In this article, we will learn what secure access service edge architecture is. Also, we will learn how to put this up. So, read on.
Secure Access Service Edge Architecture
Secure access service edge or SASE architecture refers to a network architecture that uses two security devices to provide security services to the network.
Generally, the two security devices are a firewall and a VPN concentrator. The firewall is placed at the edge of the network and controls all the traffic that comes in and out of the network.
Then, the VPN concentrator is placed in the core of the network and it connects to the corporate remote access servers and users. By default, a firewall doesn’t provide any VPN services. To set up a VPN service, you will need a second device, i.e., a VPN concentrator.
Moreover, the basic idea behind SASE architecture is to put a firewall at the edge of your network. And a VPN concentrator in your corporate network. So, whenever users connect to your office network via VPN (or remote access), they will be using the VPN concentrator.
By using SASE architecture, you will be able to do the following things:
1) Block all incoming traffic from untrusted networks. You can block all incoming traffic from untrusted networks (e.g., the Internet) by configuring your firewall’s intrusion detection system (IDS). This saves you time and effort as well as system resources on your main firewall/router.
2) Block all outgoing traffic from trusted networks. You can block all outgoing traffic from trusted networks (e.g., LAN or DMZ) by configuring your firewall’s IDS or IPS. This saves you time as well as system resources on your main firewall/router. Because you don’t need to configure an IDS/IPS on it.
3) Block all incoming traffic from trusted networks. You can block all incoming traffic from trusted networks (e.g., LAN or DMZ). This is done by configuring an IDS/IPS on your main firewall/router.
Secure Access Service Edge Architecture: How?
How, then, do you put up SASE architecture? Here is how:
1) Install a firewall at the edge of your network.
2) Configure your firewall’s IDS/IPS.
3) Configure your firewall to allow access from trusted networks only. (e.g., LAN or DMZ) That’s it! Now, you have a secured network.
4) Install a VPN concentrator in your corporate network.
5) Configure your VPN concentrator to connect to the remote access server(s).
6) Configure your VPN concentrator to allow traffic from the remote access server(s).
7) Configure your VPN concentrator to allow traffic from trusted networks only. (e.g., LAN or DMZ)
Now, you can connect to the corporate network by using remote access (VPN or dial-up). You will be connecting to the VPN concentrator which is placed at the core of the network. So, you will be accessing remote servers and users via this VPN concentrator.
Last Words
So, this helps you to put up a secured remote access connection without spending too much time and effort on it. Also, this saves system resources on your main firewall/router as well as on your main remote access server(s). Because you don’t need to configure an IDS/IPS on these devices.