What is Firewall in Computer Network

What is Firewall in Computer Network: An Overview

In layman's term it is not easy to answer what is firewall but I'll try based on current situation. A firewall is an object deployed between two separate spaces to prevent the spread of any kind of virus from one space to another. 

In computer network, a firewall can be a software installed on a computer or a hardware device that filters or restricts unwanted data traffic from one computer or network to another.

Firewall in computer network is a crucial part of IT infrastructure for securing computer networks and other elements. We can categorize a firewall in to host based or network based.

Host Based Firewall

A host based firewalls are installed on end user's computer systems which take action to either allow or deny the traffic. In this case, the firewall services run on the local computer, it consumes resources and impact the other applications of that system only.

In host based firewall architecture, traffic passes through all the network components, that means consuming the network resources before reaching to the end user computer. Here in the below picture is an example of a host based firewall on Microsoft Windows 10.

Network Based Firewall

A network based firewall is completely transparent to the end user. Such types of firewalls are deployed in the network perimeter or at the internet edge to prevent unwanted traffic from entering into the network. 

The end users are completely unaware about the network firewall that is controlling the traffic. In this case, no software is installed in the end user's computer system.

Stateless Firewall

The previous generation of firewall in computer network was able to allow or block traffic based on these 5 elements of a packet called tuple.

● Source IP Address

● Destination IP Address

● Source Port

● Destination Port

● Protocol

When these firewalls examine the packets they are not aware about whether the packet is a part of the existing connection or not. That means these firewalls are not able to identify if the packet is manipulated or a rogue packet. That's why these types of firewalls called Stateless firewalls.

The stateless firewall utilizes the 5-tuple of the OSI layer model as given below.

Now let's take an example to understand what is firewall in computer network particularly stateless one. When an access control list (ACL) is configured in which there is a requirement of allowing only HTTP and DNS traffic while blocking all other inbound traffic on network edge Cisco router.

In this case it is not checking any state of the incoming packet but only check the protocol number HTTP is 80 and UDP is 53 which are TCP and UDP based protocols respectively.

Note: Here Router represents "Internet Edge Cisco Router" shown in the above diagram and no IP address is used in the ACI for allowing or denying traffic.

Similarly, stateless firewall in computer network can be implemented on linux as iptables, let's take an example in which we need to block inbound traffic to SSH (port 22) except from a specific IP address 192.168.1.10

Stateful Firewall

Stateful firewalls are developed to overcome the limitations of stateless firewalls. It keeps the state of the connection in the memory that allows firewall to track the connection stage of TCP handshake, based on which firewall can take action to reject or allow the packets.

In TCP, each connection has a lifetime .Each TCP connection goes through a series of states which are used by the firewall to filter traffic. Here is the TCP connection state diagram.

Traditional firewall in computer network, whether stateless or stateful, often fall short in protecting against modern cyber threats targeting today's applications. To effectively safeguard your network, you need more than basic traffic filtering at layers 2–4.

A robust solution must offer advanced capabilities like application visibility and control, deep packet inspection across layers 3–7, intrusion prevention, encrypted traffic decryption, protocol anomaly detection, and contextual data-driven security event correlation.

Most of the firewall vendors offer stateful firewall, let's take some of the most prominent firewalls and look how to configure stateful firewall on them.

1. Stateful Firewall with IPTABLES in Linux -  Allow established and related connections while blocking new incoming connections except on port 80 (HTTP).

2. Stateful Firewall Configuration on Cisco ASA - Permit outbound HTTP/HTTPS traffic and allow return traffic (stateful inspection).

3. Stateful Firewall on Palo Alto Firewall - Palo Alto firewalls are stateful by default; no additional setup is required for connection tracking. Allow web traffic (HTTP/HTTPS) while inspecting stateful sessions.

4. Stateful Firewall on FortiGate - Allow inbound SSH and HTTP connections with stateful tracking.

Next Generation Firewall

The next-generation firewall (NGFW) addresses these challenges by consolidating all these critical security features into a single, efficient platform, ensuring comprehensive protection against evolving cyber threats.

Traditional firewall in computer network including stateful, often fall short in protecting against modern cyber threats targeting today's applications. To effectively safeguard your network, you need more than basic traffic filtering at layers 2–4.

It offers robust solution with advanced capabilities like application visibility and control, deep packet inspection across layers 3–7, intrusion prevention, encrypted traffic decryption, protocol anomaly detection, and contextual data-driven security event correlation.

The next-generation firewall (NGFW) addresses these challenges by consolidating all these critical security features into a single, efficient platform, ensuring comprehensive protection against evolving cyber threats.

Here is the diagram depicted some of the security services as next generation firewall (NGFW) 

Leading Firewall Vendors

Cisco: 

● Offers a range of firewalls, including NGFWs, through its Cisco ASA and Firepower series.

● Known for high security, integration with Cisco network environments, and scalability.

Palo Alto Networks:

● Provides advanced NGFWs with application, user, and content identification capabilities.

● Strong focus on threat prevention and integration with other Palo Alto products, like their Cortex XDR.

Fortinet:

● Known for its FortiGate series, which integrates firewall, VPN, antivirus, and intrusion prevention.

● Offers a range of appliances for small to enterprise-level organizations.

Juniper Networks:

● Provides firewalls through its SRX series, focused on performance and advanced threat intelligence.

● Often used in enterprise data centers and cloud environments.

Check Point:

● Known for robust NGFW features, Check Point firewalls are widely used in corporate networks.

● Offers unified threat management, secure application control, and centralized management.

Sophos:

● Provides firewall solutions integrated with endpoint protection.

● Known for user-friendliness, strong threat detection, and its XG Firewall series tailored for small to medium-sized businesses.