Chapter 7. Firewall Design

In previous chapters, we’ve discussed the technologies and architectures that are usually used to build firewalls. Now we can discuss how you put them together to get a solution that’s right for your site. The “right solution” to building a firewall is seldom a single technology; it’s usually a carefully crafted combination of technologies to solve different problems. This chapter starts the discussion of how to come up with the combination that’s right for you. Which problems you need to solve depend on what services you want to provide your users and what level of risk you’re willing to accept. Which techniques you use to solve those problems depend on how much time, money, and expertise you have available.

When you design a firewall, you go through a process that you will then repeat over time as your needs change. The basic outline is as follows:

  1. Define your needs.

  2. Evaluate the available products.

  3. Figure out how to assemble the products into a working firewall.

Define Your Needs

The first step in putting together a firewall is to figure out exactly what you need. You should do this before you start to look at firewall products, because otherwise you risk being influenced more by advertising than by your own situation. This is inevitable, and it has nothing to do with being gullible. If you don’t know clearly what you need, the products that you look at will shape your decisions, no matter how suspicious you are.

You may need to re-evaluate your needs if you ...

Get Building Internet Firewalls, 2nd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.