Firewall Architectures

James E. Goldman, Purdue University


Brief Review of Firewall Functionality

Requirements Analysis for Firewall Architectures

Importance of Understanding Security Requirements

Clean Networks and Dirty Networks

Risk Domains

Requirements versus Firewall Functionality

Enterprise Firewall Architectures

Conceptual Design Options of Firewall Architectures

Defense in Depth

Perimeter Security

Firewall Architecture Design Elements

Packet-Filtering Routers


Perimeter Firewall Architecture


Server/Host Firewall Architecture


Screened Subnet Firewall Architecture


Multitiered/Distributed DMZ Architecture


Air Gap Architecture




Cross References

Further Reading


When an organization or individual links to the Internet, it creates a two-way access point in and out of their information systems. To prevent unauthorized activities between the Internet and the private network, a specialized hardware, software, or software–hardware combination known as a firewall is often deployed.

Brief Review of Firewall Functionality

Firewall software often runs on a dedicated server between the Internet and the protected network. Firmware-based firewalls and single-purpose dedicated firewall appliances are situated in a similar location on a network and provide similar functionality to the software-based firewall. All network traffic entering the firewall is examined, ...

Get Handbook of Information Security: Threats, Vulnerabilities, Prevention, Detection, and Management, Volume 3 now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.