Latest News

4 Options for Handling Firewall Access

Ever imagined a network without a Firewall? No way! A firewall is a shield to protect your data from unauthorized access. As the security threats continue to grow in number and complexity, there is no reason to expect the need for firewalls to decrease.

Risks vs. Accessibility

Once you deploy a firewall, the immediate task is to balance risks vs. accessibility. The key players are the security professionals and the operations team. The struggle is to keep the network secure while keeping everything up and running at all times. Hence, the firewall ends up denying many valid access requests based on known vulnerabilities resulting in blinding operations to DMZ and devices on the other side.

With both sides having valid requirements, a compromise is in order.

4 Options for Handling Firewall Access


Opening port(s) for management traffic via a VPN is better than being blind, but it has limitations and caveats. In terms of traffic flows and devices, the VPN works for small environments but in most cases it is not a cost-effective solution.

VLAN/Management LAN

A better option than VPN, but as the environment grows, the configuration and deployment efforts grow exponentially for VLAN. The limitations are mostly similar to VPN.

Firewall Rules and Ports

A better compromise than either VPNs or VLANs is firewall rules and open firewall ports and it is a the default choice for most industries today. Depending on the size of the organization and the change control process, every firewall rule or change requires 100s to 1000s of labor hours. For every port you open, you increase your attack surface. For every open port and firewall rule there are change procedures to follow and document as well as periodic audits. Although widely accepted in most large organizations this “compromise” is extremely expensive and labor intensive.

The ZoneRanger

Built originally for one of the largest US banks, ZoneRanger supports all major industry protocols and is compatible with applications, firewalls, and devices from all major vendors. The ZoneRanger provides a means to pass your network traffic through your firewall using a single encrypted firewall port. The traffic from either direction is inspected by respective RFC. Thus, ZoneRanger:

  • Increases the overall security.
  • Saves money and labor.
  • Minimizes the efforts to change control.
  • More data is accessible to the operations team.
  • Provides more options to manage firewall boundary

The ZoneRanger allows your firewall to act like a solid steel gate whereas other options of handling firewall access are just like a mesh of steel wires. ZoneRanger takes away the need for managing firewall rules and also reduces network management traffic through intelligent filtering which reduces the load on the firewall open port.

To learn more contact Jeff Olson at 919-654-1231.


About the Author

The Author has not yet added any info about himself

Leave a reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.