With the addition of the Assets monitoring panel in RAForce, the IntelliShun can now report on internal IP addresses for outbound blocks when deployed on the trusted (LAN) side of the firewall. This is a significant change to how IntelliShun can be used, but provides improved response capabilities to those wishing to be more proactive in their security stance.

WAN Deployment

Traditionally, RiskAnalytics has recommended the IntelliShun be installed at the network perimeter, on the untrusted (WAN) side of the firewall or edge router. This configuration offers a number of advantages:

  • Reduced workload on the perimeter firewall

  • Blocked attackers and regions can’t access services exposed or port-mapped by the firewall, such as VPN or management functions

  • RAForce can report on all inbound attacks


Traditional WAN deployment has one disadvantage:

  • Outbound blocks from private network segments will be attributed to the egress IP address -- usually the firewall or router’s public IP -- instead of the IP address of the internal asset in question.


WAN Deployment Diagram


LAN Deployment

Benefits to deploying IntelliShun to the trusted side of the firewall include:

  • Visibility of the true internal source of outbound blocked traffic

  • Inbound blocks represent attacks that the firewall did not stop


Disadvantages to internal LAN deployments:

  • Decreased router/firewall performance under higher workload 

  • Potential exposure of services on the perimeter router/firewall

  • Loss or degraded reporting of external inbound attacks

LAN Deployment Diagram

Tandem Deployment

It is possible to deploy a pair of IntelliShuns -- one on either side of the firewall or router -- to gain the advantages of both deployment methods:

  • Reduced workload on the perimeter firewall

  • Blocked attackers and regions can’t access services exposed or port-mapped by the firewall, such as VPN or management functions

  • RAForce can report on all inbound attacks

  • Visibility of the true internal source of outbound blocked traffic


Disadvantages of tandem deployments:

  • Higher total cost of service, though discounts are available for tandem deployments. Contact [email protected] for a quote.
  • Slightly increased perimeter network complexity