Designing and implementing a customer's network firewall solution can be a daunting task. Choices made early in the design process can have far-reaching security implications for years to come. In

    Requires Free Membership to View

this series of tips, we take a detailed look at the process used to implement a firewall and help guide you through the design process.


How to choose a firewall

There are dozens of firewalls on the market today. Choosing one for your customer's organization can be a daunting task -- especially in an industry filled with buzzwords and proprietary trademarks. Let's take a look at the basics of firewall technology and five questions you should ask when choosing a firewall for your organization.

  1. Why are you implementing a firewall?
  2. How will the firewall fit into your network topology?
  3. What type of traffic inspection do you need to perform?
  4. Is your organization better suited for an appliance or a software solution?
  5. What operating system is best suited for your requirements?

The process of answering these questions can help you solidify your thoughts and put you in the right direction. With these answers in hand, you should be able to intelligently evaluate the cost/benefit tradeoff for the various products available on the market today.

Get an expanded list of questions to consider when choosing firewalls for your customers.


Choosing the right firewall topology

When developing a perimeter protection strategy for an organization, one of the most common questions is: "Where should I place firewalls for maximum effectiveness?" In this tip, we'll take a look at the three basic options and analyze the scenarios best suited for each case.

  1. Bastion host
  2. Screened subnet
  3. Dual firewalls

Learn more about firewall topologies and picking a perimeter protection strategy best suited to your customer's network.


Placing systems in a firewall topology

Once you have decided which topology best suits your IT infrastructure, you need to decide where to place individual systems within the chosen topology.

Each topology strategy raises its own questions about where your customers' systems should be placed and why. The answers to those questions rest largely in each customer's needs and plans.

Learn more about firewall strategies and how they affect your customers' network topologies.


Auditing firewall activity

In the real world of firewall management, we're faced with balancing a continuous stream of change requests and vendor patches against the operational management of our firewalls. Configurations change quickly and often, making it difficult to keep on top of routine maintenance tasks. Here are four practical areas where some basic log analysis can provide valuable firewall management data:

  1. Monitor rule activity
  2. Traffic flows
  3. Rule violations
  4. Denied probes

Get an expanded list of these four areas to concentrate on when auditing firewall activity on your customer's network.

This was first published in October 2006

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.