(Diagram depicting firewall acting as Egress Gateway)
As enterprises are moving onto cloud their critical business applications, infrastructure services and use of hybrid clouds have evolved, secure networking is the demand of time along with performance and scalability of networks and applications. Controlling and managing traffic coming from the Internet is one of the key aspects of security.
The need is for a network which allows outbound communication to the Internet but prevents Internet from initiating connection to cloud instances.
Today we look more in detail how firewalls whose primary job is traffic filtering can be configured to act as an egress gateway to an enterprise network to isolate traffic between enterprise Intranet and external network.
Firewall Service as the Egress Gateway
Typical setup of a firewall acting as Egress gateway is depicted above in the diagram. It provides following functions:
- Network Address Translation – The firewall provides a source NAT function and translates private IP address of a remote user to public IP address. It also functions as a NAT server to translate the Private IP address of a hosted server to a public IP address for access of external users.
- Intelligent uplink selection modes are provided by firewall such as destination IP address based and application based using multiple Internet access links to ensure quality
- The firewall will isolate security zones using security policies using functions such as intrusion prevention, and Anti-DDoS.
- Source Routing and Auditing – Firewall logs pre-NAT and post-NAT IP addresses and online and offline activities of remote users for source tracking and auditing.
Configuration: Egress Gateway
Configuring IP address of WAN interface – choose Internet access mode as per information provided by ISP. Access mode could be DHCP, static IP address, PPPoE and LTE.
Internet Access Modes
Firewall Registration with Campus Network