What are the differences between front-end/back-end firewalls and chassis-based firewalls?
There are a couple of different technologies referenced in your question. The use of a front-end/back-end topology doesn't prevent you from using a chassis-based device. Let's explore the different characteristics of a firewall.
The front-end/back-end topology is commonly seen in multi-tier applications where the user interacts with a front-end presentation server, and that server interacts with a back-end one. A scenario where this is commonly seen is in the deployment of email systems, such as Microsoft Exchange. Users often interact with a front-end Web server -- running, for example, Outlook Web Access -- to read and send email. That Web server must interact with the back-end mail server, but Internet users do not need to interact directly with the one dedicated to mail. The front-end/back-end topology dictates that a firewall should be placed between the Internet and the Web server, and also between the Web server and the email server, providing maximum security.
A chassis-based firewall is a piece of hardware that runs the firewall software in a dedicated fashion. Often referred to as a firewall appliance, it is sold as a bundle including both hardware and software. The alternative is to purchase firewall software and install it on your own hardware.
From a security perspective, there isn't much of a difference between the two approaches. I generally tend to prefer appliance products from a support perspective because they make a single vendor responsible for any hardware or software issues with a device, preventing multiple vendors from participating in a "blame game" where they try to pass the buck to each other.
- A SearchSecurity.com reader asks Mike Chapple, "What firewall features will best protect a LAN from Internet hack attacks and malware?"
- Firewall management is critical in today's regulatory climate. See how companies looking to streamline firewall management will look to tools from several vendors.
Dig deeper on Network Firewalls, Routers and Switches
Related Q&A from Mike Chapple, Enterprise Compliance
Social media compliance is not typically considered a big issue for companies, but expert Mike Chapple explains why it should be.continue reading
Metadata tagging is not just for security. Expert Mike Chapple explains how tagging tools can be used to achieve PCI DSS compliance.continue reading
Before using the HIPAA-compliant cloud services from Google, there are some things companies need to know, according to expert Mike Chapple.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.