The perimeter router is typically a standard router providing a serial connection to the outside world and a LAN connection to the internal network. The perimeter router should provide any filtering of outside traffic to implement basic security for the dirty DMZ and preliminary filtering for the inside network. This device could be running the firewall feature set for additional security options.
Because the perimeter router is often connected to a slower WAN interface on one side and it doesn’t normally provide routing functions for internal networks, the LAN interface speed isn’t as critical as making sure adequate memory and features exist to handle the outside connection.
While bandwidth issues are important, feature sets are important on perimeter routers. If intrusion detection features are needed, though, you should know that the firewall feature sets for devices below the 2600 devices don’t include them. So, while a 1700 or 2500 device might handle the traffic, it won’t provide intrusion detection services. it more suit to small business and give minimal protection.
The diagram above shows the example of the Standalone Perimeter Router Topology.
The Diagram above show Single firewall without redundant components
Advantages
The advantages of a single firewall include:
- Low cost
Because there is only one firewall, the hardware and licensing costs are low. - Simplified management
Management is simplified because there is only one firewall for the site or enterprise. - Single logging source
All traffic logging is central to one device.
Disadvantages
The disadvantages of a single firewall with no redundancy include:
- Single point of failure
There is a single point of failure for inbound and/or outbound access. - Possible traffic bottleneck
A single firewall could be a traffic bottleneck depending on the number of connections and throughput required.
OLIVE
http://technet.microsoft.com/en-us/library/cc700827.aspx
No comments:
Post a Comment