Firewalls, VPNs, and High Availability
Updated: May 5, 2022
When we think about a client's environment we think about the public edge. How does the world "see" you in terms of the Internet? We know there's a modem. That is sometimes the public edge. In most business networks, assuming a static wide area network (WAN) IP addressing is in place, the modem is in something called bridged mode. This means that the modem hands off its connectivity to the firewall to handle the routing so, effectively, the public edge becomes the firewall and that's a good thing.
It's a lot. Let's break it down.
First of all, every device in the world on the public Internet has a unique Internet Protocol (IP) address, which is necessary to facilitate communication. When an organization pays a little more to their Internet Service Provider (ISP) for a static WAN IP address (static means one that doesn't change), they receive provisioning, and, as engineers, we use one of them as the primary to specify the public edge of the firewall.
So then, on any given system at your office, if you open a web browser and go to www.whatismyip.com you'll find out how the world "sees" your location, meaning the WAN IP or public edge. This is important because everything behind the public edge must be appropriately protected.
Any decent router will have all network ports a private IP range on the "inside" or local area network (LAN), such as 192.168.10.x where x is the unique number each server, workstation, laptop, printer, etc. receives for its IP assignment. This means that the world can't, by default "see" those devices although they're on the network and connected to the Internet. This is where a firewall most importantly comes into play.
The term High Availability (HA) refers technology solutions designed for maximum uptime. In the context of this post, we're first concerned with the Internet connection. In the current computing environment, many organizations find themselves increasingly dependent on their Internet connection due to remote workers using the VPN to access company resources, on-premises workers utilizing Cloud-based services, email, and web access.
To the extent a Cloud-based Directory Services and/or storage is relied upon, Internet connectivity is even more vital. To this end, we frequently recommend and implement dual Internet connections at each site, configure them for aggregate concurrent usage as well as automatic failover. With dual Internet connections—from different Internet Service Providers (ISPs) in order to avoid a single point-of-failure--we configure them as described above so that our clients are (a) ensured of maximum uptime and (b) enjoy the added benefit of both ISPs with their' speeds combined.
Plexus8 actively monitors and maintains each and every firewall we manage. We recommend and implement next generation firewalls which, as Fortinet puts it, deliver the following benefits:
1. Monitors Network Traffic
All of the benefits of firewall security start with the ability to monitor network traffic. Data coming in and out of your systems creates opportunities for threats to compromise your operations. By monitoring and analyzing network traffic, firewalls leverage pre-established rules and filters to keep your systems protected. With a well-trained IT team, you can manage your levels of protection based on what you see coming in and out through your firewall.
2. Stops Virus Attacks
Nothing can shut your digital operations down faster and harder than a virus attack. With hundreds of thousands of new threats developed every single day, it is vital that you put the defenses in place to keep your systems healthy. One of the most visible benefits of firewalls is the ability to control your system's entry points and stop virus attacks. The cost of damage from a virus attack on your systems could be immeasurably high, depending on the type of virus.
3. Prevents Hacking
Unfortunately, the trend of businesses moving more toward digital operations invites thieves and bad actors to do the same. With the rise of data theft and criminals holding systems hostage, firewalls have become even more important, as they prevent hackers from gaining unauthorized access to your data, emails, systems, and more. A firewall can stop a hacker completely or deter them to choose an easier target.
4. Stops Spyware
In a data-driven world, a much-needed benefit is stopping spyware from gaining access and getting into your systems. As systems become more complex and robust, the entry points criminals can use to gain access to your systems also increase. One of the most common ways unwanted people gain access is by employing spyware and malware—programs designed to infiltrate your systems, control your computers, and steal your data. Firewalls serve as an important blockade against these malicious programs.
5. Promotes Privacy
An overarching benefit is the promotion of privacy. By proactively working to keep your data and your customers' data safe, you build an environment of privacy that your clients can trust. No one likes their data stolen, especially when it is clear that steps could have been taken to prevent the intrusion.
Our initial consultation is always free of charge.
Feel free to email us at firstname.lastname@example.org or schedule a Zoom meeting.