Application aware firewall architecture to enhance performance of enterprise network

The performance of an enterprise network is affected not only by its protocol specification, its communication channel, design capacity and architecture of the firewall but also by its implementation and traffic management. Firewall is a perimeter security solution that is useful for addressing network traffic. It introduces a single point through which all traffic passes and as a result it creates performance bottleneck on enterprise network by increasing latency, reducing bandwidth and throughput. The challenges of firewall architecture on enterprise network performance and the proposed solution to enhance it are presented in this paper. Literature review and simulated experiment are employed to study the practice in firewall configuration and management, firewall security and network performance. The stateful firewall architecture is studied and redesigned into application aware architecture into three layers or modules: the application identification and control module, content awareness and filtering module, and enforcement module integrated with traffic optimization to accommodate the applications performance and security requirement of the enterprise network. The application identification features is tested using Optimized Network Engineering Tool (OPNET) for efficient application identification. Its performance is then compared with a sample firewall system based on scenarios to meet the temporal quality of service requirement under distributed denial-of-services (DDoS) envision. We have achieved firewall performance improvements of 94.4% on Central Processing Unit (CPU) utilization, 98.9% on throughput, and 69.20% on queue delay against the base scenario. We also achieved performance improvement of 49.23% on servers task processing and 54.35% on database query response against the base scenario.