The days of selling basic network-layer firewalls alone are over. Network and security solution providers must
now provide more complex firewall solutions that integrate stateful and application-aware appliances. But providing more complex firewall strategies can complicate firewall management. In this guide, read a series of articles from SearchNetworking.com that will help you understand how application firewalls can be used alongside port and protocol firewalls. Also learn about firewall change and configuration management, as well as automated troubleshooting techniques.
Application awareness for complete firewall solutions
Firewalls have worked as the predominant form of security for Internet-connected networks for 25 years, but during this time attackers have climbed the protocol stack, going past the operating system or TCP/IP protocols and aiming deep into HTTP, HTML and XML protocols that make up modern distributed Web applications. So it has become crucial to combine intelligent, application-layer firewalls with stateful firewalls.
In this article about the many functions of application-aware firewalls, learn how these devices can monitor and discern between applications on the network and help to enforce user-based policy.
Application-aware firewalls alone won't cut it
The need for application-aware firewalls doesn't replace the need for network-layer firewalls. In fact, you will more likely have to sell your clients solutions that combines stateful firewalls with next-generation firewalls.
In this firewall case study, learn how one user implemented an application-aware firewall to scan applications hitting the data center alongside a network-layer firewall to check ports and protocols.
With complex firewall solutions comes need for better management systems
Network managers tend to shrug off network change and configuration management (NCCM) as more of a burden than it's worth, so you can imagine how difficult it might be to sell them firewall change management systems. But that doesn't mean you should avoid including firewall change management in your portfolio.
Firewall change management and automation can help curb the human error that often causes firewall misconfiguration nightmares.
In this tip on firewall change management, find out how software can formalize the way network managers (or their solution providers) document the who, what, when, why and how of firewall changes in order to avoid mistakes. Also learn how they use these tools to automate day-to-day firewall management tasks.
Third-party management software as part of the firewall strategy
Change management can be as simple as implementing third-party firewall management software. In this news article on firewall management software, learn how to use these platforms to analyze and monitor firewall rules and configuration changes and their effects on network performance.
Understanding firewall policy in order to automate corrections
As channel partners and their end users struggle to better manage firewalls in a more complex setting, researchers are working on new strategies as well. In November, researchers Fei Chen and Alex X. Liu of Michigan State University, and JeeHyun Hwang and Tao Xie of North Carolina State University, presented a paper called "First Step Towards Automatic Correction of Firewall Policy Faults" at the Large Installation Systems Administration (LISA) conference in San Jose. Working on the premise that many firewall problems are boiled down to faulty policy, the paper examines ways of analyzing firewall policy problems and then implementing automated corrections based on these commonly made errors.
Read more of this paper about firewall policy management and automated correction.