Midhat Posted October 29, 2021 Share Posted October 29, 2021 Hello, Where is the best practice position for a firewall in the network and is this related to the FW working mode ? 1 Link to comment Share on other sites More sharing options...
NiceGuy Posted October 30, 2021 Share Posted October 30, 2021 31 minutes ago, Midhat said: Hello, Where is the best practice position for a firewall in the network and is this related to the FW working mode ? Closer to the perimeter or edge of the network. Same analogy as say a video surveillance system. You are most likely to put cameras at the entrances / exists, windows etc., i.e. points that service traffic between inside and outside. 2 Link to comment Share on other sites More sharing options...
azika Posted October 30, 2021 Share Posted October 30, 2021 As NiceGuy said, the best position is at the Perimeter of the Network, where you connect to external networks (Internet edge). As best practice you also need to have firewall internally in your network. The internal firewalls are usually referred to Internal Segmentation Firewall (ISFW), these are used to separate for example department traffic from one another. You don't want your internal users to reach every important asset inside your business. For example, you want only HR employees to reach the HR servers that contains all employee information (addresses, salary information etc), so you create rules in the ISFW that only allow the HR employee to reach that server and no one else. 2 Link to comment Share on other sites More sharing options...
MohammadKaye Posted October 31, 2021 Share Posted October 31, 2021 It depends on the mode and the reason, for example : 1) If you want the FW to do basic tasks such as NAT & and ACL ( Control Which IP could access your internal network ), you can use it as an edge device. 2) If you want to deploy the device on the same network and Vlan ( it will act as a switch but with FW features ), you can deploy it in transparent mode. 3) If you want to protect your internal servers ( DMZ network ), you can deploy the FW closer to that network, and you have the option to enable L7 inspection ( FirePOWER ). 2 Link to comment Share on other sites More sharing options...
thegreek1 Posted November 5, 2021 Share Posted November 5, 2021 Hi, you have to take into account that there is more than just a firewall here that needs a proper solution so my response would be "depends". Easy scenario is dependent on the customer's business and technical resources and there is no cookie cutter solution. Sure Cisco does have its hierarchical design but it is too vague and it should be used as a basic guidelines. 3 Link to comment Share on other sites More sharing options...
sathmal Posted July 18, 2023 Share Posted July 18, 2023 thanks Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now