NETWORKS TRAINING

ABOUT MY BOOKS SUGGESTED TRAINING

7 Types of Firewalls in I.T and Computer Networks

Explained
The firewall is the cornerstone of security in computer networks and I.T in general. In this website I have
been talking extensively about the Cisco ASA firewall which is a classic example of a hardware network
firewall.
1
Shares

However, there are some other types of firewalls used in large enterprises, SMB or even home networks.
Some of these types of firewalls are very popular and some are rarely encountered by professionals (such
as the type discussed at the end of this article).

The main reasons to implement a firewall device or firewall software in a network is to control traffic flow,
allow or block traffic between hosts, restrict access to applications, inspect packets for malicious patterns
etc.

The above can be accomplished in different Layers of the OSI model, starting from Layer 3 up to Layer 7
which is the application layer.

So, without further delay let’s see the various architectures and types of firewalls that you can find in your
professional career.

Table Of Contents
1) Hardware Firewall
2) Software Firewall
3) Stateful Inspection Firewalls
4) Packet Filtering Firewall
5) Application firewall
6) Next-generation Firewall (NGFW)
7) Telephony Related Firewalls
1) HardwareTRAINING
NETWORKS Firewall
This is the most popular type of firewall. It is used extensively in modern networks either as border device
(i.e to separate and protect the internal LAN network from the Internet or other non-trusted networks as
ABOUT MY BOOKS SUGGESTED TRAINING
shown below) or to segment and protect internal networks in large enterprises.

1
Shares

Hardware firewalls usually have many physical network interfaces which can be used to create different
“security zones” which are essentially different Layer 3 subnets. Each physical interface can be further
divided in “subinterfaces” which can further expand the protection zones.

Because the firewall is running on its own dedicated hardware appliance, it can handle large volumes of
packets, thousands or millions of connections and generally they are high performance devices.

Some popular brands of hardware firewalls include Cisco ASA, Fortigate, Juniper, Checkpoint, Palo Alto,
SonicWall etc.

2) Software Firewall
A classic example of a software firewall is the Windows Firewall installed by default on all Microsoft
Windows operating systems. It is a host-based firewall and controls traffic and applications on end-user
workstations or servers.
Some other examples of software host firewalls are those found on Linux machines such as IPTABLES,
NETWORKS
CSF etc. TRAINING

However, software firewalls are not only host-based. There are several flavors of Open Source Software
ABOUT MY BOOKS SUGGESTED TRAINING
firewalls (such as pfSense, OPNSense, ClearOS etc) which can be installed on dedicated hardware
(servers, Linux boxes etc) and thus create a dedicated hardware firewall device.

MORE READING: How I Use NMAP in Penetration Testing Engagements

1
The
Shares first two types mentioned above are two broad categories of firewalls. Now let’s see some other types

based on their architecture, how they handle traffic and on which Layer of the OSI model they work.

3) Stateful Inspection Firewalls

Almost all modern network firewalls incorporate the “stateful inspection” architecture. Let’s describe what
that means exactly using the example communication below:

In a TCP communication between a client and a server (e.g a user with web browser communicating with a
web server as shown above), the client browser starts an HTTP communication at port 80 with an Internet
webserver.

Assume that the Stateful Inspection Firewall sitting in the middle allows this outgoing HTTP traffic to
pass. Packets therefore will reach the Web Server which will reply back to the client (as happens with
every TCP communication).

Now, the Stateful Firewall under the hood will save the details of the initiating connection from client to
server in a “state table”. This table will include details such as source IP and source port, destination IP and
destination port, TCP flags, TCP sequence numbers etc.

Therefore, any reply packets coming back from the external web server that match the initial connection
started from the client, will pass through the firewall and reach the client without any extra configuration.

This makes the configuration easier since the administrator does not need to configure any rules on the
firewall to allow the return/reply packets coming from outside to inside. These packets will be allowed
automatically if they belong to an already established connection from client to server.

4) Packet Filtering Firewall

A packet filtering firewall works at the Layer 3 and 4 of the OSI model (that is, Internet IP Layer and
Transport Layer).TRAINING
NETWORKS

Having said that, this type of firewall filters traffic statically only by IP address and port numbers. There is
ABOUT MY BOOKS SUGGESTED TRAINING
no state kept by the firewall about each connection (like the stateful firewall we described above).

A packet filter device checks only the following:

Source IP and port

Destination IP and port

1
Packet
Shares
filtering is also called “stateless firewall”. In Cisco devices for example an Access Control List (ACL)
configured on a router works as a packet filter firewall.

MORE READING: How to Scan your Network for MS17-010 SMB Eternalblue
Vulnerability

One main disadvantage of packet filter firewalls is that you need to configure rules to allow also the reply
packets that are coming back from destination hosts. This is because the firewall does not keep a “state
table” like the stateful firewall we discussed above.

5) Application rewall
As the name suggests, this type works at Layer 7 (application) of OSI model. It inspects and controls
packets at the application level.

This firewall has knowledge of what constitutes safe or normal application traffic and what is malicious
application traffic.

For example, an application firewall that protects a web server, knows about web related HTTP attacks (e.g
SQL injections, Cross Site scripting etc) and protects the application from these attacks by looking into the
HTTP application traffic.

Some examples of application firewalls include:

WAF (Web Application Firewall): Protects websites/webservers

DB (Database) Firewall: Protects Databases such as Oracle, MSSQL etc.
Proxy Firewall: Inspects and protects traffic from users towards the internet. It can also provide
URL/Domain web filtering.

6) Next-generation Firewall (NGFW)

This is mostly a marketing term which has been popular lately among firewall manufacturers. Basically, a
NGFW combines almost all the types we have discussed above into one box. It is a stateful hardware
firewall which also provides application level protection and inspection.

This type offers deep-packet inspection and is capable to identify malicious traffic in all Layers of the OSI
model (up to the application layer).
A NGFW usually provides advanced intrusion detection/prevention, antivirus features, application control
NETWORKS TRAINING
etc. These are usually licensed separately and the customer has to pay extra fees for enabling some/all of
the protections.

ABOUT MY BOOKS SUGGESTED TRAINING

Some NGFWs communicate with a cloud security service of the manufacturer (e.g Cisco Talos, Fortinet
FortiGuard etc) in order to receive threat-intelligence info from the cloud.

7) Telephony Related Firewalls

There is a rare type of firewall which is not usually found in normal enterprise networks except in some
specialized cases.
1
Shares

These are special firewalls related to telephony and VoIP services and are used to protect systems from
telephony communication attacks.

Some examples include:

SIP firewalls (to protect VoIP telephone systems).

SMS firewalls (for GSM mobile networks to protect subscribers from SMS fraud attacks).
SS7 firewalls (to protect mobile telephony operators).

Related Posts
What is a Network Security Key in Home Wireless Networks?
Scanning and Fixing the BlueKeep (CVE-2019-0708) RDP Vulnerability
10 Best Hardware Firewalls for Home and Small Business Networks (2020)
NMAP Commands Cheat Sheet and Tutorial with Examples (Download PDF)
10 Best Open Source Firewalls Comparable to Commercial Solutions

Filed Under: Network Security

Download Cisco Commands Cheat Sheets

Enter your Email below to Download our Free Cisco Commands Cheat Sheets for
Routers, Switches and ASA Firewalls

Email

Email

By submitting this form, you agree that the information you provide will be transferred to
Elastic Email for processing in accordance with their Terms of Use and Privacy Policy.
Also, you allow me to send you informational and marketing emails from time-to-time.
NETWORKS TRAINING I'm not a robot
reCAPTCHA
Privacy - Terms

ABOUT MY BOOKS SUGGESTED TRAINING

SUBSCRIBE

1
Shares

1
Shares

Leave a Reply
Your email address will not be published. Required fields are marked *

Comment

Name *

Email *

I accept the Privacy Policy *

POST COMMENT
This site uses Akismet to reduce spam. Learn how your comment data is processed.
NETWORKS TRAINING

ABOUT MY BOOKS SUGGESTED TRAINING

CATEGORIES

Categories

Select Category

1
Shares

ABOUT NETWORKS TRAINING AMAZON DISCLOSURE

We Provide Technical Tutorials and Configuration As an Amazon Associate I earn from qualifying
Examples about TCP/IP Networks with focus on Cisco purchases.
Products and Technologies. This blog entails my own Amazon and the Amazon logo are trademarks of
thoughts and ideas, which may not represent the Amazon.com, Inc. or its affiliates.
thoughts of Cisco Systems Inc. This blog is NOT
affiliated or endorsed by Cisco Systems Inc. All product
SEARCH
names, logos and artwork are copyrights/trademarks of
their respective owners.
Search this website

SUGGESTED CISCO TRAINING

CISCO CERTIFICATION TRAINING

CISCO CCNA 200-120 TRAINING
CCNA SECURITY 640-554 TRAINING
CCENT ICND1 TRAINING
CISCO ICND2 TRAINING
CISCO CCNP TRAINING

BLOGROLL

Cisco and Other Technologies

Firewall.cx

IP Balance

Copyright © 2019 · | Privacy Policy | Privacy Tools | Terms and Conditions | Hire Me | Contact | Amazon Disclaimer | Delivery Policy