Basic Difference Between Layer 2 & Layer 3 Firewalls
Yesterday I was studying about firewalls to brush up my skills. Suddenly I found some interesting differences Between Layer 2 & Layer 3 Firewalls technologies and thought why don't to share it with you guys.
• Acts as transparent firewall. Acts as a bridge
• Will not seen as a hop by NE’s
• Connects the same network on its LAN and WAN ports
• Can be deployed into an existing network & no new IP addressing schema required.
• L3 traffic / IP traffic is not allowed. We have to explicitly permit it. In Cisco, with an extended access list.
• Only ARP traffic is allowed without ACL & can be controlled with ARP inspection.
• For IP traffic required extended access list & for non IP traffic required EtherType access list
• For features not directly supported, can allow traffic to pass through so that upstream and downstream routers can support the functionality. For e.g. IP/TV.
• Outbound interface of a packet is determined by a MAC address lookup instead of a route lookup.
• A management IP address is required from same subnet of the connected network.
• Use 2 interfaces only as Inside & outside interface
• Need to specify the router on the other side of the L2 firewall as the default gateway.
Unsupported Features on Layer 2 firewall
• NAT /PAT
• Dynamic routing protocols (Can add static routes for traffic that originates on the security appliance..for e.g. can add static route for external syslog server)
• Can allow dynamic routing protocols through with an extended access list.
• IPv6
• Quality of Service (QOS)
• Multicast (Can allow with an extended access list.)
• VPN Traffic (Can pass VPN traffic through the security appliance with an extended access list,)
Layer 3 firewall
• Firewall acts as routed hop
• Acts as a default gateway
• Can also block the traffic even if allowed in ACL
No comments:
Post a Comment