Firewall concepts provided by SerNet
Firewalls separate network areas with different security requirements. This includes, for example, isolating a company network from the Internet with a perimeter firewall, but also dividing an already protected network into "production" and "administration".
Modern protection concepts also provide for campus firewalls between the servers and clients, which are exposed to an increased risk. Firewall concepts must be closely interlinked with the endpoint security measures for the individual clients. Redundancies are desirable and security gaps should be avoided.
SerNet offers a variety of single and multi-tier firewall systems and concepts. In addition to manufacturers such as Palo Alto Networks, Fortinet, Sophos, Barracuda and others, we also use specially configured systems under Linux.
Palo Alto Networks
SerNet integrates next-generation firewalls from Palo Alto Networks into both single-tier and multi-tier firewall designs.
Palo Alto Networks is a leading manufacturer of next-generation firewalls - from connecting an enterprise remote office to protecting data centers. In addition to hardware platforms, the company's offerings include VM-series virtual firewalls.
Vendor links
Fortinet
Sophos
SerNet integrates next-generation firewalls of the SOPHOS brand primarily into single-tier firewall concepts outside of KRITIS facilities, where price is the main factor.
SOPHOS is broadly positioned. Its offering includes firewalls and endpoint security for Windows and Mac, which provides a quick and easy overview of the status of network security via the central cloud-based console Sophos Central
Vendor links
Packet filter with Linux
SerNet will continue to use simple packet filter firewalls, e.g. under Linux. Linux offers the unique possibility of equipping the basic protection of an infrastructure with a variety of sensors. Linux thus opens up more possibilities for administration than the web-based appliances of the manufacturers, whose interfaces are usually proprietary and cannot be changed by the customer:
- analysis of network traffic
- special DNS configurations
- individual proxy systems
- integration of many authentication systems
- free programmable e-mail filters
- integration of special third party programs
Contact us if your networks cannot be protected with standard products. We solve such tasks individually and securely according to the verifiable state of the art.