Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

All-In-One Security Appliances

Deployment Differences

There are several factors to consider before buying an all-in-one security appliance. The first is the deployment model--whether the appliance must be deployed inline with protected services or can be deployed in a one-armed, or proxy, configuration. The inline model may be simpler from a network architecture viewpoint, but it introduces the appliance as a single point of failure, which for many organizations means the added expense of two units deployed in automatic failover mode.

All-In-One Security Device Checklist

Click to enlarge in another window

The proxy configuration is more work for the network administrator because the security appliance's address must be given as the target for all the protected data types (like Web or e-mail). A device failure will not shut down the network, but there are limitations to the methods the appliance uses to inspect individual packets and firewall configuration requirements that allow packets to reach the appliance (in the case of a separate firewall). Only traffic of the type(s) being filtered can flow through the all-in-one device, lest clients gain the ability to bypass security scanning through the use of other protocol and traffic combinations.

  • 1