Protecting the Perimeter

January 15, 2008 - 0 Comments

As the Internet and access to it becomes more and more prevalent around the world, service providers, enterprises as well as small and medium businesses are challenged to protect their internet infrastructure from hackers and malicious applications causing business disruption. One of the key applications that has evolved over the years is the firewall. Firewall acts as a regulator between networks at different trust levels. Typical examples of trust levels being the Internet and a corporate internal network.How it worksFirewalls are used for packet inspection & filtering, application proxy & stateful inspections of packet flows through the network. It is typically positioned at the network perimeter or provider edge – where internet traffic come in or goes out of the network.Packet filtering allows for inspecting individual packets against a set of parameters that allows for access control. This allows the system to filter out all unwanted traffic. However, this can break some of the applications running on a packet network. In order to ensure these applications run smoothly – firewall can act as a proxy or perform stateful inspection of packet. What makes this possible?For service providers, the protection starts at the perimeter of the network. This means fortifying the provider edge routers with FW functionality. This adaptive “single device, many uses” approach reduces the number of platforms that must be deployed and managed while offering a common operating and management environment across all of the network edge. This approach simplifies configuration, monitoring, troubleshooting, and security staff training. One of the popular provider edge platforms – The Cisco XR-12K – introduces this functionality via the Multi Service Blade, which can provide multiple Firewall contexts to enable service providers to leverage firewall virtualization to support and segregate multiple customers on a single physical device.

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.