The days of selling basic network-layer firewalls alone are over. Network and security solution providers must now provide more complex firewall solutions that integrate stateful and application-aware appliances. But providing more complex firewall strategies can complicate firewall management. In this guide, read a series of articles from SearchNetworking.com that will help you understand how application firewalls can be used alongside port and protocol firewalls. Also learn about firewall change and configuration management, as well as automated troubleshooting techniques.
Application awareness for complete firewall solutions
Firewalls have worked as the predominant form of security for Internet-connected networks for 25 years, but during this time attackers have climbed the protocol stack, going past the operating system or TCP/IP protocols and aiming deep into HTTP, HTML and XML protocols that make up modern distributed Web applications. So it has become crucial to combine intelligent, application-layer firewalls with stateful firewalls.
In this article about the many functions of application-aware firewalls, learn how these devices can monitor and discern between applications on the
Requires Membership to View
To gain access to this and all member only content, please provide the following information:
By submitting your registration information to SearchNetworkingChannel.com you agree to receive email communications from the TechTarget network of sites, and/or third party content providers that have relationships with TechTarget, based on your topic interests and activity, including updates on new content, event notifications, new site launches and market research surveys. Please verify all information and selections above. You may unsubscribe at any time from one or more of the services you have selected by editing your profile, unsubscribing via email or by contacting us here
- Your use of SearchNetworkingChannel.com is governed by our Terms of Use
- We designed our Privacy Policy to provide you with important disclosures about how we collect and use your registration and other information. We encourage you to read the Privacy Policy, and to use it to help make informed decisions.
- If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States.
network and help to enforce user-based policy.
Application-aware firewalls alone won't cut it
The need for application-aware firewalls doesn't replace the need for network-layer firewalls. In fact, you will more likely have to sell your clients solutions that combines stateful firewalls with next-generation firewalls.
In this firewall case study, learn how one user implemented an application-aware firewall to scan applications hitting the data center alongside a network-layer firewall to check ports and protocols.
With complex firewall solutions comes need for better management systems
Network managers tend to shrug off network change and configuration management (NCCM) as more of a burden than it's worth, so you can imagine how difficult it might be to sell them firewall change management systems. But that doesn't mean you should avoid including firewall change management in your portfolio.
Firewall change management and automation can help curb the human error that often causes firewall misconfiguration nightmares.
In this tip on firewall change management, find out how software can formalize the way network managers (or their solution providers) document the who, what, when, why and how of firewall changes in order to avoid mistakes. Also learn how they use these tools to automate day-to-day firewall management tasks.
Third-party management software as part of the firewall strategy
Change management can be as simple as implementing third-party firewall management software. In this news article on firewall management software, learn how to use these platforms to analyze and monitor firewall rules and configuration changes and their effects on network performance.
Understanding firewall policy in order to automate corrections
As channel partners and their end users struggle to better manage firewalls in a more complex setting, researchers are working on new strategies as well. In November, researchers Fei Chen and Alex X. Liu of Michigan State University, and JeeHyun Hwang and Tao Xie of North Carolina State University, presented a paper called "First Step Towards Automatic Correction of Firewall Policy Faults" at the Large Installation Systems Administration (LISA) conference in San Jose. Working on the premise that many firewall problems are boiled down to faulty policy, the paper examines ways of analyzing firewall policy problems and then implementing automated corrections based on these commonly made errors.
Read more of this paper about firewall
policy management and automated correction.
This was first published in March 2011