Virtual Firewall - Samsung Ubigate iBG3026 Configuration Manual

CHAPTER 23. Firewall NAT
Firewall also offers a rich set of features such as protection against
DOS(Denial Of Service) attacks, Network Address Translation(NAT), etc.
Firewall policies are created by CLI/GUI and stored in the Firewall Policy
Data Base and dynamically created associations are stored in the Association
Data Base.
Firewall and VPN are tightly coupled together. Some of the dynamic
associations created are shared by the two modules. So, it is not possible to
use VPN without using firewall. However, firewall can be used without VPN
enabled-VPN in pass-through mode.

Virtual Firewall

Virtual Firewalls completely break the one-device/one-policy-database
constraint. Instead, many discrete firewalls can be run on a single device with
the Virtual Firewall capability. A Virtual Firewall(VF) provides multiple
logical firewalls for multiple networks, on one system.
This is accomplished by establishing firewall 'maps', with each map having
its own user defined security policy. Each map has its own outbound and
inbound policies and configuration objects. Maps can be added or removed to
provide scalability with the growth of subscriber networks.
Virtual firewall feature can be used to provide separate firewall policies as
shown in the following diagram
1.
Internet(internet) for the untrusted network.
2.
Corporation(corp) for the corporate network.
3.
Demilitarized Zone(dmz)for the server accessibility from the untrusted
side-or other user-defined network.
4.
Managing access to the box.
232
© SAMSUNG Electronics Co., Ltd.