Optimal placement of firewalls

Companies that extend their network outward to include Internet connectivity are often faced with the question of where to place their firewall. The two most frequent spots to place the firewall are either in-house, where security is presumably tightest, or at the Internet service provider (ISP), where it can protect a point-to-point connection between the provider and the company. The question is, which is the better solution for your company?

There are reasons to advocate placement in either position, which ultimately makes the best solution to place a firewall at each location: one firewall at the ISP, and another at the boundary between your Internet services network and your enterprise network. Not all ISPs will manage a firewall for a client, so make sure your ISP agrees to monitor and manage that firewall for you. You may find that the firewall used by the ISP for general traffic is a good first line of defense.

A second firewall between your enterprise network and your ISP creates a higher level of control over network traffic while off-loading the basics to the ISP. You have the added assurance that the ISP firewall is performing through verification of your own firewall monitor logs. The convenience of writing and instantly testing policy rules on your firewall before having your ISP implement them on the second firewall creates a level of confidence that will help eliminate potential sleepless nights spent wondering if you made the

Requires Free Membership to View

correct call during setup. As prices for firewalls continue to drop, the added confidence that comes with having two firewalls strategically placed to protect your entire network both inside and out is certainly worth the time and money.

Barrie Sosinsky (barries@killerapps.com ) is president of consulting company Sosinsky and Associates (Medfield, MA). He has written extensively on a variety of computer topics. His company specializes in custom software (database and Web-related), training and technical documentation.

This was first published in June 2000

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.