Firewall Based VPNs

The most popular VPN solution is firewall integration. It is a safe assumption that a firewall is placed at the network perimeter; therefore, it is a natural extension to let this device support the VPN connections as well. This provides a central point of management as well as direct cohesion between firewall security policy and traffic let through the tunnel.

A drawback to this method is performance. A busy Internet circuit with multiple VPNs (running strong encryption on each tunnel) could overload the system if all these services are consolidated on a single box. Some firewalls, such as Firewall-1, do support encryption cards to reduce processor load. The encryption card fits in a standard PCI expansion slot and takes care of all traffic encryption and decryption.

Firewall-based VPNs are probably the most common form of VPN implementation today (see Figure 21-4). Many vendors offer firewall-based VPN solutions, each also including its proprietary encryption technology.

Was this article helpful?

0 0

Post a comment