Positioning Firewalls
The Firewall is a perimeter defense, positioned between networks with different security levels.
Firewalls generally control traffic between:
- External networks (the Internet) and your internal networks.
- External networks (the Internet) and DMZ (demilitarized zone) networks.
- Between internal networks (including DMZs).
Firewalls separate the different networks by enforcing rules that control access from one network to another.
Not all organizations necessarily have all types of networks that are shown here. One Firewall can cover all enforcement points simultaneously if it is practical in the network environment and compatible with the organization’s security requirements.
In multi-layer deployment, a Firewall can have both layer 2 physical interfaces and layer 3 physical interfaces. Layer 2 interfaces on Firewalls allow the engine to provide the same kind of traffic inspection that is supported on IPS engines and Layer 2 Firewalls.
- 1
- Traffic inspection only
- 2
- Routed traffic and traffic inspection
- 3
- Layer 3 physical interface
- 4
- Layer 2 physical interface of the inline IPS interface or inline Layer 2 Firewall interface type
- 5
- Layer 2 physical interface of the capture interface type
- 6
- DMZ network
- 7
- Department A internal network
- 8
- Department B internal network
- 9
- Internal network
- 10
- External networks