Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

CSO Next-Generation Firewall Topology

 

Figure 1 shows the CSO standalone next-generation firewall (NGFW) topology. On the WAN side, the NGFW site, which is a standalone SRX Series or vSRX device, establishes the following connections:

  • Data connection for Internet traffic.

  • Management connection to CSO for establishing connectivity between CSO and the device, and for sending encrypted syslogs to CSO.

On the LAN side, which is not shown in the figure, the NGFW site can connect to LAN hosts. For NGFW sites, CSO allows you to provision greenfield devices or brownfield devices, with an option to import existing firewall and NAT policies into CSO for brownfield devices.

Figure 1: CSO Next-Generation Firewall Topology
CSO Next-Generation Firewall
Topology