Stateful Firewall DMZ Design – Network Security

Stateful Firewall DMZ Design

Network Security

Last Updated on Sun, 19 Feb 2023

After stateful firewalls became more generally available, organizations started replacing the second router in the dual-router DMZ design with a stateful firewall. This design is shown in Figure 7-5.

Figure 7-5. Stateful Firewall DMZ Design

Figure 7-5. Stateful Firewall DMZ Design

Firewall Desgin

This design improves on the dual-router DMZ design by allowing strong filtering between the internal network and the public servers and Internet. Many organizations still use this filtering option today, especially when the performance capabilities of their firewall cannot match the throughput requirements of the public servers.

When a stateful firewall has been deployed, network connectivity can be impacted. Some firewalls do not support advanced routing or multicast functions, which can be an issue in some networks.

In this design, the router still performs some filtering. Stopping nonroutable address space and performing ingress filtering are the two main tasks. See Chapter 6 for more information.

Continue reading here: Modern Three Interface Firewall Design

Was this article helpful?

+3
-1