Understanding Firewall in Networking, Its Working and Types

In the universe of computer networks, the concept of security is truly important. With cyber threats growing more and more advanced, guarding spaces has never been more noteworthy. A computer network firewall is a highly important network security tool that ensures unauthorized access is blocked while authorized traffic flows throughout the organization.

In this article, we will understand what is a firewall and how does it work. We have explained firewall meaning in simple words and covered the types of firewalls, benefits, and limitations of firewalls.

What is a Firewall in Networking?

A firewall in computer networks is a security device—either hardware, software, or a combination of both—that monitors and filters incoming and outgoing traffic based on pre-established security rules.

Its primary function is to serve as a barrier between a trusted internal network and untrusted external networks, such as the Internet. 

Firewalls operate on three basic actions: 

● Accept: Permit the traffic to pass. 

● Reject: Block the traffic but notify the sender with an "unreachable error." 

● Drop: Block the traffic silently without any response. 

What is Firewall Used For?

Firewall devices are used to monitor and control incoming and outgoing network traffic based on predefined security rules.

Firewalls can filter traffic, create audit trails, and enforce policies to enhance overall network security. They are critical for both personal and enterprise environments, ensuring that only legitimate traffic is allowed while blocking potentially harmful data packets.

Start Your Career with CCNA CertificationEnroll in live training class to prepare for CCNA Certification Exam.Explore course

How Does a Firewall Work?

A firewall works by monitoring and controlling incoming and outgoing network traffic based on predefined security rules.

It acts as a gatekeeper, allowing trusted traffic while blocking potentially harmful data packets. Firewalls analyze packet information, such as source and destination addresses, to determine whether to permit or deny access.

They create a barrier between trusted internal networks and untrusted external networks, preventing unauthorized access and cyber threats. Firewalls can operate at various levels, including packet filtering, stateful inspection, and application-layer filtering, ensuring comprehensive protection for the network.

Role of NAT and VPN in Firewalls 

Firewalls often support Network Address Translation (NAT) and Virtual Private Network (VPN) functions: 

● NAT: Masks internal IP addresses by translating them into public IPs. This not only conserves IPv4 addresses but also protects devices from external reconnaissance. 

● VPN: Creates secure, encrypted tunnels over public networks, ensuring safe transmission of data between remote users and private networks. 

Firewall Functions in Networking

Firewalls perform several vital functions: 

1. Traffic Monitoring and Control: Firewalls examine incoming and outgoing network traffic to ensure it complies with predefined security policies. 

2. Blocking Unauthorized Access: Firewalls prevent unauthorized users from accessing private networks or systems. 

3. Protecting Against Cyber Threats: Firewalls block malicious traffic, including Malware, Viruses, Ransomware, Spyware 

4. Enforcing Security Policies: Organizations can define and enforce specific security rules through firewalls, such as blocking websites and Limiting traffic based on geographic locations. 

5. Network Segmentation: Firewalls help divide a network into smaller, secure zones. 

6. Preventing Data Leaks: Firewalls monitor outbound traffic to ensure sensitive information is not transmitted outside the network without authorization. 

Types of Firewalls

There are multiple types of firewalls for organizational and personal uses. Some common types of firewalls include:

1. Packet Filtering Firewall: This firewall filters traffic based on packet headers such as IP addresses, protocols, and ports. While efficient, it treats packets in isolation and cannot track the context of ongoing sessions. 

2. Stateful Inspection Firewall: Tracks the state of active connections and filters traffic based on both predefined rules and session context. This makes it more effective than packet filtering. 

3. Software Firewall: Installed on individual devices or servers, software firewalls are flexible and ideal for personal use. However, they can be resource-intensive. 

4. Hardware Firewall: A physical device that inspects traffic before it reaches the internal network. Suitable for large-scale networks, hardware firewalls are robust but can be costly. 

5. Application Layer Firewall: Operates at the application layer of the OSI model, inspecting traffic for specific applications or protocols (e.g., HTTP, FTP). Often used as a proxy firewall, it prevents direct connections, enhancing security. 

6. Next-Generation Firewall (NGFW): Combines traditional firewall features with advanced capabilities like deep packet inspection, SSL decryption, and application awareness. 

7. Proxy Service Firewall: Acts as an intermediary between users and the internet, ensuring that sensitive data never directly interacts with external networks. 

8. Circuit-Level Gateway Firewall: Operates at the session layer, validating TCP connections without inspecting the data packets. While lightweight, it is less secure against modern cyber threats. 

Host-Based Firewall

Host-based firewalls are installed on end users' computer systems which take action to either allow or deny the traffic. In this case, the firewall services run on the local computer, it consumes resources and impacts the other applications of that system only.

In host-based firewall architecture, traffic passes through all the network components, which means consuming the network resources before reaching the end user's computer. Here in the below picture is an example of a host-based firewall on Microsoft Windows 10.

Network-Based Firewall

A network-based firewall is completely transparent to the end user. Such types of firewalls are deployed in the network perimeter or at the internet edge to prevent unwanted traffic from entering the network. 

The end users are completely unaware of the network firewall that is controlling the traffic. In this case, no software is installed in the end user's computer system.

Network firewalls can be further categorized into 3 types- Stateless firewalls, Stateful Firewalls, and Next-Generation Firewalls(NGFW).

Stateless Firewall

The previous generation of firewalls in computer networks was able to allow or block traffic based on these 5 elements of a packet called a tuple.

● Source IP Address

● Destination IP Address

● Source Port

● Destination Port

● Protocol

When these firewalls examine the packets they are not aware of whether the packet is a part of the existing connection or not. That means these firewalls are not able to identify if the packet is manipulated or a rogue packet. That's why these types of firewalls are called Stateless firewalls.

The stateless firewall utilizes the 5-tuple of the OSI layer model as given below.

Stateless Firewall Example: When an access control list (ACL) is configured in which there is a requirement of allowing only HTTP and DNS traffic while blocking all other inbound traffic on the network edge Cisco router.

In this case, it does not check any state of the incoming packet but only checks the protocol number HTTP is 80 and UDP is 53 which are TCP and UDP-based protocols respectively.

Note: Here Router represents the "Internet Edge Cisco Router" shown in the above diagram and no IP address is used in the ACI for allowing or denying traffic.

Similarly, a stateless firewall in a computer network can be implemented on Linux as iptables, let's take an example in which we need to block inbound traffic to SSH (port 22) except from a specific IP address 192.168.1.10

Stateful Firewall

Stateful firewalls are developed to overcome the limitations of stateless firewalls. It keeps the state of the connection in the memory that allows the firewall to track the connection stage of the TCP handshake, based on which firewall can take action to reject or allow the packets.

In TCP, each connection has a lifetime. Each TCP connection goes through a series of states which are used by the firewall to filter traffic. Here is the TCP connection state diagram.

Traditional firewalls in computer networks, whether stateless or stateful, often fall short of protecting against modern cyber threats targeting today's applications. To effectively safeguard your network, you need more than basic traffic filtering at layers 2–4.

A robust solution must offer advanced capabilities like application visibility and control, deep packet inspection across layers 3–7, intrusion prevention, encrypted traffic decryption, protocol anomaly detection, and contextual data-driven security event correlation.

Most of the firewall vendors offer stateful firewalls, let's take some of the most prominent firewalls and look at how to configure stateful firewalls on them.

1. Stateful Firewall with IPTABLES in Linux -  Allow established and related connections while blocking new incoming connections except on port 80 (HTTP).

2. Stateful Firewall Configuration on Cisco ASA - Permit outbound HTTP/HTTPS traffic and allow return traffic (stateful inspection).

3. Stateful Firewall on Palo Alto Firewall - Palo Alto firewalls are stateful by default; no additional setup is required for connection tracking. Allow web traffic (HTTP/HTTPS) while inspecting stateful sessions.

4. Stateful Firewall on FortiGate - Allow inbound SSH and HTTP connections with stateful tracking.

Next-Generation Firewall (NGFW)

The next-generation firewall (NGFW) addresses these challenges by consolidating all these critical security features into a single, efficient platform, ensuring comprehensive protection against evolving cyber threats.

Traditional firewalls in computer networks including stateful, often fall short in protecting against modern cyber threats targeting today's applications. To effectively safeguard your network, you need more than basic traffic filtering at layers 2–4.

Next-Generation Firewall offers a robust solution with advanced capabilities like application visibility and control, deep packet inspection across layers 3–7, intrusion prevention, encrypted traffic decryption, protocol anomaly detection, and contextual data-driven security event correlation.

The next-generation firewall (NGFW) addresses these challenges by consolidating all these critical security features into a single, efficient platform, ensuring comprehensive protection against evolving cyber threats.

Here is the diagram depicting some of the security services as next-generation firewall (NGFW) 

Choosing Your Firewall Deployment: Use Cases 

Selecting the right firewall deployment strategy depends on the specific needs of your organization, network infrastructure, and security goals. Here are common use cases to help you decide the best approach to firewall deployment: 

1. Protecting an Internal Network 

Use Case: Small and medium businesses (SMBs), enterprise networks, or data centers need protection from external threats. 

Recommended Firewall: Hardware Firewall and Next-Generation Firewall (NGFW). 

Deployment: Place the firewall between the internal network and the internet to monitor incoming/outgoing traffic. 

2. Securing Remote Workforce 

Use Case: Employees accessing corporate networks remotely using unsecured networks (e.g., home Wi-Fi or public hotspots). 

Recommended Firewall: Software Firewall and VPN-Compatible Firewall.

Deployment: Deploy software firewalls on end-user devices and integrate VPNs into the network to secure remote connections. 

3. Isolating Critical Systems 

Use Case: Organizations with sensitive data, such as financial institutions, healthcare providers, or government entities. 

Recommended Firewall: Application Layer Firewall and Stateful Inspection Firewall. 

Deployment: Use internal firewalls to segment critical systems (e.g., payment processing servers) from the rest of the network. 

4. Enhancing Cloud Security 

Use Case: Businesses operating in hybrid or fully cloud-based environments need to secure data stored or processed in the cloud. 

Recommended Firewall: Cloud-Native Firewall and Virtual Firewall. 

Deployment: Place firewalls at the edge of the cloud network or integrate directly with cloud-based workloads. 

5. Defending Against Advanced Persistent Threats (APTs) 

Use Case: Organizations at risk of sophisticated attacks targeting intellectual property or sensitive data. 

Recommended Firewall: Next-Generation Firewall (NGFW) and Intrusion Prevention System (IPS). 

Deployment: Deploy NGFWs at the network perimeter and between internal segments for multi-layered protection. 

6. Enforcing Web Access Policies 

Use Case: Schools, enterprises, or public institutions need to regulate internet access and block harmful or inappropriate content. 

Recommended Firewall: Proxy Firewall and Application Layer Firewall. 

Deployment: Configure firewalls to filter outbound traffic based on URL categories, keywords, or time-of-day restrictions. 

Firewall Evolution Over the Years

Firewalls have evolved significantly from basic packet filters in the 1980s to complex, multi-functional systems today. Initially, firewalls only allowed or blocked traffic based on predefined rules. The introduction of stateful inspection in the 1990s allowed firewalls to track active connections and improve security. 

In the mid-2000s, Next-Generation Firewalls (NGFWs) emerged, combining stateful inspection with advanced features like deep packet inspection, application-level filtering, and integrated intrusion prevention systems. These advancements enabled firewalls to protect against more sophisticated threats like malware and APTs. 

Today, firewalls are crucial for securing networks, providing protection against cyberattacks, enabling Zero Trust Architecture, and securing cloud environments. The future of firewalls will involve AI-driven threat detection, automation, and integration with broader security platforms like XDR. 

Firewalls remain essential to modern cybersecurity, adapting to new threats and securing both on-premises and cloud infrastructures. 

Who invented the Firewall?

Firewalls evolved through contributions from various innovators: 

● Jeff Mogul, Paul Vixie, and Brian Reid: Pioneered packet-filtering technology at Digital Equipment Corporation. 

● Marcus Ranum: Developed application-layer firewalls at DEC in the early 1990s. 

● Gil Shwed and Nir Zuk: Created the first user-friendly, commercial firewall product at Check Point Software Technologies. 

Latest Trends in Firewall Technology 

Firewalls continue to evolve in response to the growing complexity of cyber threats and advancements in network infrastructure. Below are some of the key trends shaping the future of firewalls: 

1. Rise of Next-Generation Firewalls (NGFWs) 

NGFWs go beyond traditional packet filtering and stateful inspection by integrating advanced features like: 

1. Deep packet inspection (DPI). 

2. Application awareness and control. 

3. Intrusion detection and prevention systems (IDPS). 

4. SSL/TLS encrypted traffic analysis. 

These firewalls are essential for detecting sophisticated attacks such as zero-day threats and Advanced Persistent Threats (APTs). 

2. Cloud-Delivered Firewalls (Firewall-as-a-Service, FWaaS) 

With the rise of cloud computing, FWaaS solutions are becoming popular, offering: 

1. Scalability for dynamic cloud environments. 

2. Centralized management of firewall policies across hybrid or multi-cloud infrastructures. 

3. Enhanced support for remote workforces through seamless integrations with Secure Access Service Edge (SASE) architectures. 

3. Integration with AI and Machine Learning 

AI-powered firewalls are increasingly capable of: 

1. Automating threat detection and response. 

2. Identifying patterns of anomalous behavior in real-time. 

3. Adapting to new attack vectors through continuous learning. 

4. Zero Trust Network Access (ZTNA) Integration 

Firewalls are becoming a cornerstone of Zero Trust security models by: 

1. Verifying user and device identities before granting access. 

2. Enforcing granular access controls. 

3. Segmenting networks to limit lateral movement of attackers. 

5. Container-Aware Firewalls 

As organizations adopt containerized environments like Kubernetes, firewalls are evolving to: 

1. Secure inter-container communication. 

2. Protect containerized applications against vulnerabilities and misconfigurations. 

6. Emphasis on IoT Security 

The proliferation of Internet of Things (IoT) devices introduces new vulnerabilities. Firewalls are now: 

1. Incorporating IoT-specific security protocols. 

2. Monitoring and securing device-to-device communication. 

Why Are Firewalls Important? 

Firewalls serve as a network’s first line of defense against cyber threats. Without them, networks are vulnerable to unauthorized access, malware, and other malicious activities. By enforcing strict traffic control, firewalls help: 

● Protect sensitive data. 

● Mitigate the risk of identity theft and online fraud. 

● Restrict unauthorized access to critical systems. 

Disadvantages of Firewalls 

● Configuring and maintaining firewalls can be challenging. 

● Hardware firewalls and advanced features may be expensive. 

● Cannot detect threats at the application or endpoint levels. 

● Heavy traffic filtering can slow down network performance. 

● Overreliance on firewalls may neglect other critical security measures. 

Firewall vs Antivirus- What's the Difference?

Leading Firewall Vendors

1. Cisco: 

● Offers a range of firewalls, including NGFWs, through its Cisco ASA and Firepower series.

● Known for high security, integration with Cisco network environments, and scalability.

2. Palo Alto Networks:

● Provides advanced NGFWs with application, user, and content identification capabilities.

● Strong focus on threat prevention and integration with other Palo Alto products, like their Cortex XDR.

3. Fortinet:

● Known for its FortiGate series, which integrates firewall, VPN, antivirus, and intrusion prevention.

● Offers a range of appliances for small to enterprise-level organizations.

4. Juniper Networks:

● Provides firewalls through its SRX series, focused on performance and advanced threat intelligence.

● Often used in enterprise data centers and cloud environments.

5. Check Point:

● Known for robust NGFW features, Check Point firewalls are widely used in corporate networks.

● Offers unified threat management, secure application control, and centralized management.

6. Sophos:

● Provides firewall solutions integrated with endpoint protection.

● Known for user-friendliness, strong threat detection, and its XG Firewall series tailored for small to medium-sized businesses.