Hi all,
My team is implementing a set of firewalls, each acting as a gateway for its own "zone".
Each firewall has an interface in its zone, and an interface in a common transit zone. A diagram: https://ibb.co/XySZtDg.
It is commonly advised to block the traffic as closest to the source as possible, before entering the firewall (for efficiency reasons).
Based on the above, we would enforce the ruleset on each interface belonging to a non-transit zone (direction: from-zone-to-transit).
I assume it is still necessary to perform firewalling on the interfaces in the transit zone (direction: from-transit-to-zone).
Would you say the above makes sense, or are there better ways?
I'd really love to read more about firewalls design. I'd be grateful if you could suggest a resource where I could learn more.
Thanks.
No comments:
Post a Comment