Firewall Administration for Sysadmins in Four Parts


I wrote a long blog post for Network Computing that ended up published in four parts. The topic was helping sysadmins understand what firewall appliances do, and therefore how best to ask for firewall assistance from those who manage them.

Firewall Administration For Sysadmins: A Primer

Firewall configurations can be astonishingly complex. Firewall administrators deserve love and respect, as making the firewall not only pass traffic, but also pass it securely, is no simple task. The more complex the security policy, the harder it is to keep the firewall running properly.

Firewall Administration For Sysadmins Part 2: Key Concepts

From a networking perspective, applications are unpredictable, as are application architectures. Therefore, firewall administrators are not trying to be difficult when they push back on an ambiguous firewall change request. Rather, details are absolutely critical to successfully fulfilling the request in a secure manner. This is perhaps the chief source of friction between firewall administrators and sysadmins.

Firewall Administration For Sysadmins Part 3: Application Planning

During application implementation, the security team is called on to open firewall ports. The presumption is that this is a simple task. As I hope I’ve established in this series, opening ports might or might not be so simple. Asking the firewall administrator to “open these ports” is akin to a network administrator asking a sysadmin to “spin up a VM” to support a newly acquired network appliance.

Firewall Administration For Sysadmins Part 4: Communication Tips

Sysadmins who understand the network behavior of their applications will be better able to communicate their needs. Network and security folks have general working knowledge of protocols, but aren’t going to know intimate application details.


By Ethan Banks

Ethan Banks is a podcaster and writer with a BSCS and 20+ years in enterprise IT. He's operated data centers with a special focus on infrastructure — especially networking. He's been a CNE, MCSE, CEH, CCNA, CCNP, CCSP, and CCIE R&S #20655. He's the co-founder of Packet Pushers Interactive, LLC where he creates content for humans in the hot aisle.