Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7907
Views
0
Helpful
1
Replies

Entery Level Question about Firewall placement

Cisco_Learner25
Level 1
Level 1

‎09-09-2015 04:29 AM - edited ‎03-05-2019 02:15 AM

Hi Guys, I'm new in Network field. I see different Network designs on google to understand the network-world. I see that in some network designs, Firewall is placed/installed before the Router (when we go toward internet) , and in some network scenarios after the Router (when we go toward internet). I feel, after the Router is better, but I'm just a child in Network-World (so please don't take my words seriously). Could someone tell me Please that why do network designer do like that? I'm confused about this difference of locations, about Firewalls. ALSO, which designs are more popular in real world? And why? (firewall before the router or after the router) any help??

Labels:
Preview file
75 KB
0 Helpful
1 Reply 1

Martin Hruby
Level 1
Level 1

‎09-09-2015 08:15 AM

Hello Omer

Thanks for your question.

The placement of a firewall within your network always depends on your specific requirements. Nowadays it's important not only to consider external threats, but also internal threats within your organization. Because of this, more often you see firewalls placed not only on the network perimeter but also within the network at strategic locations.

In many local area networks, a firewall is placed in the core of the network to inspect and filter traffic between different VLANs. Usually, unless you have a transparent firewall, the firewall and router functionality is actually merged into a single device You might want to have a look at the zone-based firewall concept: http://www.cisco.com/c/en/us/support/docs/security/ios-firewall/98628-zone-design-guide.html

Having a connection to the public Internet then creates additional security concerns which affect the placement and configuration of your firewall. Basically the idea is to protect all entry points into the network - think the access layer with end-users, wireless access, Internet access, etc. Then of course you need to think about protection of your services.

This link provides a nice summary: http://www.cisco.com/c/en/us/products/collateral/security/ios-firewall/prod_white_paper0900aecd8057f042.html

Best regards,
Martin

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card