Firewalls are a type of cybersecurity tool used to filter traffic on a network. A firewall can be used to isolate network nodes from external traffic sources, internal traffic sources or certain applications. Firewalls can be software, hardware, or cloud-based, and each type of firewall has its own pros and cons.
The main purpose of the firewall is to block malicious traffic requests and data packets while allowing legitimate traffic.
Types of firewall
Firewall types can be divided into several categories depending on their overall nature and how they work. Here are 8 types of firewalls.
packet filtering firewall
Circuit level gateway
Stateful firewall
Application-level gateway (i.e. proxy firewall)
Next generation firewall
Software firewall
Hardware firewall
cloud firewall
Note: The last three bullet points list how to provide firewall functionality, not the type of firewall architecture.
How do these firewalls work? Which is best for your cybersecurity needs?
Here are some brief explanations:
Packet filtering firewall
Firewall architecture type
Packet filtering firewalls, the most "basic" and oldest type of firewall architecture, create checkpoints on traffic routers or switches by default. The firewall performs a simple inspection of data packets from the router. That is, it checks information such as destination and source IP address, packet type, port number, and other surface level information without opening the packet and examining its contents.
If the information package does not pass inspection, it is dropped.
The advantage of these firewalls is that they are not resource intensive. However, it is relatively straightforward, with no significant impact on system performance. However, it is relatively easy to bypass compared to firewalls with more robust control capabilities.
circuit level gateway
Another simple type of firewall, circuit-level gateways work by resolving Transmission Control Protocol (TCP) handshakes to quickly and easily grant or deny traffic without using significant computing resources. This TCP handshake check is designed to verify that the session from which the packet was sent is legitimate.
Although very resource efficient, these firewalls do not check packets on their own. That is, if the packet contains malware, but a valid TCP handshake, it passes directly. Therefore, circuit-level gateways alone are not enough to protect your business.
Status Check Firewall
These firewalls combine packet inspection technology with TCP handshake verification to create a higher level of protection than only one of the previous two architectures can provide.
However, these firewalls also put more strain on your computing resources. This can lead to a slower legitimate packet transfer compared to other solutions.
Proxy Firewall (Application Level Gateway / Cloud Firewall)
The proxy firewall works at the application layer to filter incoming traffic between the network and the traffic source, hence it is called an "application-level gateway". These are provided through firewalls, cloud-based solutions or other proxy devices. Instead of allowing the traffic to connect directly, the proxy firewall first establishes a connection to the traffic source and examines the incoming data packets.
This inspection is similar to a stateful inspection firewall in that it verifies both the packet and the TCP handshake protocol. However, the proxy firewall performs deep packet inspection to verify the actual contents of the information packet to ensure it is free of malware.
When the verification is complete and the packet's binding to the destination is confirmed, the proxy sends the packet. This creates an extra layer between the "client" (the machine from which the packet originated) and the individual devices on the network, preventing these devices from creating additional anonymity and protection for the network.
One disadvantage of proxy firewalls is that extra steps in the data packet transfer process can cause significant slowdowns.
Next generation firewall
Many of the most recently released firewall products are being touted as "next generation" architectures. But there isn't much consensus on what makes firewalls truly next-gen.
Some common features of next-generation firewall architectures include deep packet inspection (checking the actual content of data packets), TCP handshake inspection, and surface-level packet inspection. Next-generation firewalls may also include other technologies such as intrusion prevention systems (IPS) that automatically block attacks on your network.
The problem is that next-generation firewalls do not have a single definition, so this security