Problem solve Get help with specific problems with your technologies, process and projects.

Optimal placement of firewalls

Companies with Internet connectivity are often faced with the question of where to place their firewall.

Companies that extend their network outward to include Internet connectivity are often faced with the question...

of where to place their firewall. The two most frequent spots to place the firewall are either in-house, where security is presumably tightest, or at the Internet service provider (ISP), where it can protect a point-to-point connection between the provider and the company. The question is, which is the better solution for your company?

There are reasons to advocate placement in either position, which ultimately makes the best solution to place a firewall at each location: one firewall at the ISP, and another at the boundary between your Internet services network and your enterprise network. Not all ISPs will manage a firewall for a client, so make sure your ISP agrees to monitor and manage that firewall for you. You may find that the firewall used by the ISP for general traffic is a good first line of defense.

A second firewall between your enterprise network and your ISP creates a higher level of control over network traffic while off-loading the basics to the ISP. You have the added assurance that the ISP firewall is performing through verification of your own firewall monitor logs. The convenience of writing and instantly testing policy rules on your firewall before having your ISP implement them on the second firewall creates a level of confidence that will help eliminate potential sleepless nights spent wondering if you made the correct call during setup. As prices for firewalls continue to drop, the added confidence that comes with having two firewalls strategically placed to protect your entire network both inside and out is certainly worth the time and money.

Barrie Sosinsky ( ) is president of consulting company Sosinsky and Associates (Medfield, MA). He has written extensively on a variety of computer topics. His company specializes in custom software (database and Web-related), training and technical documentation.

This was last published in June 2000

Dig Deeper on Windows Server troubleshooting

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.