Network Visibility Products
Garland Technology ensures complete packet visibility by delivering a full platform of network TAP (test access point), inline bypass and packet broker products.
Visibility Solutions
Garland Technology is committed to educating the benefits of having a strong foundation of network visibility and access. By providing this insight we protect the security of data across your network and beyond.
Resources
Garland Technology's resource library offers free use of white papers, eBooks, use cases, infographics, data sheets, video demos and more.
Blog
The TAP into Technology blog provides the latest news and insights on network access and visibility, including: network security, network monitoring and appliance connectivity and guest blogs from Industry experts and technology partners
Partners
Our extensive technology partnership ecosystem solves critical problems when it comes to network security, monitoring, application analysis, forensics and packet inspection.
Company
Garland Technology is dedicated to high standards in quality and reliability, while delivering the greatest economical solutions for enterprise, service providers, and government agencies worldwide.
Contact
Whether you are ready to make a network TAP your foundation of visibility or just have questions, please contact us. Ask us about the Garland Difference!
Security Connectivity Report: Optimizing Network Design for Next‐gen Firewalls
So you’ve been tasked with implementing your company’s next‐gen firewall – now what? Whether you’re considering a Palo Alto or another next-gen firewall, the ability to truly defend your confidential data often comes down to the basics: an optimized network design.
To help get your next‐gen firewall implementation project on the right track from the start, factor the following into your network design plan:
Architectural Requirements
Before you begin whiteboarding a network design, there are a few decisions you have to make upfront. Does the next‐gen firewall need to support High Availability? Are you building redundancy and fault tolerance into the solution? How will you handle failovers? These answers will dictate whether or not there will be primary/secondary appliances and how the network should handle traffic in the event that an individual firewall fails (shut down link v skip over while remaining active).
In‐line or out‐of‐band
Will your next‐gen firewall be deployed to support active traffic inspection and threat blocking capabilities or will it remain in listen only mode? While most companies prefer in‐line configurations, it is important to include a method for handling patching and updates without disrupting traffic flows throughout the organization.
Network Speed vs Appliance Speed
Understanding the speed at which the next‐gen firewall can process data as compared to the speed at which the network sends data is critical to the design process. If the network feed is too fast for the appliance, packets will be lost and it will not function properly. Luckily, most next‐gen firewalls live up to their throughput specifications in the real world. However, your internal network specifications may have changed especially if you are constantly upgrading to support high speed data access, cloud connectivity and more.
When preparing a network design diagram, it is important to fully specify the wiring (copper, fiber, fiber size, etc.) to ensure that the correct connections are available at installation.
Physical Connections
The way in which a firewall is connected to the network has implications for both security and network performance. For most companies, connecting the firewall directly to the network WAN or LAN seems like the most secure approach – after all there is no closer connection. However this approach may actually end up clogging the network, overwhelming other monitoring systems and interfering with policy control.
Consider using a network TAP instead. You still have access to a clear stream of network data – every bit, byte, and packet®. In this network design, next‐gen firewalls do not impact speeds and feeds for the mission critical applications the business supports. More importantly, should the firewall itself be altered remotely (a favorite move of the more sophisticated hacker), datastream from a TAP cannot be breached because the TAP has no IP address. In this design, the diagnosis and containment of issues can happen faster and more easily. Additionally, TAPs allow you to take appliances offline to install patches or troubleshoot issues without interrupting data traffic flows.
* * *
Knowing how to properly optimize design and connect a next gen firewall to the network from the start can mean the difference between a quiet, vigilant defense system and a very public apology to customers.
Are you tasked with deploying your company’s next‐gen firewall? Need help with network design? The designers at Garland are ready to jump in and assist.
Want to learn more about how to maximize your Palo Alto Networks investment by having the right network Access.
Written by Chris Bihary
Chris Bihary, CEO and Co-founder of Garland Technology, has been in the network performance industry for over 20 years. Bihary has established collaborative partnerships with technology companies to complement product performance and security through the integration of network TAP visibility.
Authors
Topics
- IT Security (200)
- Network TAPs (138)
- Network Monitoring (133)
- Hacks and Breaches (87)
- Network Management (79)
- Network Design (73)
- Industrial OT (70)
- Technology Partners (63)
- Network Infrastructure (57)
- Inline Security (49)
- TAPs vs SPAN (47)
- Network Packet Brokers (40)
- Data Center (37)
- Cloud Solutions (33)
- Software Defined Networking (SDN) (24)
- Events & News (21)
- The 101 Series (19)
- Federal (17)
- Cisco Solutions (16)
- Wireshark (14)
- DesignIT (13)
- Healthcare (11)
- MSP/MSSP (9)
- Palo Alto Networks (8)
- Finance (7)
- Troubleshooting (5)