Cisco Cisco IPS 4360 Sensor 백서

Architecture Overview

August 2012 Series

Architecture Overview

The Firewall and IPS Deployment Guide is a component of the larger
Internet edge design, which uses a modular design model to break the
Internet edge into functional blocks by service. By modularizing the design,
an organization can deploy the services as required.

The Internet edge design includes the following functional blocks:

•

Firewall

—Controls access into and out of the different segments of the

Internet edge and provides a suite of other services, such as Network
Address Translation (NAT) and DMZ creation.

•

Intrusion Prevention

—Inspects traffic traversing the Internet edge,

looking for malicious behaviors.

•

Remote Access VPN

—Provides secure, consistent access to

resources, regardless of where the user is when connecting.

•

Email Security

—Provides spam and malware filtering service to man-

age the risk associated with email.

•

Web Security

—Provides acceptable-use control and monitoring while

managing the increasing risk associated with clients browsing the
Internet.

Figure 2 - Internet edge in the Borderless Networks design

WAN

Routers

Web

Security

Appliance

RA-VPN

Firewall

DMZ

Servers

WAAS

Remote Site Wireless
LAN Controllers

VPN

Internet

Routers

Email Security

Appliance

DMZ

Switch

Guest
Wireless LAN
Controller

Internet Edge

WAN

Aggregation

3011

Internet

To Core

The primary differences in module design options are scale, performance,
and resilience. To accommodate these requirements, each module of
the Internet edge design is independent of the others, so you can mix
and match the different design components to best meet your business
requirements.