About  •  Careers  •  News    Support: +44 1624 639437  •  Sales: +44 1624 777837

Manx Technology Group > Managed IT Services > Internal Network Firewalls (INFW)

Internal Network Firewalls (INFW)

Internal Network Firewall (INFW)

The most common location for a firewall is at the network-edge or perimeter. Internal Network Firewalls are positioned within your network to enhance internal network security and enforce secure network segmentation.

The traditional location of a network firewall is at your network edge, between your LAN and the Internet. Perimeter firewalls deployed in this manner are designed to secure traffic to and from the internet (i.e. north-to-south traffic). At the network edge, firewalls cannot identify or block viruses, hackers and similar threats moving laterally throughout your network (i.e. East-to-West).

Internal Network Security

This lateral traffic could be data flows between your departmental systems, between your dev and live environments, or across your WAN from other offices. The Internal Network Firewall (INFW) securely segments your systems while simultaneously screening for unusual traffic, indications of compromise and other abnormal behaviours.

External vs Internal Traffic

In most IT or hosted environments, the traffic patterns can broadly be described as:

  • North to South – Traffic going from the LAN to the Internet, and vice-versa.
  • East to West – Traffic internal to the organisation, routing server-to-server, server-to-client or client-to-client but not leaving the organisation. This can be between IP subnets or routed VLAN interfaces (typical in many enterprises with L3 switches).

The exact ratio of north to south and east to west will vary from business to business and it will depend on the exact IT environment. Figures from Gartner suggest 77% of traffic is East to West, whilst 17% is North to South (The remaining 6% is between sites). Those figures represent a significant amount of traffic that is not regularly screened against an intrusion prevention system and other related security checks.

How to deploy an INFW?

There are generally three methods to deploy an internal network firewall:

  • VLAN Separation. For organisations using VLANs, they may use L3 VLAN interfaces or inter-vlan routing to enable traffic flows between L2 Ethernet networks. The INFW can be added to the existing Ethernet environment as a high-speed trunk interface, managing the routing between L2 VLANs. The Ethernet switch then reverts to being a L2 switch.
  • Interface Separation. In this scenario, individual Ethernet ports of the firewall are patched into the various switches or VLAN access ports.
  • Transparent Mode. In transparent mode, the INFW serves as a transparent L2 bridge, invisible to the network. Bridge mode is useful when you want to protect or monitor a discreet network segment.

In all cases, MTG has worked in a variety of network environments and recommend the most appropriate solution based on your security needs.

Internal Network Firewall - Use Cases

If your business is looking to enhance its internal network security, there are a number of key use-cases or scenarios where the internal network firewall is a great fit.

  • Department or functional separation. The INFW can be placed to provide secure segmentation between functional departments (i.e. Accounts, IT, R&D). MTG can work with you to identify typical inter-departmental traffic flows before implementing a baseline policy to secure intra-organisation traffic.
  • WAN Security. In many organisations, the WAN component, linking other offices or suppliers, is treated as an internal network and therefore is not subject to the same perimeter security checks. In a large organisation, a malware outbreak can propagate across the WAN or provide a method for attackers to infiltrate other sites. The INFW can implement a network security policy on your WAN links.
  • Supplier Extranets. It is common for links to suppliers to pass through the perimeter security however in many cases this is not feasible. An INFW firewall can be deployed to provide a secure gateway between your business and your suppliers.
  • Defending key network assets. In many businesses, there may be a particular department or network segment that holds particularly sensitive of valuable data assets. In these scenarios, the INFW should be considered to further protect these network assets with the added functionality of an Intrusion Prevention System (IPS) and advanced firewalling features.

Monitoring Features

The INFW firewalls have the same rich feature-set that our managed firewalls have. Internal Network Firewalls can also be managed 24x7x365 by our security operations team.


Request Pricing

To learn more about how internal network firewalls can enhance the security within your organisation, please get in touch. Securely partitioning off area of your network can improve the level of security and visibility within an organisation, and you can implement hardened security policies to obtain a higher level control of network traffic.

Select the Request a Quote button, complete our contact form or call MTG on +44 1624 640400.

Key Features

Prevent the spread of malware
The INFW can identify malware and other threats trying to spread throughout your network environment.
Network Visibility
Identify key network trends, top talkers, application usage and other protocols in-use throughout the network.
Virtualisation Ready
If your business operates a virtualised network environment using VMWare or Hyper-V, the INFW can be loaded as a virtual appliance to secure network traffic passing between both physical and virtual networks.
High Performance
The devices are capable of routing traffic at multiple Gigabits (Gbps), with a range of interface options available including 1Gbps, 10Gbps, fibre and copper.
Threat Detection
Our firewall analysis and SIEM systems are able to pro-active identify threats, anomalies and malware signatures – that may indicate some form of security event within your business.
WAN Security
Secure your WAN environment, protecting your offices from threats and vulnerabilities that may spread propagate across your WAN.
Request a quote
+44 1624 777837