Science DMZ Firewall Limits

The primary function of a firewall ruleset is to permit or deny network traffic using packet header information in a process where each packet is typically matched against the firewall ruleset. The primary criteria used to decide whether a packet conforms to security policy or not are source IP address, source port (if the packet is a TCP or UDP packet), destination IP address, and destination port. Firewall appliances rely on the use of internal mechanisms (packet inspection, state tables, parallelization) to perform their tasks, which often slow down the delivery of network traffic. This video describes how a firewall impacts TCP traffic, and ways the Science DMZ design can deliver the same functionality without the use of a firewall.

© 2016, The Regents of the University of California, through Lawrence Berkeley National Laboratory (subject to receipt of any required approvals from the U.S. Dept. of Energy). All rights reserved.

NOTICE. This material is owned by the U.S. Department of Energy. As such, the U.S. Government has been granted for itself and others acting on its behalf a paid-up, nonexclusive, irrevocable, worldwide license in the material to reproduce, prepare derivative works, and perform publicly and display publicly.