I wan going through few firewall setup tutorial
and everywhere they set an external interface, facing the internet and internal interface, accepting traffic from the internal subnets.
I can't figure out why we need two interfaces, the end result can be achieved having a single external interface and setting rules on it too. What are the advantages or use cases of having two interfaces ?
Firewall Configuration – Managing Multiple Interfaces on Sophos
firewallsophos
Best Answer
The purpose of pretty much any security device is to control what is permitted between two parties, and we need to force the interaction to go through the security device. If the bad process/people/action can go around our device, it doesn't have to be bound by its rules.
For the case of a network security device, we have one wire connected to "us" and one connected to "them". We normally have extra powers over "us" (corporate policies etc), and we know that at least some of "them" are bad people. The purpose is normally to permit all the legitimate usage from the inside people and prevent any bad actions from the outside. We need some interaction -- our people want web pages and e-mail -- otherwise we'd have a disconnected network.
If we mixed them on one interface, there would be nothing to force the bad people to interact with our device.
Perhaps you've seen the passport control at small ports? It's an officer in a hut on the dock. All the boats moor wherever. If you arrive by yacht in the middle of the night you're supposed to go visit in the morning to get your passport stamped. If you arrive by yacht at a little fishing jetty, you're supposed to go find the officer in the hut at the port.
Compare that to the situation at any large airport. When you get off the plane you can only go out one way: through the passport control.
If you were a manufacturer of security devices, which model would you follow?