Stateful Firewall DMZ Design

After stateful firewalls became more generally available, organizations started replacing the second router in the dual-router DMZ design with a stateful firewall. This design is shown in Figure 7-5.

Figure 7-5. Stateful Firewall DMZ Design

Figure 7-5. Stateful Firewall DMZ Design

This design improves on the dual-router DMZ design by allowing strong filtering between the internal network and the public servers and Internet. Many organizations still use this filtering option today, especially when the performance capabilities of their firewall cannot match the throughput requirements of the public servers.

When a stateful firewall has been deployed, network connectivity can be impacted. Some firewalls do not support advanced routing or multicast functions, which can be an issue in some networks.

In this design, the router still performs some filtering. Stopping nonroutable address space and performing ingress filtering are the two main tasks. See Chapter 6 for more information.

100 SEO Tips

100 SEO Tips

100 SEO Tips EVERY SEO Enthusiast Should Know. This Report 100 SEO Tips will help you to Utilize These Tips to Dominate The Search Engine Today.

Get My Free Ebook


Post a comment