What is a Firewall, and What is it Used For?
Firewalls, network security solutions designed to restrict access to computers and ports based on predefined rules, have existed for over 30 years, and today come in a variety of different types and deployment models. While the basic firewall has the ability to block traffic to certain ports, create boundaries between network segments, and enforce basic security policies, more advanced firewall solutions incorporate additional features and provide more intelligent and granular protection.
By limiting the types of traffic that can enter the protected network and their destinations, firewalls are primarily used as the first line of defense against external threats.
Read more in our guide on Network Firewall.
Types of Firewalls
Overall, firewalls can be classified into five main categories:
Packet Filtering Firewalls
Packet-filtering firewalls operate by inspecting the header data of traffic entering and leaving the protected network. This header information includes the IP addresses and ports of the traffic. Based on this information, the firewall can restrict access to certain machines or protocols on the protected network.
Packet filtering firewalls are the simplest type of firewall. Because they inspect packets on an individual basis, they lack the context required to determine if a packet is appropriate within a session, such as if a DNS response was sent back to address a DNS request. Additionally, by only inspecting packet headers, packet filtering firewalls miss malicious content within the packet body.
Circuit-level gateways are designed to limit access to the protected network to legitimate, established sessions. They monitor for TCP handshakes and session initiation flows for other protocols. All future traffic is checked to ensure that it is part of a legitimate session from a trusted remote system.
While circuit-level gateways ensure that traffic is from a legitimate connection, they don’t check the contents of the packet. A circuit-level gateway will permit malicious connections if they are properly established, making it necessary to pair them with another security solution.
Stateful Inspection Firewalls
Stateful firewalls operate similarly to packet filtering firewalls but track state information about a traffic flow. This enables them to determine whether or not a packet is appropriate within a particular connection. For example, a stateful firewall can track the TCP handshake SYN-SYN/ACK-ACK flow to detect ACK scans.
Stateful inspection firewalls provide better protection than packet filtering firewalls due to their ability to track state information for a connection and drop packets that do not fit into an existing conversation. Additionally, stateful inspection firewalls can check the contents of packets, enabling them to detect malicious content within packet payloads.
Application-level gateway – also known as proxy firewalls – are designed to be a single point of connection between the protected and external networks. These firewalls perform similar functions to a stateful inspection firewall but also act as a proxy, concealing the identity of internal devices from external systems.
The ability of application-level gateway firewalls to inspect packet headers and content, and maintain state, enables them to detect a range of threats. Additionally, they provide a level of anonymity to internal systems by directly connecting to external systems on their behalf.
Next-generation firewalls (NGFWs) bundle several security functions within a single solution. For example, an NGFW may combine the capabilities of a stateful inspection firewall with an intrusion detection system/intrusion prevention system (IDS/IPS), anti-virus, deep packet inspection (DPI), and website filtering.
As cyber threats become more sophisticated, NGFWs are increasingly vital to detecting and blocking malicious network traffic. As the adoption of cloud computing and Software as a Service (SaaS) solutions grows, HTTPS traffic is used to carry a wider range of content. The ability to decrypt, unpack, and inspect this traffic is essential for security and is outside the capabilities of traditional firewalls.
Read our guide on Firewall Security
Firewall Delivery Methods
In addition to the various types of firewalls, solutions can come in various form factors, including the following:
- Hardware-Based Firewalls: Firewalls can be deployed as standalone appliances on physical hardware. This form of firewall often has improved performance compared to software-based firewalls. However, companies are limited in where they can deploy these firewalls, creating inefficient network routes for remote workers and offices.
- Software-Based Firewalls: Firewalls can also be deployed as software, and many operating systems incorporate a built-in firewall. The versatility of these software-based firewalls enables them to be deployed in virtualized environments, alongside other security solutions; however, they often suffer from lower performance compared to hardware-based firewalls.
- Cloud/Hosted Firewalls: Firewall as a Service (FWaaS) offerings enable companies to take advantage of firewalls that are hosted and managed by a cloud provider. These solutions combine the best features of software and hardware-based firewalls. Their ability to leverage the scalability and flexibility of cloud infrastructure provides high performance, while their cloud-based deployment makes them easily accessible to a geographically-distributed workforce.
Which Firewall is Best for Your Enterprise?
The evolution of the cyber threat landscape and corporate IT environments has rendered many firewall solutions incapable of meeting the needs of the modern enterprise. As many companies grow more distributed due to the rise of work from anywhere, self-hosted solutions are no longer efficient because they force all traffic to pass through a centralized inspection point. For many companies, a cloud-based NGFW enables them to achieve the security that they need without sacrificing network performance or employee productivity.
Cloud-based firewalls can be offered as a standalone solution or as part of a Secure Access Service Edge (SASE) offering. You’re welcome to learn more about the benefits of FWaaS solutions, delivered as an integral part of a full SASE solution.