Here’s a nice recipe for making a tasty, high-performance security checkpoint to replace a bland, low-performing single point of failure at the border between your network and the Internet.
Firewall Sandwich – Serves one (1) enterprise gateway
Ingredients
2 load-balancing switches, fresh 1GB type is best
2 to 60 firewalls, to taste (see number 4 below)
1 bushel of Cat 5 Ethernet wiring, separated
1 PC with firewall management software
1 Internet connection
1 ounce of freshly prepared security policy
Parsley sprigs
Directions
1. Sprinkle security policy until it coats the entire enterprise.
2. Install management software on a PC. Use it to create the rules the firewalls will use to filter traffic coming in and going out of the network. Set aside with Internet connection.
3. At edge of the network, put in 1 load-balancing switch so that the end connecting to the Internet faces out. (The load balancers will make sure no single firewall is overloaded with traffic. They will also move traffic to a working firewall if another firewall breaks down.) Let sit.
4. Place firewalls behind switch. Depending on taste, place as few as 2 or as many as 60 or more firewalls in the sandwich. More firewalls will yield higher performance and less chance of failure.
5. Interconnect firewalls using Cat 5 Ethernet wiring. Also, connect firewalls to management PC for configuration.
6. Put second load-balancing switch behind firewalls.
7. Connect the switches to the firewalls with remaining Cat 5 wiring.
8. Plug Internet connection into the front switch and enterprise connection into the back switch.
9. Plug in power supplies. Turn all boxes on.
10. Decorate with parsley sprigs.
11. Serve in a cool room, 24/7. Bon app
