Router/firewall implementation

nelnel Member Posts: 2,859 ■□□□□□□□□□
Hi

i have a uni assignment which give a network scenario and i have to design and implement a better solution. Now i was just wondering when it comes to security what is the best solution? is it better to have a dedicated firewall appliance and a seperate router? if so, do you have this kind of structure to reduce load on the router for example?

i was just hoping for some real world input on how exaclty it is implemented?
Xbox Live: Bring It On

Bsc (hons) Network Computing - 1st Class
WIP: Msc advanced networking

Comments

  • malcyboodmalcybood Member Posts: 900 ■■■□□□□□□□
    nel,

    it is best to have a layered aproach to security, therefore an edge router configured with access lists, with an IP firewall between it and the cororate infrastructure, DMZ etc combined with an IDS/IPS is an example of a possible approach.

    there are high end routers and L3 switches that can provide firewall and security functionality, however you need to consider this is a single point of failure etc etc

    what are you trying to achieve in the exercise and are there any constraints I.e. budget etc

    malc
  • hypnotoadhypnotoad Banned Posts: 915
    IMO it is best to keep your routing block and your firewall block separate, because it will be easier to administer and troubleshoot if you have a complicated set of rules or a complicated set of routes. There are advantages and disadvantages to both theories.

    However, if all your router does is a default route to an ISP, then you might as well not buy a separate firewall.
  • AhriakinAhriakin Member Posts: 1,799 ■■■■■■■■□□
    It depends on what you are trying to achieve, the security capabilities of the hardware and the type of connection you have to the WAN provider. Routers are generally better equipped to deal with traditional corporate WAN circuits like T1's etc., Firewalls are usually ethernet only which is fine for the likes of DSL/Cable or if (as has been stated) you have a router in front of it that provides the actual bridging to the WAN circuit. The capabilities of the router also need to be taken into account, does it have any type of stateful or other security functions? For usability and sanity you will need a stateful firewall of some kind at your perimeter or be prepared to be an ACL hell with less security to boot.
    We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place?
  • nelnel Member Posts: 2,859 ■□□□□□□□□□
    malcybood wrote:
    nel,

    it is best to have a layered aproach to security, therefore an edge router configured with access lists, with an IP firewall between it and the cororate infrastructure, DMZ etc combined with an IDS/IPS is an example of a possible approach.

    there are high end routers and L3 switches that can provide firewall and security functionality, however you need to consider this is a single point of failure etc etc

    what are you trying to achieve in the exercise and are there any constraints I.e. budget etc

    malc

    After i had done some research i thought a layed approach would be best suited but i just wanted to ask some real pro's just to be on the safe side. I basically have a uni assignment which consists of a network and you have to provide suggestions on how to improve it to meet the customers criteria. There is no cost restrictions etc, it purely all theoretical
    Xbox Live: Bring It On

    Bsc (hons) Network Computing - 1st Class
    WIP: Msc advanced networking
Sign In or Register to comment.