Types of Firewall Explained with Functions and Features

A firewall functions as a protective barrier that monitors and controls network traffic based on predefined rules. This tutorial explains fundamental functions and features of firewalls and their role in protecting network resources from unauthorized access. There are two types of firewalls: hardware and software.

Hardware firewall

A hardware firewall operates on a dedicated device, allocating all system resources to firewall functions. This configuration enables rapid and precise traffic filtering. Hardware firewalls often include additional security features such as encryption and logging. Configuring hardware firewalls is a complex process that generally requires the expertise of experienced network administrators. Furthermore, it requires dedicated devices, which increases network costs. High processing speed and accuracy are the main advantages of hardware firewalls. However, these benefits are offset by higher costs and the complexity of configuration.

Software firewall

A software firewall is installed on a general-purpose device and operates as application software. Since it shares system resources with other applications, its performance and accuracy are typically lower than those of hardware firewalls. Additionally, software firewalls generally offer fewer features than hardware firewalls. Software firewalls are easier to configure. A typical user can easily configure and implement them to meet their specific security requirements. As they do not require additional hardware, software firewalls do not increase overall network costs. The primary advantages of software firewalls are their low cost and ease of configuration. However, these firewalls are limited by reduced speed, lower accuracy, and fewer supplementary features.

Basic functions and features of the firewall

Both hardware and advanced software firewalls can filter network traffic based on a range of rules and conditions. There are three types of filtering: packet-level, circuit-level, and application-level filtering.

Packet-level filtering (Network layer filtering)

The network layer utilizes two addresses for routing and delivering data packets: the source IP address and the destination IP address. Firewalls can be configured to filter network traffic based on these addresses.

Consider a scenario involving two computers, Dell and HP, with IP addresses 10.10.10.10 and 20.20.20.20, respectively. A firewall is positioned between these devices. When the Dell computer sends a data packet to the HP computer, the HP computer receives it, depending on the firewall's configuration.

Packet-level filtering example

The HP computer receives the packet only if the firewall is configured to permit packets originating from host 10.10.10.10 and destined for host 20.20.20.20.

Circuit-level filtering (Transport layer filtering)

Circuit-level filtering builds on packet-level filtering by analyzing Transport Layer features. The transport layer utilizes port numbers to identify destination applications and implements the Three-way handshake to ensure reliable data delivery. This process involves the sender establishing a temporary connection with the receiver prior to data transmission.

A firewall may be configured to filter data according to these transport-layer functions. For example:

  • A firewall can be instructed to allow or deny a packet based on its destination port number.
  • A firewall can be instructed to allow only the outgoing and return traffic.
Example 1

Consider a scenario in which a server and a workstation are connected through a firewall. The server hosts multiple services, but only specific services should be accessible from the workstation. In this situation, the firewall can be configured to permit only data packets intended for the designated services. For instance, the firewall can be configured to allow packets only if their destination port is 80, which is associated with web services. This rule denies all other traffic from the workstation, except web server traffic.

Circuit-level filtering example

Example 2

A small office is connected to the Internet via a firewall. The administrator wants to permit internal users to access external resources while safeguarding the internal network from external threats. This can be achieved by configuring a firewall to allow connection-initiating packets exclusively from internal users. The connection-initiating packet is the initial packet in the three-way handshake, transmitted by the host attempting to establish a temporary connection with a remote host. By permitting only internal users to send this packet, the firewall ensures that only internal users can initiate network connections.

tcp session firewall example

There are multiple conditions that can be configured to instruct the firewall on how to handle incoming packets. For example, Cisco routers are equipped with dedicated modules for both packet and circuit filtering.

Application-level filtering (Application layer filtering)

Application-level filtering constitutes the most advanced form of traffic filtering. It inspects network traffic based on application-layer protocols, such as HTTP and FTP, and can log traffic for subsequent analysis or action. The following example illustrates this approach.

Suppose a firewall is configured to allow web traffic on port 80 using packet and circuit-level filtering. This configuration may inadvertently permit traffic from applications that establish proxy TCP connections over port 80. To restrict access to HTTP traffic and block proxy traffic on this port, the firewall should be configured to inspect the application-layer protocol or the contents of each packet. Consequently, only legitimate HTTP traffic will be allowed, while proxy traffic from other applications, such as P2P torrent clients, will be denied.

application filter firewall example

Application-level filtering is more complex and resource-intensive than packet or circuit-level filtering. It requires specific configuration for each application-layer protocol that is to be permitted. Although application-level filtering can be implemented on both hardware and software firewalls, it is generally advisable to deploy this feature exclusively on hardware firewalls. Implementing application-level filtering on a software firewall may adversely affect the performance of other device functions.

For instance, a router that provides firewall capabilities as an additional feature should not be utilized for application-level filtering. The primary function of a router is to forward data packets efficiently, and extensive filtering can impede this process. In such cases, a dedicated hardware firewall is preferable to avoid overloading the software firewall with complex configurations.

Stateful inspection

In addition to the previously described filters, hardware firewalls offer several advanced traffic-filtering features. For example, a stateful hardware firewall can be configured to collect and store information about each packet that traverses it. This stored information is subsequently used to filter future packets, a process known as stateful inspection. Stateful inspection is primarily employed to mitigate denial-of-service (DoS) attacks. A DoS attack occurs when a legitimate host repeatedly accesses a legitimate service within a short period.

For example, if a firewall permits anonymous access to a web server on port 80, an attacker may exploit this by overwhelming the server with excessive requests. If the server can handle 100 requests per second but receives 1000 requests per second, it may fail. Since these requests are technically valid, the firewall does not filter them by default.

Firewall DoS attack example

To counteract this type of attack, stateful inspection is utilized. It monitors and logs the number of TCP connection requests per second from each client IP address to each server. Based on this data, the firewall can identify repeated requests and, upon detecting an unusually high volume from a limited group of clients, block those clients to protect the server from a DoS attack.

Conclusion

Firewalls are critical for protecting network resources from unauthorized access and cyberattacks. By employing filtering techniques at the packet, circuit, and application levels, as well as advanced features such as stateful inspection, firewalls deliver layered security suited to diverse network environments. Hardware firewalls offer superior speed, accuracy, and advanced protection, whereas software firewalls provide flexibility and cost-effectiveness for less demanding scenarios. A thorough understanding of these distinctions lets you select and configure firewalls that align with your security needs.

ComputerNetworkingNotes CCNA Study Guide Types of Firewall Explained with Functions and Features

We do not accept any kind of Guest Post. Except Guest post submission, for any other query (such as adverting opportunity, product advertisement, feedback, suggestion, error reporting and technical issue) or simply just say to hello mail us ComputerNetworkingNotes@gmail.com