What are the differences between front-end/back-end firewalls and chassis-based firewalls?
There are a couple of different technologies referenced in your question. The use of a front-end/back-end topology doesn't prevent you from using a chassis-based device. Let's explore the different characteristics of a firewall.
The front-end/back-end topology is commonly seen in multi-tier applications where the user interacts with a front-end presentation server, and that server interacts with a back-end one. A scenario where this is commonly seen is in the deployment of email systems, such as Microsoft Exchange. Users often interact with a front-end Web server -- running, for example, Outlook Web Access -- to read and send email. That Web server must interact with the back-end mail server, but Internet users do not need to interact directly with the one dedicated to mail. The front-end/back-end topology dictates that a firewall should be placed between the Internet and the Web server, and also between the Web server and the email server, providing maximum security.
A chassis-based firewall is a piece of hardware that runs the firewall software in a dedicated fashion. Often referred to as a firewall appliance, it is sold as a bundle including both hardware and software. The alternative is to purchase firewall software and install it on your own hardware.
From a security perspective, there isn't much of a difference between the two approaches. I generally tend to prefer appliance products from a support perspective because they make a single vendor responsible for any hardware or software issues with a device, preventing multiple vendors from participating in a "blame game" where they try to pass the buck to each other.
- A SearchSecurity.com reader asks Mike Chapple, "What firewall features will best protect a LAN from Internet hack attacks and malware?"
- Firewall management is critical in today's regulatory climate. See how companies looking to streamline firewall management will look to tools from several vendors.
Dig Deeper on Network device security: Appliances, firewalls and switches
Related Q&A from Mike Chapple
It's not possible to eradicate the risk of DoS attacks, but there are steps infosec pros can take to reduce their impact. Mike Chapple shares ... Continue Reading
The HHS OCR ruled that healthcare ransomware attacks are HIPAA violations, so these covered entities need to react according to the HHS's guidance. ... Continue Reading
HIPAA regulations incorporate NIST guidelines and standards, so do healthcare organizations need to be compliant with both? Expert Mike Chapple ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.