I believe everyone knows what a firewall is for. I think we need to be reminded that a firewall resists external attacks and can’t play much role in internal viruses (such as ARP virus) or attacks.

Function: the function of firewall is mainly to protect the boundary between the two networks. Enterprises use more NAT, packet filtering rules, port mapping and other functions of Intranet and Internet. The production network and the office network are used in logical isolation. The main function is to use packet filtering rules.

Deployment mode: gateway mode, transparent mode:

Gateway mode is the most used mode now. It can replace routers and provide more functions. It is suitable for all types of enterprises

Transparent deployment is to connect the firewall in the middle of the enterprise network in the mode of transparent bridge without changing the existing network structure, control access through packet filtering rules, and divide the security domain. As for when to use gateway mode or transparent mode, you need to decide according to your own needs. There is no absolute deployment method. Whether the server needs to be deployed in the DMZ area depends on the number and importance of servers. In short, how to deploy is the user’s own choice! All we give is advice

High availability: in order to ensure network reliability, the equipment now supports active active, active standby and other deployments

Anti poison wall:

Definition: compared with firewall, it generally has the function of firewall, and the defense object is more targeted, that is, virus.

Function: the same as the firewall, and add the virus feature library to compare the data with the virus feature library to check and kill the virus.

Deployment mode: the same as firewall. Most of the time, transparent mode is used to deploy behind firewall or router or before server for virus prevention and killing

Intrusion Prevention (IPS)

Definition: compared with firewall, it generally has the function of firewall, and the defense object is more targeted, that is, attack. Firewall achieves the effect of packet filtering by controlling five tuples, while intrusion prevention IPS detects data packets (deep packet detection DPI) to check and kill worms, viruses, Trojans, denial of service and other attacks.

Function: the same as firewall, and add IPS feature library to defend against attacks.

Deployment method: the same as the anti-virus wall.

In particular, the firewall allows packets that comply with the rules to be transmitted, and does not check whether there are virus codes or attack codes in the packets, while the anti-virus wall and intrusion prevention make up for this through deeper inspection of packets.

Unified Threat security gateway (UTM):

Definition: in a simple understanding, unifying the threats is actually the integration of the above three devices.

Function: it also has the functions of firewall, anti-virus wall and intrusion protection.

Deployment method: because it can replace the firewall function, the deployment method is the same as that of firewall


Definition: full name: safety isolation gate. Security isolation gateway is a network security device which can cut off the link layer connection between networks on the circuit by special hardware with a variety of control functions, and can exchange safe and appropriate application data between networks

Function: it is mainly used to isolate the two networks and need data exchange. The gateway is a product with Chinese characteristics.

Deployment mode: between two networks

Generally, logical isolation is made between two sets of networks for fire prevention, and the gateway meets the relevant requirements. Physical isolation can be made to block TCP and other protocols in the network, and private protocols are used for data exchange. Generally, enterprises use less, and the gateway will be used in units with slightly higher network requirements.


Definition: a VPN technology using SSL protocol is more convenient to use than IPSec VPN. After all, SSLVPN can be used with a browser.

Function: with the rapid development of mobile office, SSLVPN is used more and more. In addition to mobile office, it is also very convenient to log in to SSLVPN through browser and connect to other networks. IPSec VPN is more inclined to network access, while SSLVPN is more inclined to publish applications

Deployment: SSLVPN is generally deployed in bypass mode to realize mobile office and other functions without changing the user network.

WAF (Web Application Firewall) web application protection system:

Definition: as can be seen from the name, the protection aspect of WAF is web application, which means that the protection objects are websites and various systems of B / S structure.

Function: analyze http / HTTPS protocol, protect against SQL injection attack, XSS attack and Web attack, and have URL based access control; HTTP protocol compliance; Web sensitive information protection; File upload and download control; Web form keyword filtering. Web page hanging horse protection, webshell protection and web application delivery.

Deployment: it is usually deployed in front of the web application server for protection

IPS can also detect some web attacks, but it is not as targeted as WAF. Therefore, it is better to select different devices according to different protection objects.

Leave a Reply

Your email address will not be published. Required fields are marked *