A firewall is a firewall, right? While on the surface that assumption may appear to be correct, a closer look reveals that there are critical differences between a traditional, appliance-based firewall that protects your network perimeter and a distributed, scale-out internal firewall that protects east-west traffic within your data center.
It’s true that both types of firewalls monitor network traffic, detect threats, and block malicious activity. However, appliance-based firewalls are designed to monitor north-south traffic, which has different volumes and characteristics than east-west traffic. Traditional north-south firewalls were never designed to be used interchangeably to protect both north-south and east-west traffic.
Figure 1: Data center traffic patterns
While it might appear to be the right choice, provisioning appliance-based firewalls for east-west traffic monitoring is not only expensive, it’s highly ineffective in delivering the level of control and performance required to protect growing numbers of dynamic workloads.
Creating Traffic Jams During Volume Spikes
One of the most common drawbacks of using appliance-based firewalls as internal firewalls is the need to hairpin east-west traffic to and Continue reading