Network Firewall: Components, Solution Types, and Future Trends

A network firewall is a cybersecurity solution that secures bidirectional traffic across a network. Traditionally, organizations deployed a network firewall as a hardware appliance. However, additional deployment options are on the rise, including virtual appliance firewalling, cloud-native infrastructure-as-a-service (IaaS) firewalls, and firewall-as-a-service (FWaaS) solutions hosted by the service provider.

Firewalls were introduced in the 1990s, and became a primary method to establish and secure a network perimeter. Today firewalls are used:

• At the network edge, to block and mitigate external threats.
• Inside a network to create segmentation, isolate sensitive resources, and protect against insider threats and lateral movement.
• As a software component deployed on endpoints and other devices to filter and regulate traffic to and from the device.

Firewalls perform several critical functions for organizations:

• Access control – firewalls can be used to regulate what type of inbound and outbound traffic should be allowed on a network
• Threat defense – firewalls can detect and block threats before they reach network resources.
• Logging and auditing – firewalls keep track of events on a network, which can be used to identify patterns indicating performance or security issues.
• Source of threat data – organizations deploying firewalls, and security vendors, can use firewalls to understand evolving threats and define new access rules, attack patterns, and defensive strategies.

In a mature security organization, firewall data flows into a security information and event management (SIEM) system, and is correlated with data from other security tools and IT systems. This can allow detection of threats and security incidents that cut across multiple layers of the IT environment.

The CIA triad – Confidentiality, Integrity, and Availability- represents the ultimate goal of information security efforts. Here is how a firewall can address each of the CIA functions:

• Confidentiality – preventing sensitive information from access by unauthorized parties. A firewall defines access rules that allow only specific types of traffic to access a network, severely limiting unauthorized access.
• Integrity – ensuring organizational data remains accurate and trustworthy, and is not tampered with. Firewalls can protect integrity by preventing attackers from penetrating a network and gaining access to valuable data.
• Availability – ensuring information is available without interruption for those who need it. A firewall can promote availability by protecting mission critical resources and preventing attackers from disrupting them.

Network firewalls are pre-programmed with a set of security features enabling them to address specific threats. Collectively, these features help provide a multi-layered defense strategy.
Some common features found in modern network firewalls include:

• Routing—firewalls typically contain components that can act as routers, allowing devices to connect to a larger network.
• Data packet filtering—firewalls can use a tunnel to filter data packets based on definition files. Packets are units of data used to deliver content over a network.
• Malware prevention—firewalls can scan for malware to verify that links, attachments, web pages, and files are safe to open or download.
• Network access control (NAC)—firewalls often provide traffic monitoring capabilities with traffic rules to recognize and record whether an IP address or device is permissible. The firewall can then block unrecognizable entities.
• Remote access—firewalls can serve as remote access portals allowing remote workers to access the company network. A VPN tunnel helps secure remote user traffic to sensitive files, applications, and databases.
• Web filtering—firewall can filters specific websites according to their domain names or specified categories.
• Spam and phishing protection—some firewalls offer a built-in spam email filter to block questionable content while allowing safe emails to pass through. Firewalls can also detect phishing emails and block them, or prevent users from clicking unsafe links.
• Encryption—advanced firewalls offer encryption capability, enabling the safe exchange of sensitive data across networks.

Network firewalls were introduced in the 1990s, and have gone through several generations: from legacy firewalls, to next-generation firewalls (NGFW), to firewall as a service (FWaaS).

First Generation: Legacy Firewall

A network firewall secures a local network and prevents unauthorized entities from accessing sensitive systems and data. It separates the secured network from a less secure, broader network (e.g., the Internet) to control traffic between them. Network firewalls are essential for protecting resources that are connected to the network and preventing attackers from accessing them.

Second Generation: NGFW

A next-generation firewall (NGFW) builds on the basic stateful inspection capabilities of a legacy firewall. It provides the additional capability of deep packet inspection (DPI) – looking inside data packets to identify malicious activity. NGFWs are also application aware – they can inspect network Level 7 to block or allow data packets depending on the application they are intended for. This allows administrators to block dangerous applications.

Additional capabilities offered by NGFW solutions include a built-in intrusion prevention system (IPS) and integration with threat intelligence feeds, which allow an NGFW to block traffic from IP addresses that were used for malicious activity in the past.

Third Generation: FWaaS

Traditionally, NGFW was deployed as a hardware appliance. Firewall as a service (FWaaS) is a new way to deploy NGFW security functionality. An FWaaS is a cloud-native firewall that a cloud provider offers as a service.

In a modern IT environment, the network perimeter is disappearing. Users increasingly access networks from mobile devices and remote locations, and organizations are moving critical resources to the cloud, meaning that many assets are outside the organization’s direct control. These changes require a new type of security solution that is able to protect corporate assets wherever they are, and enable access from any location or device.

An FWaaS solution provides NGFW functionality as a cloud-hosted service. FWaaS decouples security functions from physical infrastructure, so organizations can benefit from NGFW protection wherever IT assets are running – on premises or in the cloud – and no matter how or where they are accessed from.

FWaaS has significant advantages over physical NGFW appliances:

• Location-independent – NGFW appliances can only protect traffic flowing into the network they are physically deployed in, while FWaaS can also protect remote users and cloud applications.
• Scalability – NGFW appliances can only serve a finite amount of traffic before running out of hardware resources. FWaaS is a cloud-native solution that can be scaled on demand.
• Flexibility – NGFW appliances need to perform software updates, or be physically upgraded, to provide new security features. FWaaS can be upgraded on a continuous basis by the service provider, without special maintenance or additional costs.

Unified threat management (UTM) is a term coined by IDC in 2003, and adopted by Gartner in 2008. Gartner defines UTM as a multifunctional network security product that can be used by small to midsize businesses (SMBs), and includes three sets of capabilities:

• Firewall, intrusion prevention system (IPS), and virtual private network (VPN)
• Secure web gateway including URL filtering and web antivirus
• Messaging protection including anti spam and email antivirus

An NFGW is similar to a UTM, in that it is also a multifunctional network security product, and also includes some or all of the above components. However, its main focus is on providing access control for large-scale, high bandwidth networks. Therefore, NGFW is typically more suitable for large enterprises.

Related content: Read our blog on NGFW vs UTM

By limiting the types of traffic that can enter the protected network and their destinations, firewalls are primarily used as the first line of defense against external threats.

Overall, firewalls can be classified into five main categories.