Different Types of Firewalls
What is Firewall-
A firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules.
1. Software Firewalls-
A software firewall is a firewall in a software form factor rather than a physical appliance, which can be deployed on servers or virtual machines to secure cloud environments.
*Note: The term “software firewall” should not be confused with the term “firewall software,” which describes the operating system running a next-generation firewall (NGFW).
Software firewalls are designed to protect data, workloads and applications in environments wherein it is difficult or impossible to deploy physical firewalls, including:
-Software-defined networks (SDN)
-Hypervisors
-Public cloud environments
-Virtualized data centers
-Branch offices
-Container environments
-Hybrid and multi-cloud environments
2. Packet-Filtering Firewalls-
A packet filtering firewall is a network security device that filters incoming and outgoing network packets based on a predefined set of rules.
Rules are typically based on IP addresses, port numbers, and protocols. By inspecting packet headers, the firewall decides if it matches an allowed rule; if not, it blocks the packet. The process helps protect networks and manage traffic, but it does not inspect packet contents for potential threats.
3. Cloud Firewalls-
A cloud firewall is a security product that, like a traditional firewall, filters out potentially malicious network traffic. Unlike traditional firewalls, cloud firewalls are hosted in the cloud. This cloud-delivered model for firewalls is also called firewall-as-a-service (FWaaS).
Cloud-based firewalls form a virtual barrier around cloud platforms, infrastructure, and applications, just as traditional firewalls form a barrier around an organization’s internal network. Cloud firewalls can also protect on-premise infrastructure.
4. Proxy Firewalls-
A proxy firewall is a network security device that serves as an intermediary between user requests and the resources they access, filtering messages and data exchange at the application layer.
By evaluating and transferring data packets on behalf of users, a proxy firewall ensures direct connections with external servers are never established, which increases security by concealing internal network addresses. This type of firewall also applies strict rules to control which applications are permitted to transmit data, preventing malicious content from entering the network.
5. Hardware Firewalls-
A hardware firewall is a dedicated appliance that filters and controls the flow of network traffic between devices and the internet.
Hardware firewalls work as a gatekeeper, analyzing data packets against predefined security criteria to block unauthorized access and potential threats. By operating at the network perimeter, a hardware firewall provides a critical security layer that restricts traffic to and from a network based on strict rules.
6. Next-Generation Firewalls-
A traditional firewall provides stateful inspection of network traffic. It allows or blocks traffic based on state, port, and protocol, and filters traffic based on administrator-defined rules.
A next-generation firewall (NGFW) does this, and so much more. In addition to access control, NGFWs can block modern threats such as advanced malware and application-layer attacks. According to Gartner’s definition, a next-generation firewall must include:
-Standard firewall capabilities like stateful inspection
-Integrated intrusion prevention
-Application awareness and control to see and block risky apps
-Threat intelligence sources
-Upgrade paths to include future information feeds
-Techniques to address evolving security threats
7. Circuit-Level Gateways-
A circuit level gateway is a type of firewall that validates TCP or UDP sessions on layer 5 of the OSI model before allowing traffic through.
Circuit level gateways act as a handshaking device between trusted clients or servers and untrusted hosts. It ensures session packets adhere to established rules for a connection without examining data within the packets. The gateway acts as a checkpoint that quickly confirms or denies traffic based on session specific criteria.
8. Stateful Inspection Firewalls-
A stateful firewall is a network security device that monitors and maintains the context of active connections to make decisions about which packets to allow through.
Stateful inspection firewalls permit or deny packets based on preestablished rules and the ongoing connection state. By operating up to Layers 3 and 4, they can prevent unwanted access and inspect the contents of incoming traffic for malicious code.