Router/firewall implementation

Hi

i have a uni assignment which give a network scenario and i have to design and implement a better solution. Now i was just wondering when it comes to security what is the best solution? is it better to have a dedicated firewall appliance and a seperate router? if so, do you have this kind of structure to reduce load on the router for example?

i was just hoping for some real world input on how exaclty it is implemented?

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

malcybood

nel,

it is best to have a layered aproach to security, therefore an edge router configured with access lists, with an IP firewall between it and the cororate infrastructure, DMZ etc combined with an IDS/IPS is an example of a possible approach.

there are high end routers and L3 switches that can provide firewall and security functionality, however you need to consider this is a single point of failure etc etc

what are you trying to achieve in the exercise and are there any constraints I.e. budget etc

malc

hypnotoad

IMO it is best to keep your routing block and your firewall block separate, because it will be easier to administer and troubleshoot if you have a complicated set of rules or a complicated set of routes. There are advantages and disadvantages to both theories.

However, if all your router does is a default route to an ISP, then you might as well not buy a separate firewall.

Ahriakin

It depends on what you are trying to achieve, the security capabilities of the hardware and the type of connection you have to the WAN provider. Routers are generally better equipped to deal with traditional corporate WAN circuits like T1's etc., Firewalls are usually ethernet only which is fine for the likes of DSL/Cable or if (as has been stated) you have a router in front of it that provides the actual bridging to the WAN circuit. The capabilities of the router also need to be taken into account, does it have any type of stateful or other security functions? For usability and sanity you will need a stateful firewall of some kind at your perimeter or be prepared to be an ACL hell with less security to boot.

nel

malcybood wrote:

nel,

it is best to have a layered aproach to security, therefore an edge router configured with access lists, with an IP firewall between it and the cororate infrastructure, DMZ etc combined with an IDS/IPS is an example of a possible approach.

there are high end routers and L3 switches that can provide firewall and security functionality, however you need to consider this is a single point of failure etc etc

what are you trying to achieve in the exercise and are there any constraints I.e. budget etc

malc

After i had done some research i thought a layed approach would be best suited but i just wanted to ask some real pro's just to be on the safe side. I basically have a uni assignment which consists of a network and you have to provide suggestions on how to improve it to meet the customers criteria. There is no cost restrictions etc, it purely all theoretical