Network Topology: Placing a Firewall
This guide explains basic network topology concepts and best practices for placing a NetFoundry zLAN firewall within your network.
Why Topology Matters
Proper firewall placement is critical for:
- Securing network boundaries
- Controlling traffic between segments
- Enabling monitoring and policy enforcement
Common Firewall Placement Scenarios
1. Perimeter Firewall (Edge)
Place the firewall between your internal network and the external (Internet or WAN) connection.
Purpose: Protects the entire network from external threats.
2. Segmentation Firewall (Internal)
Place the firewall between different internal segments (e.g., between user LAN and server LAN).
Purpose: Limits lateral movement and enforces policies between segments.
3. DMZ (Demilitarized Zone)
Use firewalls to create a DMZ for public-facing servers.
Purpose: Isolates public services from the internal network.
4. Host Protection (On-Host Firewall)
Install the firewall directly on the host you want to protect (e.g., server, VM, or workstation).
Purpose: Provides granular protection for individual hosts, controlling inbound and outbound traffic at the source. Useful for servers, VMs, or endpoints requiring dedicated security.
Best Practices for Firewall Placement
- Place firewalls at network boundaries and between sensitive segments.
- Use multiple firewalls for layered security (e.g., perimeter + internal).
- Ensure all traffic between segments passes through the firewall.
- Document your topology and update it as the network evolves.