Advantages of Multi-Tier and Multi-box firewalls?

wyndham29 · ‎07-04-2015

Hi,

I'm currently doing a University project and am having trouble getting my head around a few concepts. One reason is the looseness of terms in IT, with network tiers referring to several things depending on the context.

My questions are:
- What is the advantage of having multiple tier's of firewalls?
- What is the advantage of Multi-boxing? (having two firewalls on each tier)
I will attach an image to make what I'm referring to a bit clearer.

Any help massively appreciated!

Ji-Won Park · ‎07-04-2015

Hi,

Your question is quite conceptual. I am a field engineer so I will try my best to put this into words.

You often see multi-tier (2/3 tier) firewall(IPS) design in company's network. There can be many different reasons - there could be company security program to separate firewalls to handle different inspection type for example, EXTERNAL - DMZ , DMZ - INTERNAL as your diagram shows. If you're leveraging IDS/IPS, you are also using multiple signature from different vendors. Traffic load could be another reason as all the appliances have something called maximum throughput these days. Vendor relationship (politic) could be another reason - CIO could be a friends with PA sales guy, and IT director could have good relationship with Cisco AM who knows.

Multibox, I think you're referring to multi-chassis, clustering, active/standby or active/active design. The benefits are simple. you get redundancy and extra horsepower when using multiple contexts. Contexts are a similar concept to Virtualization. Cisco already successfully demonstrated full network gear virtualization with VDC technology in Nexus7K. ASA failover is stateful - seamless to the end users.

Hope it helps..

g1

wyndham29 · ‎07-04-2015

Thanks, really thorough answer, I appreciate it!

Ji-Won Park · ‎07-05-2015

Please mark it as correct answer please :)