended internet search has finally been paid with reasonable concept to exchange with my friends and family. I would suppose that many of us site visitors are undeniably lucky to live in a decent site with many brilliant professionals with beneficial points. I feel somewhat blessed to have discovered your entire weblog and look forward to tons of more amazing moments reading here. Thanks a lot once more for a lot of things.

  8. I’m also writing to let you understand what a helpful discovery my wife’s child enjoyed browsing your blog. She noticed some issues, including what it’s like to have an amazing giving heart to get others with ease completely grasp some hard to do subject matter. You truly did more than our expected results. Thank you for rendering the great, safe, informative and as well as easy guidance on this topic to Sandra.

  9. We think your blog is much great to us. I have hope that you keep up this good work. Will you please take a look at my site also?

Leave a Reply

Your email address will not be published. Required fields are marked *