SRX5308 Ultra High Performance Business-class Firewall Security

Netgear Prosafe SRX5308 an External facing firewall systems – an Ultra High Performance Business-class Firewall Security

All external facing firewall appliances connected to the entry point of the internet must be configured to protect internal assets from any types of security threats from the internet An external facing firewall is required when connecting any part of the corporate network  to a public or un-trusted network, such as the Internet. It is critical for the operational success of the corporate network that all external network access points are appropriately secured with a suitable defense system – external firewall appliance. This consists of suitable firewall appliance enforcing a strong configured security policy.

Ensuring that a firewall appliance is configured correctly is paramount to the security of the network. For this reason it is critical that all corporate firewall configuration changes are made by authorized security personnel and are routinely reviewed to ensure maximum security.

External facing firewall appliance systems must use certain security features to defend against Internet attacks. Firewall appliance must be configured to deny all traffic, unless the traffic has been explicitly allowed (granted).

Authorized traffic must be granted based on traffic characteristics and is defined in the firewalls security policy. This firewall appliance must also be configured to defend against common Internet hacking techniques, such as address masquerading (IP-spoofing).

Netgear Prosafe SRX5308 is an example of external facing firewall systems which is designed for business-class firewall security.

What This Product Does

SRX5308 is one of Netgear ProSafe firewalls family which is designed for high performance Business-class Firewall Security system. It provides hardware-accelerated data flow architecture that allows for 1 Gbps of stateful firewall throughput. This firewall appliance supports native VPN including SSL remote tunneling and secure site-to-site IPSec VPN. You can create up to 125 simultaneous IPSec VPN tunnels and up to 50 simultaneous SSL VPN secure tunneling.

SRX5308 supports SNMP-manageable and includes any types of security protection system including DoS (denial of services) protection, stateful packet inspection and URL keyword filtering.

For any requirement of segregating the security boundary for hosting public resources, you can configure the firewall to include the DMZ network where you can place any public resources in this zone.

Like new generation of home wireless routers which include guest network feature – a feature to let you create separate network for your guests to get internet access without providing your local network resources, the SRX5308 supports VLAN (virtual LAN) to let you segregate your LAN network when you need to provide separate guest network separated from your critical business servers.

The SRX5308 firewall appliance includes four gigabit Ethernet WAN ports you can configure in two different modes of operations either for load balancing or fail-over modes. You can connect up to four different broadband modems from different ISPs. In load balancing mode your firewall security will choose the best lines base on the internet load demand. In fail-over mode, when the primary connection fails to function, the system will fail-over to the backup lines to make sure that the Internet line is “On” all the time.

Click here for SRX5308 manufacturer’s specs details.

External Firewall Security Best Practices

When deploying the external facing firewall in your organization, the following lists security best practices.

1. All perimeter routers (external router in front of a firewall appliance) shall be configured to provide basic packet filtering using extended access-lists.
2. A suitable firewall must be used in conjunction with a suitable firewall topology and security policy (rule base).
3. 3. If any global corporate network exists, all external traffic (public or Internet) must pass through a corporate firewall. No corporate system must be attached to the Internet unless protected by a firewall appliance.
4. All external facing firewalls must be configured to DENY all traffic unless explicitly permitted
5. Traffic must be individually ALLOWED (permitted) based on traffic classification parameters, which include: Application type (protocol and port); Direction (source /destination); Action (Permit or Deny); Authentication requirements; Virus Scanning (Content Filtering) and Logging Level
6. External facing firewalls must not expose internal components such as inside IP addresses and private DNS to the Internet. The use of a split DNS with DNS zone filtering is mandatory. This protects the internal DNS from such risks as reconnaissance attacks. Network Address Translation (NAT) must be used to hide corporate internal IP addresses.
7. All high-risk traffic must be logged with sufficient detail to assist with security analysis (date\time, source\destination IP address, protocol and port).
8. External facing firewalls must be configured with event and alert notification. Multiple notification methods should be used to guarantee immediate notification to security staff. Valid notification methods include email, pager, or SMS (this can be done via SNMP traps).

Deployment of Firewall appliance is very essential in each of the entry point of the internet to protect your organization business assets. Netgear Prosafe SRX5308 is one of the firewall systems – an Ultra High Performance Business-class Firewall Security.

See also:

• Information security management and policy
• Risk security assessment
• TL-R4299G Dual WAN Router for Internet Café
• Duolinks SW24 High Performance Dual WAN Router
• Duolinks SW24 VPN Dual Wan Router For Small Offices