Requiring advanced defences for advanced attacks? Considering a next-generation firewall? The latest features will facilitate design and architecture changes in your data center environment.
As more organizations consider implementing next-generation firewalls (NGFWs), network teams have to consider a number of possible changes in design and firewall architecture within their data center environments. To determine the proper placement for NGFW platforms, it’s key to determine the most appropriate use cases for your deployment. The most common NGFW deployment scenarios are as follows:
A key attribute of any next-generation firewall architecture being evaluated should be speed. Given the intense processing and analysis of packets coming through any NGFW device, traffic latency must be a major concern. Many products boast sustained speeds of 10 gigabit and more, but these should be tested thoroughly with real production traffic if possible before making a purchase, especially if the product will be placed inline. For organizations looking to inspect Secure Sockets Layer (SSL) traffic with the NGFW platforms, all SSL traffic you want to inspect must be routed to the system, either through normal traffic flow or by using intelligent taps or SSL traffic brokers. Many NGFS platforms experience significant latency with SSL decryption and inspection enabled, however, so you should carefully test it prior to deployment. And regardless of the deployment scenario, test it for throughput under load and have clustering and redundancy options available.