Most recent

Resolving the firewall politics problem

By Eitan Bremler

A few months ago, I was sitting in a meeting with the IT team from one of the largest bank in Africa, while discussing their pains, they mentioned that one of the most aggravating issues they have, is launching a new external facing application. The problem, they told us is the security team, "we need to connect our application front-end which resides in the DMZ to the application server which resides in the LAN, and they will not let us open any new ports in the LAN firewall…".

I recalled this discussion, because in another meeting I had a couple of weeks ago with a high level exec in one of the largest software vendors in the world, he raised the exact same issue. Whenever, he and his group need to test out a new application which requires opening a port in the LAN firewall in order to allow external access, the IT Ops team adds some much process and politics to the seamlessly simple task, that the rollout of the application can take months.

Thinking about these two meetings, I came up with the term "firewall politics", whether you are on the side requesting to open a firewall port, or on the side fighting off such requests, I'm sure you can relate to this term.

Until now, there was no real resolution to this issue, if your organization suffers from "firewall politics" and you are on the side requesting to open a port, you can either fight to get the port open, or give up on the whole rollout. If you are on the side managing the firewall, then either you open the port and hope for the best, or push back as hard as you can and hope they will go away.

Well, at Safe-T we found a way to resolve this, and quite simply actually. We do it using our RSAccess secure access solution. RSAccess utilizes our patented reverse-access technology, to connect any TCP based application components residing in different network segments without needing to open any inbound port in the firewall. Essentially RSAccess, becomes a secure application front-end for all external facing apps.

This means that for the 1st time, organizations can deploy external facing application, without need to deal with the "firewall politics" of opening firewall ports.

For the groups needing to deploy applications, RSAccess simplifies rollout, removing the need to contact the team managing the firewall, for every application rollout. And for the team managing the firewall, RSAccess prevent punching any new holes in the firewall.

And neither team has to be concerned about application security, we got that covered within RSAccess also…

Want to learn more about securely and simply publishing applications, checkout the RSAccess web page.

All posts