This recipe will help us determine our interface requirements by analyzing our network design.
This recipe requires the analysis of our network diagram to understand how many interfaces our network will require. As an example, we’ll be using my own home network diagram, which is a good example of a typical small office environment.
Let’s analyze our network diagram:
We can see that our environment consists of four separate interfaces:
DMZ (Demilitarized Zone): Our internal network we allow external access to. Web servers, e-mail servers, and any other externally accessible devices belong to this interface.
WiFi (Wireless Guest Network): We’ve created this network for the convenience of our guests. They can connect with an easy-to-remember password (or perhaps no password at all) and surf the Web. We consider this interface insecure and treat it as such. We will define rules so that it has no access to our other interfaces.
It’s apparent that our firewall requires four Network Interface Cards (NIC).
A firewall requires a separate NIC for every interface it hopes to support. This ensures a physical separation of network traffic. All inter-network traffic is forced to pass through the firewall where our rules will be applied and enforced. For that reason, a firewall requires a minimum of two NICs to function properly; one for internal traffic and one for external traffic. Each subsequent optional interface will require yet another NIC, which can be added at any time.
Typically, an NIC will have a single Ethernet port. However, some NICs may have two, four, or even more Ethernet ports on a single card. Our firewall in the preceding scenario could have four single-port NICs or a single four-port network interface card. Either way, it works.
Single-port NIC |
Four-port NIC |
---|---|