What are the differences between front-end/back-end firewalls and chassis-based firewalls?
There are a couple of different technologies referenced in your question. The use of a front-end/back-end topology doesn't prevent you from using a chassis-based device. Let's explore the different characteristics of a firewall.
The front-end/back-end topology is commonly seen in multi-tier applications where the user interacts with a front-end presentation server, and that server interacts with a back-end one. A scenario where this is commonly seen is in the deployment of email systems, such as Microsoft Exchange. Users often interact with a front-end Web server -- running, for example, Outlook Web Access -- to read and send email. That Web server must interact with the back-end mail server, but Internet users do not need to interact directly with the one dedicated to mail. The front-end/back-end topology dictates that a firewall should be placed between the Internet and the Web server, and also between the Web server and the email server, providing maximum security.
A chassis-based firewall is a piece of hardware that runs the firewall software in a dedicated fashion. Often referred to as a firewall appliance, it is sold as a bundle including both hardware and software. The alternative is to purchase firewall software and install it on your own hardware.
From a security perspective, there isn't much of a difference between the two approaches. I generally tend to prefer appliance products from a support perspective because they make a single vendor responsible for any hardware or software issues with a device, preventing multiple vendors from participating in a "blame game" where they try to pass the buck to each other.
- A SearchSecurity.com reader asks Mike Chapple, "What firewall features will best protect a LAN from Internet hack attacks and malware?"
- Firewall management is critical in today's regulatory climate. See how companies looking to streamline firewall management will look to tools from several vendors.
Related Q&A from Mike Chapple, Enterprise Compliance
The HHS security risk assessment tool is designed to help healthcare providers meet the HIPAA security requirement. Expert Mike Chapple explains how ...continue reading
PCI DSS requirement 6.6 demands application security compliance through one of two options: an application firewall or a code review. Expert Mike ...continue reading
Are HIPAA-compliant hosting services a better option for compliance than a secure storage API? Expert Mike Chapple analyzes.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.