Different types of firewalls are available on the market today, but which one should you choose to protect your network? Firewalls are an indispensable tool in network security, serving to both define and defend the network perimeter. But how they are deployed, what they defend against, and how they perform comprise the major differences in firewalls.
Firewall Background and History
Firewalls have been in use almost from the beginning of modern networking. Initially, they provided simple stateless packet filtering based on a rule set. A slightly different method is employed by circuit-level firewalls, which simply validate the traffic’s TCP handshake to ensure its validity.
Stateful inspection firewalls incorporate the previous versions’ packet filtering and Layer-4 TCP examination to provide greater protection. Like its predecessors, this type of firewall inspects only at an elementary level, which can allow disguised malware and other attacks to get through to the network.
Another type of firewall is the application-level or proxy firewall, which acts as an agent to separate incoming traffic from the network, and also performs deeper inspections. While it provides far greater visibility and control over applications and protocols, it can also be a bottleneck that leads to performance degradation and latency.
The most recent iteration is the next-generation firewall (NGFW), which has become the standard for perimeter network protection. NGFWs incorporate most or all of the previous firewalling techniques, as well as multiple other security technologies. This consolidation offers multiple benefits such as reduced footprints in data centers, lower management overhead, and synchronization of security functions for improved performance.
How do NGFWs Work and Why is it Important?
As mentioned, a firewall both defines and defends the network perimeter. All traffic that crosses the perimeter will pass through the firewall, giving it visibility to inspect and block bidirectional traffic that is in violation of pre-defined ACLs or is identified as a potential threat. The latter includes malformed packets, abnormal protocols or a wide variety of other anomalies.
The NGFW needs to be application-aware in order to accurately identify anomalous traffic, and be able to process SSL-encrypted traffic (which is the majority of network traffic today) without impacting throughput.
In addition, most types of next-gen firewalls include other technologies like IPS, DPI, URL filtering and anti-virus, for example. Many include VPN capability for remote workers, and load balancing. More advanced NGFWs include cloud sandboxing, botnet C&C detection and prevention, and anti-spam.
Ideally, these protections work through a unified threat detection and analytics engine that coordinates the mechanisms to enhance efficiency while reducing latency, and incorporate artificial intelligence to maximize accuracy and response.
The importance of a high-performance, intelligent next-gen firewall in defense of the network cannot be over-emphasized. It serves as the first line of defense for the network and the valuable corporate resources that lie within it.
NGFW Deployment Options
A range of next-gen firewall options is available to serve deployment needs from small offices to very large corporate campuses and data centers, in hardware, software, and cloud form factors.
- Hardware NGFWs are available as rack-mount or desktop models. A desktop model is suitable for small or remote branch offices, individual departments and other applications. Rack-mount hardware models can range from relatively small capacities up to very large data center firewalls with more than a terabit per second of throughput.
- Software NGFWs offer a lower-cost option that runs on general-purpose computing platforms like virtual machines, on other compatible devices, or in the cloud. These NGFWs can be rapidly provisioned and deployed at scale, and advanced software NGFWs offer nearly the full complement of protections offered by their hardware-based counterparts.
Each type of firewall deployment model has both benefits and drawbacks. For example, hardware models can be limited by number of interfaces, but the architecture is fine-tuned for performance. Software and cloud versions might offer a little less performance, but highly flexible scaling capabilities.
This post has provided an overview of the types of firewalls and how the technology has evolved from simple packet-filtering to today’s next-generation firewalls. However, there are a number of key things to consider when selecting a NGFW for your organization, and in our next post, we’ll dive into them.
If you need assistance in choosing the right type of firewall for your organization, reach out to us today. Our experienced and knowledgeable team is happy to assist.