All companies have some form of network architecture, which is how your business structures its network to meet the regular needs of all your devices. Depending on the type of network architecture you currently utilize, your firewall setup in Dallas, TX should be scaled up or even down. What should you expect?
After developing your company’s network architecture, your IT professionals should institute one of five types of firewall setups, including:
- Next gen
- Application-level gateways
- Circuit-level gateways
- Stateful inspection
- Packet filtering
In this article, we’ll first explain the various types of network architecture setups your company might use. Then we’ll delve into firewall architecture to determine which types gel with which network architecture models. You won’t want to miss it.
The Common Network Architecture Setups
Let’s discuss network architecture in greater detail, as the size and status of your network determine the level of firewall protection your company will require.
As we touched on in the intro, network architecture refers to a computer network’s design. This framework considers communication protocols, operational procedures, and physical components of the network.
The three types of network architectures are wide-area, data center, and access networks. Here’s a detailed explanation of all three.
A wide-area network or WAN is for when companies want to cover a large area with their network. Examples of such industries that would use WAN are government entities, schools, and many businesses.
Let’s say your company has a WAN network. Even if your customers were located across the world, they can still use your services or shop for your products. If your company were to change locations and establish your headquarters elsewhere, you wouldn’t have to worry about disruptions in your everyday business dealings.
The Internet that you’re reading this article on right now can be considered a WAN network, at least technically.
WANs can connect local area networks or LANs, although a LAN is not itself considered network architecture. A WAN is often private, although that depends on its nature.
Using leased lines, routers link LANs on another side of a secondary router. Besides leased lines, WANs are also built with packet switching, which utilizes protocols such as Frame Relay, Asynchronous Transfer Mode or ATM, Multiprotocol Label Switching or MPLS, and Packet over SONET/SDH.
Data Center Networks
The second type of network architecture is the data center. These pools use network, storage, and computational resources as part of one communication network. Datacenter buildings often rely on these networks, hence the name, and allow thousands–often tens of thousands–of servers to use cloud computing software or hardware.
There are several sub-types of data center networks, so let’s discuss these as well.
A DCell network links servers to one another. Each server has several Network Interface Cards or controllers. A cell hierarchy guides the DCell network. For example, cell0 has a certain number of servers as well as a network switch that you can use to activate those servers.
Then cell1 builds on cell0, and cell2 builds on cell1, and so on and so forth. Due to the nature of DCell architecture, it’s incredibly scalable.
- Fat Tree DCN
DCN stands for data center network, so fat tree DCN uses commodity bandwidth switches to limit strains on bandwidth. Fat tree DCN follows a hierarchy as well in how the network architecture organizes core, aggregate, and access layers. Instead of cells, fat tree DCN’s hierarchy features k pods.
- Three-Tier DCN
The third type of data center network architecture is three-tier DCN. This tree-based topology features fewer layers than fat tree DCN. The bottom layer has edge layer switch connections from server to server. Then, in the layers above that, layer switches connect them. These aggregate layers are attached via core layer switches.
The third type of network architecture is an access network. These networks allow subscribers to use a service, such as phones. College campuses are likely to institute an access network so their employees across campus can be on the same network.
The 5 Types of Firewall Setups – How Network Architecture Influences Them
Next, let’s go over the five different firewall setups that we listed in the intro. Now we can put the pieces together and discuss the ways that network architecture influences your Dallas firewall.
A next-generation or next-gen firewall safeguards your network from both external and internal threats alike. How? The firewall will filter all traffic to your network, keeping out that which is unwanted.
The basic features of next-gen firewalls are IP mapping, network monitoring, support for VPN (both Secure Sockets Layer or SSL and IPsec VPNs), and packet filtering. The more advanced features such as application control and SSL inspection make next-gen firewalls worth using for your company.
With one of these firewalls instituted, your company’s servers would be safe from malware, hacking, and other digital attacks. This would allow your company to continue using multi-cloud applications and co-location networking.
Next-gen firewalls can also identify update paths so they can continue to better serve your company and protect you from dangers online and offline.
A proxy or application-level gateway reviews data packets and traffic, doing so on the application level (hence the name). BitTorrent currently uses this type of firewall, as does Real Time Streaming Protocol or RTSP, Telnet, and File Transfer Protocol or FTP.
So let’s say, as an example, that your client wanted to access files on your server. To do so, they’d go through the application-level gateway. This server connects with your company’s main server but prohibits the client from seeing your IP address and sensitive information of that kind.
The third type of firewall is a circuit-level firewall. These are like the go-between for transport land application layers within the Internet protocol suite stack, specifically TCP/IP. As packets move between TCP, the circuit-level gateway oversees illegitimate session requests and removes their access.
If you send data through another computer when using a circuit-level gateway, then the gateway looks like the original source even if it isn’t. One of the main downsides of using a circuit-level gateway is how it won’t filter data down to each packet.
However, the lower price of a circuit-level gateway makes it appealing to newer companies such as startups, as they’re often on tight budgets.
A stateful inspection firewall, also known as a stateful firewall, is yet another network firewall that counts how many connections are on the network at any one time, including Internet Control Message Protocol or ICMP, User Datagram Protocol or UDP, and Transmission Control Protocol or TCP data.
Then the firewall will add one of three labels, which are closing, established, or listen. When entries go through, they’re put in a table, then packets that are related to that session go through. These are called related packets.
You can set the amount of time for stateful inspection firewalls to disconnect a packet from its table. If the apps transmit keepalive data to one another, the firewall will keep the connections going even if they’re not active.
The fifth type of network firewall is packet filtering. As the networks talk to one another, nodes send packets that should match the firewall’s rules. The firewall might accept the packets or exclude them from proceeding, relying on the destination IP and the source to make that decision.
The IP addresses between its source and destination should match, then the packet can proceed. Yet packet filtering can also check TCP and UDP protocols as well as others for further verification.
Network architecture includes wide-area networks or WANs, data center networks, and access networks. Since the purposes of each network are different, your company cannot apply a blanket firewall for its network needs.
Selecting an overzealous type of firewall for a WAN connection could prevent customers from being able to check out, which will lead to reduced sales. Yet if you get too lax with your firewall, then your company’s servers will not be protected from threats such as malware.
At Herrod Tech, our team of experts can get your firewall setup in Dallas, TX configured right the first time. You won’t have to worry about a firewall overpowering your network nor vulnerabilities. Call our managed Dallas IT support today to learn more.