Firewall architecture


When we talk about architecture, we mean how the firewall is designed and implemented. There are basically three types of architecture.

You have certainly noticed that, judging by the variety of types, firewalls can be implemented in several ways to meet the most diverse needs. This aspect leads to another important feature of the subject: the architecture of a firewall.

When we talk about architecture, we mean how the firewall is designed and implemented. There are basically three types of architecture. We will see them below.

Dual-Homed Host Architecture
In this mode, there is a computer called a dual-homed host that sits between an internal network and the external network - usually the internet. The name is due to the fact that this host has at least two network interfaces, one for each "side".

Realize that there is no other communication path, therefore, all traffic passes through this firewall, with no access from the internal network to the external network (and vice versa) directly. The main advantage of this approach is that there is great traffic control. The most significant disadvantage, in turn, is that any problem with dual-homed - an intrusion, for example - can jeopardize network security or even paralyze traffic. For this reason, its use may not be suitable for networks where internet access is essential.

This type of architecture is widely used for proxy firewalls.

Screened Host
In the Screened Host architecture , instead of having a single machine acting as an intermediary between the internal network and the external network, there are two: one that acts as a router ( screening router ) and another called a bastion host .

The bastion host acts between the router and the internal network, not allowing direct communication between both sides. Realize then that it is an extra layer of security: communication takes place in the internal network - bastion host - screening router - external network and vice versa.

Screened Host Architecture

The router normally works by filtering packets, the filters being configured to redirect traffic to the bastion host. This, in turn, can decide whether certain connections should be allowed or not, even if they have passed through the router's filters.

Being the critical point of the structure, the bastion host needs to be well protected, otherwise it will jeopardize the security of the internal network or even make it inaccessible.

An IT Support Engineer resolves all IT-related problems. They should possess deep technical knowledge to address network faults quickly and efficiently. The professional will assist in managing projects along with reviewing the operational manual.