Looking at using SDN & OpenFlow to perform a firewall migration on a rule by rule basis instead of using any of the other nasty, crufty hacks. Very useful when you want to find an easier and low risk way to get rid of those pesky CheckPoint firewall products.
11 Things About Using a Transparent or Layer 2 Firewall ?
5th June 2012 by 15 Comments
You can deploy some modern firewalls in Layer 2 mode such that they are transpart
Cisco FWSM and ACE Resource Allocation Strategies
20th April 2010 by 2 Comments
This post looks at design models for handling the allocation of resources within the Cisco ACE and FWSM modules. In may be relevant to other virtualisation system where allocation of virtual resources needs a strategy.
Design: Cisco Firewall Services Module Virtualization Design Traps
13th August 2009 by 4 Comments
The Cisco Firewall Service Modules (FWSM) has a design limitation based on its ability to discriminate packet forwarding between multiple contexts. It also applies to ASA/PIX software. Lets review this in detail and learn the evil consequences.
Blessay: Designing Enterprise DMZ and Multilayer Firewall Clusters
2nd August 2009 by 33 Comments
In modern Enterprise networks, you typically have many clusters of firewalls protecting assets in your network. Since we use two or more layers of firewalls, we can put our DMZ for intermediate security zones in different places in our network. Lets gather together the different options and consider the merits or not, and sometimes how they ‘self-build’.
