{"id":646,"date":"2018-02-02T14:35:47","date_gmt":"2018-02-02T13:35:47","guid":{"rendered":"http:\/\/www.quisted.net\/?p=646"},"modified":"2018-02-02T14:35:47","modified_gmt":"2018-02-02T13:35:47","slug":"e-commerce","status":"publish","type":"post","link":"https:\/\/www.quisted.net\/index.php\/2018\/02\/02\/e-commerce\/","title":{"rendered":"E-Commerce"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_80 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.quisted.net\/index.php\/2018\/02\/02\/e-commerce\/#A_design_that_must_stay_up\" >A design that must stay up<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.quisted.net\/index.php\/2018\/02\/02\/e-commerce\/#Ultra_Redundant_Ultra_secure_Firewall_Design\" >Ultra Redundant, Ultra secure Firewall Design<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.quisted.net\/index.php\/2018\/02\/02\/e-commerce\/#ASA_FWSM_Service_modes\" >ASA \/ FWSM Service modes<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.quisted.net\/index.php\/2018\/02\/02\/e-commerce\/#Server_Load_Balancing_Options\" >Server Load Balancing Options<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.quisted.net\/index.php\/2018\/02\/02\/e-commerce\/#E-Commerce_Connections_and_redundancy\" >E-Commerce Connections and redundancy<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.quisted.net\/index.php\/2018\/02\/02\/e-commerce\/#E-Commerce_Firewall_Design\" >E-Commerce Firewall Design<\/a><\/li><\/ul><\/nav><\/div>\n<h3><span class=\"ez-toc-section\" id=\"A_design_that_must_stay_up\"><\/span><span style=\"color: #3366ff;\">A design that <span style=\"text-decoration: underline;\">must<\/span> stay up<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ul>\n<li>Public face of an organization<\/li>\n<li>The place where downtime is incredibily harmful<\/li>\n<li>The place where budgets are approved\\<\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"Ultra_Redundant_Ultra_secure_Firewall_Design\"><\/span><span style=\"color: #3366ff;\">Ultra Redundant, Ultra secure Firewall Design<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><a href=\"http:\/\/vps.quisted.net\/wp-content\/uploads\/2018\/02\/Ecommerce-HAfirewall.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-651 size-full\" src=\"http:\/\/vps.quisted.net\/wp-content\/uploads\/2018\/02\/Ecommerce-HAfirewall.png\" alt=\"\" width=\"430\" height=\"617\" srcset=\"https:\/\/www.quisted.net\/wp-content\/uploads\/2018\/02\/Ecommerce-HAfirewall.png 430w, https:\/\/www.quisted.net\/wp-content\/uploads\/2018\/02\/Ecommerce-HAfirewall-209x300.png 209w\" sizes=\"auto, (max-width: 430px) 100vw, 430px\" \/><\/a><\/p>\n<ul>\n<li>Only Method through layers is via servers<\/li>\n<li>Option of using different firewall vendors at different layers<\/li>\n<li>Supports virtual firewall using <span style=\"color: #993366;\"><strong>FWSM<\/strong> (<span class=\"_Tgc _s8w\">Firewall Services Module<\/span>)<\/span> or <span style=\"color: #993366;\"><strong>ACE <\/strong>(Application<\/span> controle engine) module<\/li>\n<\/ul>\n<p><!--more--><\/p>\n<h3><span class=\"ez-toc-section\" id=\"ASA_FWSM_Service_modes\"><\/span><span style=\"color: #3366ff;\"><strong>ASA \/ FWSM Service modes<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ul>\n<li>Routed mode (More common) allows the FWSM to divide subnets<\/li>\n<li>Transparent mode ( aka Bump-In-The-Wire) Makes the FWSM a cloacked device.<\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"Server_Load_Balancing_Options\"><\/span><span style=\"color: #3366ff;\"><strong>Server Load Balancing Options<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ul>\n<li>Three Cisco devices can do it:\n<ul>\n<li>Content Services Switch ( <strong>CSS<\/strong> )<\/li>\n<li>Content Switching Module ( <strong>CSM<\/strong> )<\/li>\n<li>Application Control Engine ( <strong>ACE<\/strong> )<\/li>\n<\/ul>\n<\/li>\n<li>Three Design Approachess for it:\n<ul>\n<li>Router Mode<\/li>\n<li>Bridge Mode<\/li>\n<li>One\/Two-ARM Mode<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"E-Commerce_Connections_and_redundancy\"><\/span><strong><span style=\"color: #3366ff;\">E-Commerce Connections and redundancy<\/span><br \/>\n<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ul>\n<li><strong>DNS Based Redundancy<\/strong>\n<ul>\n<li>Different public address blocks assigned<\/li>\n<li>Public DNS assigned to both blocks<\/li>\n<li>Public DNS must detect failure<\/li>\n<li>Failover typically occurs in 5 &#8211; 10 minutes<\/li>\n<\/ul>\n<\/li>\n<li><strong>BGP Based Redundancy<\/strong>\n<ul>\n<li>Same public address blocks assigned<\/li>\n<li>Both ISPS advertise prefix<\/li>\n<li>Firewall Support stateful failover<\/li>\n<li>Failover dependant on BGP latency<\/li>\n<\/ul>\n<\/li>\n<li><strong>Using Multiple Datacenters<\/strong>\n<ul>\n<li>Ultimate in redundancy<\/li>\n<li>Feeds an active\/active design<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"E-Commerce_Firewall_Design\"><\/span><strong><span style=\"color: #3366ff;\">E-Commerce Firewall Design<\/span><br \/>\n<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ul>\n<li>E-Commerce firewalls often drop directly onto the core layer<\/li>\n<li>Modular switches house service modules for multiple functions<\/li>\n<li>Multiple options exists for aggregation layer<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A design that must stay up Public face of an organization The place where downtime is incredibily harmful The place where budgets are approved\\ Ultra Redundant, Ultra secure Firewall Design Only Method through layers is via servers Option of using different firewall vendors at different layers Supports virtual firewall using FWSM (Firewall Services Module) or [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"ngg_post_thumbnail":0,"footnotes":""},"categories":[2,5],"tags":[18,29,30,47],"class_list":["post-646","post","type-post","status-publish","format-standard","hentry","category-arc","category-designprinciples","tag-ace","tag-csm","tag-css","tag-fwsm"],"_links":{"self":[{"href":"https:\/\/www.quisted.net\/index.php\/wp-json\/wp\/v2\/posts\/646","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.quisted.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.quisted.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.quisted.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.quisted.net\/index.php\/wp-json\/wp\/v2\/comments?post=646"}],"version-history":[{"count":0,"href":"https:\/\/www.quisted.net\/index.php\/wp-json\/wp\/v2\/posts\/646\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.quisted.net\/index.php\/wp-json\/wp\/v2\/media?parent=646"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.quisted.net\/index.php\/wp-json\/wp\/v2\/categories?post=646"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.quisted.net\/index.php\/wp-json\/wp\/v2\/tags?post=646"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}