Software Defined Networking, Data Centre and Infrastructure
Looking at using SDN & OpenFlow to perform a firewall migration on a rule by rule basis instead of using any of the other nasty, crufty hacks. Very useful when you want to find an easier and low risk way to get rid of those pesky CheckPoint firewall products.
You can deploy some modern firewalls in Layer 2 mode such that they are transpart
This post looks at design models for handling the allocation of resources within the Cisco ACE and FWSM modules. In may be relevant to other virtualisation system where allocation of virtual resources needs a strategy.
The Cisco Firewall Service Modules (FWSM) has a design limitation based on its ability to discriminate packet forwarding between multiple contexts. It also applies to ASA/PIX software. Lets review this in detail and learn the evil consequences.
In modern Enterprise networks, you typically have many clusters of firewalls protecting assets in your network. Since we use two or more layers of firewalls, we can put our DMZ for intermediate security zones in different places in our network. Lets gather together the different options and consider the merits or not, and sometimes how they ‘self-build’.
