General question about firewalls

cancel
Showing results for 
Search instead for 
Did you mean: 

General question about firewalls

L0 Member

Hi Guys,
I am extreme beginner on firewalls and network. I have a question, which will sound very naive. My brother company has around 500 employees in the same branch where he works. They have two firewalls in HA and then switches and then their servers. They run many web applications in their servers and a large amount of data is uploaded to the internal storages from internal endpoints.

They have multiple 16G and 25G network cards in their server, storage, switches and firewalls and they have 3 ILL line 2x500 Mbps and 1x350 Mbps.

My question is why do they need 25G interfaces in the firewalls? For servers, storage and swithes I can understand, since a lot of data is moved internally. But internal data can be routed through switches and their fastest ILL is 500Mbps. Since internal data dosen't need firewall to move around, so whats the use for 25G interfaces? Even most companies I have seen with fast ILL is 1Gbps, so shouldn't 1Gbps interface on firewall is enough, since data that come and goes through internet cannot be more than their ILL spped ? In general whats the use of firewall interfaces with higher gigabit speed than the ILL ?

3 REPLIES 3

Cyber Elite
Cyber Elite

Hello,

The things two things I typically use when spec'ing firewalls are:

  • How much traffic is going to go through it
  • What connection types and how man do I need

That said, 10gb firewalls are not cheap. Also I dont firewall traffic from servers to storage (i.e. where the VM's live, etc.). I only inspect north/south (to/from the internet) and east/west traffic (between servers, users, etc.). So with respect to my first criteria I use of throughput, find out how much traffic is going through the devices and then use the lowest spec of the firewall to see which one will work. Meaning if my max throughput is 500mb, I will look at the Palo Alto firewalls that have at least 500mb as their lowest mark for inspection.

 

I hope that makes sense, however please feel free to ask follow up questions.

 

Cheers!

But my question is that if internal data can be routed through switches and doesn't need a firewall for that, then what is the requirement of 25G on a firewall?

Cyber Elite
Cyber Elite

@Satyam,

Without knowing more about how the network is configured we, and you, can't tell you if the environment actually needs 25Gb capable firewalls. Depending on how the network is actually built, how the routes are actually configured, and what traffic is actually being inspected it's quite possible that kind of capacity is actually required. 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!