Networks·41,469 discussions

multiple firewalls

Locked

Tags: Hardware, Networking

Hi, I’m confused on something. I was always told you should only a have one firewall on a network. Yet I want to say I’ve been in buildings that have a hardware firewall but still have firewall software on their workstations. At least that’s what it appears to be. I thought the hardware firewall was supposed to protect all the pcs on the network. Am I missing something. I’m beginning to think who ever told me that was thinking of just a small network with a few users. It would make since to have more than just one if you have a large network. I can imagine on a large network with several building you might even have a hardware firewall at each location. I can see the how somebody would say that the firewalls would get in the way with each other but then again, I can’t. Any type of clarity on this would be greatly appreciated. Thank you.

Topic

Re: firewall

In reply to multiple firewalls

Suppose you have a network of 2 computers, one of which has to accept RDP requests and the second has to refuse them. Then the corporate firewall has to allow RDP requests, while the firewall on the second PC has to refuse them.

It’s only redundant if the rules are the same on all firewalls, including the first one.

Also, firewalls on the PC can block outgoing traffic from particular programs. The corporate firewall can’t, because it can’t see what program sent it.

Reply To: multiple firewalls

In reply to Re: firewall

I second this.
Need to be extra careful when it comes to data security.
Recently a bad PDF file costed LMG thousands of dollars. The PDF file basically sent the session IDs of the web browsers used for publishing YouTube videos on Linus Tech Tips, TechLinked & more.
You can watch the entire thing here

RE: Multiple Firewalls?

In reply to multiple firewalls

It really depends. Networks have evolved in size, complexity, and connectedness.

Depending on size of network (e.g., < 1,000 users), services to be protected (client, server), etc. If protecting clients you are mostly concerned about protecting outgoing traffic(ish). If you are protecting servers then you are concerned about outgoing and incoming traffic (e.g., SQL injection). Since protecting these services is vastly different, you may consider multiple firewalls that can ease burden and simplify management.

Also, here is a really good article (https://www.techtarget.com/searchsecurity/tip/How-many-firewalls-do-you-need) that can get you started on determining if one or multiple firewalls are needed/required.

Regardless of how many firewalls suit your organization – firewalls are not a single solution to protect your organization from cyber-attacks. Would offer that along with firewalls, you should also consider deploying enterprise antivirus, IPS/IDS, EDR or XDR, network monitoring tools, etc.

multiple firewalls

In reply to multiple firewalls

You’re right! It depends on the network size and needs.
1. One firewall is common for small networks, offering good protection.
2. Larger networks with multiple buildings often benefit from layered security.
-A hardware firewall at each location filters external traffic.
-Software firewalls on individual devices add an extra layer of protection.

Think of it like security gates – one main gate and extra locks on important rooms for extra defense.

[Author]

Replies