Firewalls have some router line features – such as packet forwarding, packet filtering, NAT, PAT and redirection. Firewalls also behave similar to ACLs with a set of rules (and macros in more advanced software) to restrict traffic flow.
Firewalls use the following rules to make decisions:
- router IP ACLs – matching source and destination IP addresses
- router IP ACLs – matching source and destionation TCP/UDP ports
- monitoring application flows to allow additional TCP and UDP
- match the text in the URI of HTTP request
- keep state information and make decisions about filtering future packets based on historical state information
- type of traffic (ICMP, TCP/IP)
Firewall rules may restrict the flow of network protocols causing intermittent or hard to diagnose faults in a network. This may lead to difficulty in diagnosing faults if not taken into account.
Firewalls may also separate the network into separate zones. Multiple interfaces may be grouped into the same zones, these interfaces would have the same rules applied to them. Network zoning allows for the simplification of firewall rules and increases security by segregating traffic.
For example a DMZ may be set up to allow for public access to web servers. The DMZ traffic would be segregated from other internal traffic to prevent public internet traffic from gaining access to the private LAN.
1.3.b Access points
Wireless access points act as 3 separate devices:
- wireless access points
When running a large wireless network multiple access points will be required due to the large area covered. To overcome the problem of multiple SSIDs and connecting to multiple wireless networks in a corporate network the access points are separated into:
- Wireless LAN Controller – controls and manages AP functions
- Lightweight AP – forwards data between the wired and wireless LAN
Separating the access points into multiple parts allows the client to seamlessly connect to the wireless network while roaming throughout the coverage area.
1.3.c Wireless controllers
Wireless LAN controllers as discussed above manage the access point functions such as authentication, roaming, WLANS etc. Wireless LAN controllers manage multiple LWAP (Lightweight Access Points) allowing a user to stay on the same network whilst connecting to different LWAP.