Firewall topologies are different ways in which you can set up a firewall. The needs of firewall vary from one user to another and therefore different people may require a different set up of firewall. As per your needs, you can either have a very simple set up of the firewall that will cater to your most basic protection needs or you can also have a much complicated and advanced set up that would offer a more tight security.
Here we shall refer to firewall as a physical system and not just as a piece of software.
Types of Firewall Topologies
1. Dual–homed Firewall:
– This is the most simple firewall topology and therefore most common also.
– The connection between internet and firewall is via a modem.
– The internet comes directly via this dial – up modem in to the firewall or in some cases through some other kind of connection such as a cable model or ISDN line.
– However, in this type of configuration having a DMZ is not possible but still it provides adequate ways of protection.
– In this type, the data packets pass through the firewall filters and rules situated between the internet and the internal network.
– It uses the technique of IP masquerading.
– This is termed as the dual home hosting and the two networks have been referred to here as the two homes.
– First, interface of the firewall is connected to the inside home and the second one to the outside home.
– The simplicity of this set up is its advantage and best one to use when you are using only one IP address.
2. Two – legged network with fully exposed DMZ:
– This firewall topology has a very advance configuration compared to the previous one.
– The router through which the internet is accessed is also connected to a switch or a hub.
– This topology is best to be used when your system provides services that are accessed by public.
– The internet is unfiltered by the firewall.
– So the machines that require connecting to the internet directly connect to this hub.
– An adapter from the firewall’s network is also connected to this hub whereas the internal hub is where adapters of the other networks are connected.
– These are the adapters of the systems which require protection. Here only network cards are required by the firewall which itself simplifies the whole configuration.
– Plus, since the router can be controlled, you can access the packet filtering capabilities of the second set.
– Therefore, some limited protection can be provided.
– On the other hand if router is not controlled, DMZ will be exposed to the unfiltered network.
– This configuration depends up on two things namely:
a) The external router and
b) Multiple IP addresses
3. Three – legged Firewall:
– This topology requires an additional network adapter to be connected to the firewall for DMZ.
– Then the firewall is configured as per the needs to serve routing between the DMZ and the internet in way that is different from the routing between internal network and internet.
– This is the most useful configuration and is used by many.
– If the previously discussed topology does not work for you, then you should be trying this one.
– If it is mandatory for you to go for IP masquerading, then the systems can be masqueraded in DMZ tool and keeping them functionally distant from internal systems at the same time.
– This topology is particularly used by the people (who use static PPP connections or cable modems) for running several servers within DMZ with a single IP address.
– This topology provides the most economical solution for the home offices and other small businesses.
– But the complexity of this topology adds to its disadvantage.
– A large set of rules govern all the access activities to and from the internal network and DMZ.
– One needs to be careful with these rules.