Web exchange of technological progress not only optimize the Web server, while it can be used to solve some of the problems caused by the firewall.
Although the firewall to prevent network intrusion has high efficiency and safety has become a Web site and services presented the key factor, however, all of which security is achieved at high costs.In short, the firewall will limit the performance and scalability.As the firewall is the single point of failure will cause the line equipment, it will reduce the availability of the network.
Firewall technology and emerging Web switching technology can combine firewall performance, availability and scalability are significantly improved.
The most commonly used by the installed firewall software on a server form.This server has two network cards installed, and was inserted into the data path.One of a network card to connect to the network's public side, the public terminal is usually connected to the router with the Internet (so-called firewall "dirty" side).Another piece of card and connected the need to protect the resources (the so-called firewall "clean" side).
Firewall installed on the data path, thus limiting the network performance and scalability, because all through the dirty side and clean side of the data stream must flow through the firewall.Firewall filtering technologies and other pre-set by the network management strategy, for each packet inspection.
The problem is most suitable for handling the firewall is not suitable for screening of high-capacity structure of the packet.Extend the performance of the firewall is very difficult because it usually involves high costs to upgrade: the use of more high-profile and most powerful processor servers.
Emerging Web switching technology is widely regarded as the capacity expansion of the firewall, the firewall device to improve the overall availability solution.Firewall load balancing to achieve, you need to use two Web switch: a clean installation of the firewall side, another installed in the dirty side.Each Web switch will enter the IP stream sent to the other end through the firewall, the corresponding Web switches.This is realized in several firewall load balancing, therefore, so the firewall can run in parallel, extending firewall performance and eliminate single points of failure of the firewall as possible.
Different from traditional packet switch, Web switch has to maintain Ethernet and Gigabit Ethernet transmission rate, the ability of different TCP sessions.Because the firewall is a state of (stateful) equipment, therefore, all data packets related to the establishment of a session should flow through the same firewall.Web Smart switches to maintain the flow of data flowing through the firewall status information, thereby ensuring that all specific IP source / destination address on the flow of data between all flow through the same firewall.In turn, this also guarantees a firewall to establish session continuity.
Firewall load balancing technology can also be used to reduce the firewall will need to complete the workload data stream filtering, this is the implementation of the "demilitarized zone" (DMZ) The main advantages of technology.Save in the DMZ Web server requirements such as the Internet public access resources.Web switches need to have data flow filtering to determine which packets should be transmitted to the DMZ, which should pass through the firewall.Up away from the firewall, the firewall filtering greatly improved performance, accelerated the speed of the user data stream.
Web switch is configured to allow or deny access to the DMZ server filters realized in this way two levels of security: a switch using the configuration in the Web filters to limit the visit, another level through aCheck the status of the firewall to restrict access.
To maintain high availability firewall, Web switch to the firewall using the other end of a row corresponding Web switches on each port to send force to respond to commands (ping) to monitor the firewall's "health" condition.If a firewall or Web switch port fails, the data stream was assigned to the remaining "healthy" Web switch port and the associated firewall.
Firewall load balancing solution using the new Web switching technology caused by a firewall that many performance problems and scalability issues.This technology enables the firewall can run in parallel, without a major upgrade in the conditions, greatly increased the efficiency and extend the performance and eliminate single points of failure of the firewall as possible.