Mahmoud_Eldeeb_
Cirrostratus
CirrostratusDo I need ASM ??
Actually I have two level of firewalls (external firewall-PAlo Alto & Internal Firewall- Juniper-SRX). do I need to run ASM module as well ? does it add value to my network?
Forum Discussion
14 Replies
MiLK_MaNNimbostratus
ASM is an application firewall as opposed to the network based firewalls you listed from the other vendors.
While they may have some IPS (Intrusion Prevention) or IDS (Intrusion Detection) capabilities, they can not truly protect your web based applications from zero day attacks. A WAF (Web Access Firewall) is the category that ASM falls into, and these technologies allow you to configure a "positive security" model where you only allow known acceptable requests from getting in as opposed to block bad requests that conform to a signature of sorts.
- MiLK_MaN
By the way, Palo Alto actually have a pretty good write up explaining the differences between their next generation firewall and a WAF:
COMPARING PALO ALTO NETWORKS WITH WEB APPLICATION FIREWALLS (WAF)
Mahmoud_Eldeeb_it means that securing my network will be more complicated. so I have to have three levels of firewalls for each and every web application?
- Mahmoud_Eldeeb_
it is really good document.
- MiLK_MaN
I've really only ever seen two levels, that being a network firewall out the front and then the WAF just behind it. This is usually done because the network firewall is the gateway to all IP traffic into a network, and the WAF is typically procured purely for HTTP based protection.
Without going into your network design thoroughly, I can't comment on the three levels of firewalling.
- Mahmoud_Eldeeb_
I mean that without WAf I have two level of firewall, now after adding WAf to my network it will be as a third firewall. I have to re-design the security based on the new resources.
MiLK_MaN_61922If you were going to add a WAF to your existing network, you would do this
External Firewall -> WAF -> Internal Firewall
- Mahmoud_Eldeeb_Yes, you are right
- MiLK_MaN
If you were going to add a WAF to your existing network, you would do this
External Firewall -> WAF -> Internal Firewall
- Mahmoud_Eldeeb_Yes, you are right
- Kevin_Stewart
Employee
Don't think of a WAF in the traditional layer 3 sense of a firewall. It's intended to protect your applications at layer 7. For example, a SQL injection would look like a normal request by your average network firewall, and typically be allowed through. The only redesign you need is to insert the WAF in front of your applications, which if you already have LTM load balancing that traffic, is a service on that device.
- Mahmoud_Eldeeb_
So I can introduce ASM directly on top of LTM virtual servers ?
- Kevin_StewartAbsolutely.
- MiLK_MaNAbsolutely. You configure the ASM policy and then attach to the virtual in question. The ASM documentation will describe the steps necessary to do this.
