Network workers must also often encounter a security device on the project: firewalls, so what are the ways to deploy firewalls? I have also written an article about firewalls, seeNetwork Border Security|The Difference Between a Network Gate and a Firewall
Introduction to Firewalls
A firewall (Firewal) is a system or group of systems built at the boundary of two networks that implements security policies and monitors network communications, enforcing the control of internal andextranetof access control.
The purpose of protecting a given network is achieved by establishing a set of rules and policies to monitor, restrict, and change the flow of data across the firewall.
1,Routing mode
Routing Mode: The firewall in routing mode is equivalent to a router with routing capabilities.
It can determine the forwarding path of a packet by querying the routing table based on the destination IP address in the IP packet.
The firewall forwards traffic between different network interfaces (e.g., LAN interface and WAN interface) and, during the forwarding process, inspects and filters packets according to predefined access control policies (e.g., allowing or prohibiting access to certain IP address segments, port numbers, etc.).
Application Scenario: Suitable for connecting different network segments, such as the connection between the internal network of the enterprise and the external Internet.
Routing mode is a good choice when an organisation has multiple subnets and wants firewalls to enable communication control between subnets and between subnets and external networks.
2, Transparent mode
Transparent mode: known asBridging Mode, the firewall is transparent to other devices in the network, as if it did not exist.
It works at the data link layer and does not change the IP address or routing information of packets. The firewall only inspects and filters the packets passing through it, allowing or blocking the transmission of packets according to the security policy.
onlinetopological structureperspective, it is like a "virtual network cable" that connects between two network devices. Application Scenario: Commonly used in situations where network security needs to be enhanced without changing the existing network topology and IP address configuration.
For example, in an already deployed network, if you want to add a firewall for security but do not want to make large-scale changes to the IP addresses and routing settings of existing network devices (e.g., servers, clients, etc.), Transparent Mode is a perfect fit. It allows seamless access to the network for secure monitoring and filtering of traffic in the network.
3,Mixed mode
Hybrid mode: combines the features of routing mode and transparent mode. Some interfaces of the firewall can be configured in routing mode for connecting different network subnets and for routing forwarding;
While other interfaces can be configured in transparent mode for security monitoring and filtering of some network traffic without changing the existing network topology and IP address.
This model provides greater flexibility and can be flexibly configured according to the actual network environment and security requirements.
Application Scenario: Applicable to complex network environments, such as the enterprise network in some areas need to carry out strict subnetting and routing control (using the routing mode), while there are some areas due to the limitations of the existing network architecture or other special needs, need to access the firewall in a transparent mode for security protection.
For example, an enterprise has a new data centre area that requires subnetting and access control via a routed mode firewall interface;
At the same time, there is an old office area that is secured through a transparent mode firewall interface in order to avoid large-scale network modifications.
4,Bypass mode
Bypass Mode: i.e. Bypass Audit Mode, in which the firewall device is not directly connected in series to the main path of network data transmission, but instead acquires network traffic for monitoring and analysing by other means.
Note: Bypass mode can also be done for data access control if it is a bypass diversion method .
application scenario
1. Network Security Audit: Enterprises can use firewalls in bypass mode to comprehensively review the use of internal networks. By analysing traffic logs, it is possible to understand whether employees comply with the company's network usage policy and whether there is a risk of sensitive information leakage, etc.
For example, by examining the file transfer logs in the traffic, it is possible to find out if any employees are sending confidential company documents to external unauthorised mailboxes.
2, intrusion detection assistance: In network environments where traditional firewalls and intrusion prevention systems have been deployed, bypass-mode firewalls can be used as supplementary security monitoring tools. When some complex, hidden means of attack may bypass the existing security defences, the bypass firewall can find potential signs of intrusion through in-depth analysis of traffic. For example, some zero-day attacks using unknown vulnerabilities are detected, and alerts are issued by analysing unusual behaviours in the traffic (e.g. unusual protocol usage, unusual port communication, etc.).
3. Network quality of service monitoring: ISP (Internet Service Provider (ISP)) A firewall in bypass mode can be used to monitor the traffic quality of a user's network. By observing the characteristics of the traffic, such as bandwidth usage and protocol distribution, the user's network experience is assessed, and problems such as network congestion and abnormal traffic are identified in a timely manner so that appropriate measures can be taken to improve the quality of service.