Describe deployment models of network security solutions and architectures that provide intrusion prevention and firewall capabilities

📘CompTIA Security+ (SY0-701)

Introduction

Network security solutions such as firewalls and intrusion prevention systems (IPS) are used to control traffic, block attacks, and protect network resources.

To work correctly, these solutions must be deployed in the right location and architecture within the network.

For the SCOR (350-701) exam, you must understand:

  • Where firewalls and IPS are deployed
  • How traffic flows through them
  • Different deployment models
  • Security architectures that combine firewall and IPS functions

Key Terms to Know

Before discussing deployment models, understand these basic terms:

  • Firewall – Controls traffic based on rules (IP, port, protocol, application)
  • IPS (Intrusion Prevention System) – Detects and blocks malicious activity in real time
  • Inline – Traffic must pass through the device
  • Out-of-band (Passive) – Traffic is copied and analyzed but not blocked
  • North–South traffic – Traffic entering or leaving the network
  • East–West traffic – Traffic moving inside the network

1. Firewall Deployment Models

Firewalls can be deployed in different ways depending on network design and security needs.

1.1 Perimeter Firewall Deployment

Description:

  • Firewall is placed at the edge of the network
  • Separates internal network from external networks (Internet, partner networks)

Traffic Inspected:

  • Incoming and outgoing traffic (north–south)

Security Functions:

  • Access control
  • NAT (Network Address Translation)
  • Application inspection
  • IPS/IDS (on next-generation firewalls)

Common Devices:

  • Cisco Secure Firewall (FTD)
  • Cisco ASA (legacy)

Why It Is Used:

  • First line of defense
  • Blocks unauthorized access from external networks

Exam Point:

Perimeter firewalls protect the network boundary and control Internet access.

1.2 Internal Firewall (Segmentation Firewall)

Description:

  • Firewall placed inside the internal network
  • Separates departments, servers, or security zones

Traffic Inspected:

  • East–west traffic

Security Functions:

  • Prevent lateral movement
  • Limit access between internal segments

Common Use Cases:

  • Server zone protection
  • User-to-server access control
  • Data center segmentation

Exam Point:

Internal firewalls reduce the impact of internal threats and limit attack spread.

1.3 DMZ Firewall Deployment

DMZ (Demilitarized Zone):

  • A separate network zone for public-facing servers

Description:

  • Firewall creates a DMZ between internal and external networks
  • Public services are isolated from internal resources

Typical DMZ Services:

  • Web servers
  • Email gateways
  • VPN concentrators

Security Benefits:

  • Compromise of a DMZ server does not expose internal systems

Exam Point:

DMZ deployment improves security by isolating public services.

1.4 Firewall Modes of Deployment

Firewalls can operate in different modes.

Routed Mode

  • Firewall acts as a Layer 3 device
  • Each interface has an IP address
  • Traffic is routed between interfaces

Advantages:

  • Supports NAT
  • Full routing and policy control

Exam Note:

Routed mode is the most common firewall deployment mode.

Transparent Mode

  • Firewall works at Layer 2
  • Acts like a bridge
  • No IP address needed for traffic forwarding

Advantages:

  • Minimal network changes
  • Easy insertion into existing networks

Limitations:

  • Limited routing features
  • NAT is not supported

Exam Note:

Transparent mode is useful when IP address changes are not possible.

2. Intrusion Prevention System (IPS) Deployment Models

IPS solutions can be deployed in different ways depending on whether traffic must be blocked.

2.1 Inline IPS Deployment

Description:

  • IPS is placed directly in the traffic path
  • All traffic must pass through the IPS

Capabilities:

  • Detect attacks
  • Block malicious traffic in real time

Advantages:

  • Active protection
  • Immediate threat prevention

Disadvantages:

  • Can impact performance if overloaded

Exam Point:

Inline IPS can prevent attacks, not just detect them.

2.2 Out-of-Band (Passive) IPS Deployment

Description:

  • IPS receives a copy of traffic
  • Does not sit directly in the traffic path

Traffic Source:

  • SPAN port
  • Network TAP

Capabilities:

  • Detects threats
  • Sends alerts

Limitations:

  • Cannot block traffic directly

Exam Point:

Out-of-band IPS is used mainly for monitoring and visibility.

3. Combined Firewall and IPS Architectures

Modern security solutions often combine firewall and IPS functions.

3.1 Next-Generation Firewall (NGFW) Architecture

Description:

  • Firewall and IPS integrated into a single device
  • Uses deep packet inspection

Capabilities:

  • Stateful firewall
  • Application awareness
  • Integrated IPS
  • URL filtering
  • Malware detection

Cisco Example:

  • Cisco Secure Firewall Threat Defense (FTD)

Exam Point:

NGFW provides both firewall and IPS functionality in one platform.

3.2 Unified Threat Management (UTM)

Description:

  • All-in-one security solution
  • Common in small and medium networks

Functions:

  • Firewall
  • IPS
  • Antivirus
  • VPN
  • Web filtering

Limitations:

  • Less scalable
  • Limited performance for large networks

Exam Point:

UTM devices combine multiple security services in a single appliance.

4. Deployment Architectures

4.1 Centralized Security Architecture

Description:

  • One main firewall/IPS protects multiple networks
  • Central policy enforcement

Advantages:

  • Easier management
  • Consistent security rules

Disadvantages:

  • Single point of failure
  • Scalability limitations

4.2 Distributed Security Architecture

Description:

  • Multiple firewalls and IPS devices deployed across the network
  • Security enforced close to assets

Advantages:

  • Better segmentation
  • Reduced attack spread

Disadvantages:

  • More complex management

Exam Point:

Distributed security improves protection of internal resources.

5. High Availability (HA) Deployment

Security devices must remain available.

5.1 Active/Standby Deployment

  • One device is active
  • One device waits as backup

Benefit:

  • Automatic failover

5.2 Active/Active Deployment

  • Both devices actively process traffic

Benefit:

  • Load sharing
  • High performance

Exam Point:

High availability ensures security services remain operational during failures.

6. Cloud and Virtual Firewall/IPS Deployment

6.1 Virtual Firewalls

Description:

  • Software-based firewall/IPS
  • Deployed in virtualized environments

Use Cases:

  • Data centers
  • Private cloud

6.2 Cloud-Based Security

Description:

  • Firewall and IPS services delivered from the cloud

Examples:

  • Secure Internet Gateway
  • Firewall as a Service (FWaaS)

Exam Point:

Cloud deployments extend security controls beyond on-premises networks.

Exam Summary – Key Points to Remember

For the 350-701 SCOR exam, remember:

  • Firewalls and IPS must be strategically placed
  • Perimeter, internal, and DMZ deployments serve different purposes
  • IPS can be inline (prevent) or out-of-band (detect)
  • NGFW integrates firewall and IPS
  • Centralized vs distributed architectures
  • High availability is critical
  • Virtual and cloud-based deployments are part of modern architectures
Buy Me a Coffee

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by