Security

Your new firewall needs to be physically locatednear the router that connects you to the Internet (or other service that you’re fire walling). The reason for this is that you will connect one of the interfaces on the firewall directly to the router’s Ethernet port via a cross-over cable. With no intervening hub, there is no way for any other machine to sit on the subnet between the router and the firewall. Connections Most firewalls need to know which interface is the external interface and which is internal. The one you connect to the router is the external interface, and it will have to be given an IP address from the block of addresses allocated to you by your Internet provider. The router’s Ethernet address will consume another address from this block. Later, after you’ve installed the firewall software, you will need to configure the firewall so that the router’s Ethernet address is its default route. Your firewall should have at least a second, and possibly a third, interface. The second one is used to connect to your corporate LAN, so you connect it to the network hub using a standard straight cable. The address that you assign to this interface should be on the same subnet as that used by all the other machines on your internal network. In most firewall installations, this means either that the network is running on a set of addresses as defined in RFC1918, or that the firewall is being used to hide the addresses that have “always been in use on the network” because it would take too long to renumber all the devices. In either case, the firewall needs to provide either proxy capability or network address translation (NAT) in order to hide these addresses from the Internet.