0118 338 3000Network Based Firewall
8el’s Network Based Firewall is a line of defence between the internal trusted corporate WAN and the external un-trusted public Internet.
The line of defence provides protection to internal resources from unauthorised external attacks and restricts unauthorised outbound traffic leaving the internal network. The Network Based Firewall is built on the Cisco 5500 platform with connections into 8el’s MPLS core, ISP backbone and an optional DMZ.
The physical hardware is partitioned into multiple standalone firewalls creating a single firewall per customer. Each standalone firewall acts and behaves as an independent entity with its own configuration, interfaces, security polices and routing tables. Limits will be put in place in order to prevent a single partition taking all the system resources from other partitions.
The solution is available as two options:
Stand Alone
The hardware platform has been installed in 8el’s fully managed, secure, N+1, Telecity data center. Whilst the solution is only available via one of 8el’s data centres, the redundancy between all of the data centers and the provisioning of primary and backup circuits into the MPLS core will enable the solution to continue to function in the event of a primary circuit from remote site into Telecity failing (providing backup circuit into MPLS Core exists) and in the event the ISP peering directly out of Telecity is unavailable.
HA Pair
The hardware platform has been installed across 8el’s fully managed, secure, N+1, data centres. The configuration of the solution is to be in an active\standby firewall pair with a heartbeat between the two in a separate VLAN, maintaining the state information. Redundancy within the MPLS core and ISP ensures that in the event of a primary circuit failure (assuming a backup circuit into the MPLS core exists) or failure of an ISP peering from any of 8el’s data centres, the solution will remain live.
| ISP Transit | Managed Firewalls |
| 8el WebConnect - Remote Access | Domain Name Services |
| Email Store and Forward |
- Network protection using Stateful Packet Inspection- keeps track of the state of network connections (such as TCP streams, UDP communication) traveling across it. The firewall is programmed to distinguish legitimate packets for different types of connections. Only packets matching a known connection state will be allowed by the firewall; others will be rejected.
- Network Address Translation (NAT) - The firewall will be required to perform NAT to conceal the IP addresses being used on the internal network and any DMZ. The externally facing ‘outside’ address will be Port Address Translated (PAT) so that external connection requests will appear to come from the allocate IPv4 public address space (as per RIPE allocation).
- Optional De-Militarised Zone (DMZ) - Public facing servers provide an access point into a private network for a remote hacker. By zoning these servers into their own network in the event of a security breach protection is provided to the private network. Differing security levels between the internal network, external network and DMZ provide certain traffic flows that will not expose elements of the network to unauthorized users.
- Rule Set - Predefined rules are what govern the permitted and non-permitted traffic flows though the Firewall between internal, external and DMZ. These rules are based on Source, Destination and Protocol\Port number
- Colocated by 8el – The solution has all the benefits of a core based Internet breakout without the requirement to have colocation space. The platform is housed within 8el’s private colocation facility and is monitored 24/7 along with the rest of the Core network.
- Managed by 8el – All moves, adds and changes are managed by the 8el support team offering experience and guidance to a critical element of the networks Threat Defence Solution.