Transitioning from a layer 3 firewall to a layer 7 firewall cluster
Eskelinen, Jesse Kalervo Ferdinand (2023)
2023
All rights reserved. This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2023052413633
https://urn.fi/URN:NBN:fi:amk-2023052413633
Tiivistelmä
This thesis examines the transitioning from an Open Systems Interconnection (OSI) Layer 3 (L3) Cisco Adaptive Security Appliance (ASA) single point of failure to a OSI Layer 7 (L7) Check Point Security Gateway cluster. This transition is necessary to add redundancy and cybersecurity to the network environment.
It is important for a network to have redundancy as a precaution for unexpected link, hardware or other network failures. These types of failures can and will happen for either unexpected reasons in the network environment or, for example, hardware aging. These failures will cause unwanted outage in the network environment. Another important aspect of the network infrastructure is its safety cybersecurity-wise. While L3 protection can filter unwanted traffic based on IPs and protocols, malicious traffic can still pass on higher layers.
Redundancy of the network was achieved by clustering two Check Point security gateways with Check Points clustering technology ClusterXL, while security was strengthened through different Layer 7 software blades. By implementing the Check Point firewall cluster, the network was configured to be more redundant and secure. These measures both prevent unnecessary outages in the network and protect devices connected to the network and the end users.
It is important for a network to have redundancy as a precaution for unexpected link, hardware or other network failures. These types of failures can and will happen for either unexpected reasons in the network environment or, for example, hardware aging. These failures will cause unwanted outage in the network environment. Another important aspect of the network infrastructure is its safety cybersecurity-wise. While L3 protection can filter unwanted traffic based on IPs and protocols, malicious traffic can still pass on higher layers.
Redundancy of the network was achieved by clustering two Check Point security gateways with Check Points clustering technology ClusterXL, while security was strengthened through different Layer 7 software blades. By implementing the Check Point firewall cluster, the network was configured to be more redundant and secure. These measures both prevent unnecessary outages in the network and protect devices connected to the network and the end users.