The internet was an absolute marvel when it was created. People from around the globe could share information with anyone, which led to an explosion in connectivity, but also brought with it the potential for malicious actors to view, hijack, and harm countless payloads of traffic.

Firewalls were created as one of the many network security tools meant to prevent these attackers from intruding into networks and having their way with helpless users.

Today, we’re going to dive into:

  • What a firewall is
  • How a firewall works
  • The different types of firewalls
  • The components of a firewall
  • The future of firewalls

We’ve even included some simple diagrams that’ll show you how a firewall interacts with networks and the traffic that passes in and out of them.

What Is a Firewall?

Simply put, a firewall filters ― permits or denies ― traffic based on a preset list of criteria arranged by a user or security team along with inspection capabilities, previously established traffic types, and other validity checks.

Firewalls are used to protect networks from intrusions, prevent malware from entering a network, allow and prevent internet protocol (IP) addresses from sending or receiving traffic and, in some cases, sandbox threats.

These rules are set for both inbound and outbound traffic as a means to control who and what’s allowed through this particular barrier. These firewalls exist as physical devices installed on a network or as a software program meant for governing traffic on a device like a computer, server, switch, or router.

What Are the Types of Firewalls?

There are three types of firewalls currently on the market, each more advanced than the last with additional security capabilities:

Packet Filtering Firewall

This is the oldest and most recognizable form of a firewall. Packet filtering firewalls are a part of what is known as “perimeter-based security” which secures network traffic by allowing packets from trusted IP sources while filtering out those that are unknown or untrusted by means of an access control list (ACL).

Packet FIltering Firewall Diagram
This is the basic layout of a perimeter-based security architecture with a packet filtering firewall
Source: Created in Canva

Packet filtering firewalls are “stateless firewalls” since they employ only access control lists to control inbound and outbound traffic. This makes them simple and cost-effective, but without any learning capabilities to remember repeat inbound and outbound connections or deep packet inspection, they aren’t useful against more advanced threats, such as malicious packets originating from trusted IP sources.

Stateful Inspection Firewalls

The next step up from the basic capabilities of a packet filtering firewall is the stateful inspection firewall.

On one hand, packet filtering firewalls are stateless and rely on information technology (IT) security personnel to manually create access control lists to either approve or deny network traffic from specific IP addresses.

Meanwhile, stateful inspection firewalls are capable of using ACLs, but also inspect the packet traffic, log the packet data, then use those logs to compare to future traffic arriving from the same source to validate it.

Stateful Inspection Firewalls Diagram
The stateful inspection firewall allows traffic based on the previously approved packet types from specific IP addresses
Source: Created in Canva

Stateful inspection firewalls operate under the concept of “this traffic was safe before, so if it is the same, it is safe now.”

While this is more secure than only relying on a static ACL, stateful inspection firewalls are very process-intensive and have a tendency to bottleneck traffic, making them potential targets for distributed denial-of-service (DDOS) attacks.

Proxy Firewalls

A proxy firewall is the most secure firewall type. Instead of allowing traffic to have direct contact with your network perimeter, all traffic is filtered through a proxy server as the gateway and the firewall is set up within this server.

Proxy Firewall Diagram
The added layer of separation from the proxy server creates insulation that affects the gateway before it reaches the main network perimeter
Source: Created in Canva

This firewall type uses capabilities like:

  • Deep packet inspection (DPI): This feature inspects packets for signs of incoming malware, outgoing sensitive data, and monitoring for restricted content like inappropriate websites.
  • Sandboxing: Proxy firewall servers typically work in conjunction with threat protection capabilities like sandboxing to capture suspicious payloads and play them out in a safe environment to prevent malware from reaching the network.
  • Traffic validation: Similar to a stateful inspection firewall, a proxy firewall will also compare old traffic to current traffic coming from recognized IP addresses.

Once traffic has passed through the proxy firewall, it’s logged and used to measure against future traffic sent through the server and into the network.

What Are the Components of a Firewall?

The concept of a firewall is built upon a specific set of components that make up its architecture, no matter if we’re talking about hardware or software-based firewalls.

There four main components of a firewall are network policies, packet filtering, application gateway, and authenticated access.

Network Policies

Network policies are the rules governing how traffic in and out of a network is handled. These policies include:

  • Which types of traffic are allowed and restricted to pass-through
  • Which IP addresses are to be trusted when passing through the firewall
  • How the firewall server is to be used (for example, restrictions on using it as a web server, aka “dedicated functionality”)
  • Allowable changes to the network
  • Regularity of security audits

It’s important when managing a firewall to regularly inspect the policies implemented to spot any alterations that might create gaps in your security architecture.

Packet Filtering

Packet filtering is one of the primary components of a firewall architecture. It was the first firewall security measure created to prevent malicious connections from reaching a network but has evolved into a content filtering capability extending beyond blocking and allowing IP addresses.

Today, packet filters can filter out:

  • Suspicious payloads
  • Web traffic from restricted sites
  • Packets from IP addresses
  • Unusually large traffic loads passing through

They also control traffic through different transmission control protocol/user datagram protocol (TCP/UDP) sources and destination ports.

Application Gateway

Application gateways are a newer component for modern firewalls. These gateways operate via proxy servers and create a go-between for the user and the data they’re trying to interact with outside the network.

For example, if a user wants to view a web page, rather than sending the traffic directly from the internet to the internal network perimeter, it sets up a proxy to inspect the packets as they’re passed along to render for the user.

Authenticated Access

It’s not enough to rely on passwords to protect your firewalls. Hackers can guess, steal, and crack passwords, especially when people use the same passwords for multiple services.

Whether you’re securing physical servers or virtual firewalls, the best architectures employ multiple authentication methods on top of passwords, such as:

  • Multifactor authentication
  • Biometrics
  • Radio-frequency identification (RFID) devices
  • Smart cards

What Is the Future of Firewalls in the Era of Cloud Computing?

These days, the traditional network perimeter is dissolving away to make way for a more cloud-based experience. Data and applications are rarely stored and run locally and instead rely on remote cloud servers to host, process, and transmit data to users wherever they are. This means that traditional network firewalls are falling into irrelevancy.

Companies are moving toward perimeter-less architecture known as secure access service edge (SASE), a term coined by Gartner. SASE relies on security functions that operate in the cloud, firewalls included.

Next-generation firewalls are a part of this transition and much of the functionality of proxy firewalls is being brought into the cloud and offered as a subscription service known as firewall as a service (FWaaS). These firewalls will work with other cloud-based security tools, such as:

  • Secure web gateways (SWG)
  • Zero trust network access (ZTNA)
  • Cloud access security brokers (CASB)
  • Network as a service (NaaS)
SASE architecture
This is the essential list of tools that make up a SASE architecture, including Firewall as a Service
Source: Created in Canva

All of these tools, including FWaaS, will converge to create a new security and network architecture. So, the question remains, is it worth investing in older network firewalls when creating your digital security plan or beginning your transition into the cloud?

Related Software and Services