Types of Firewalls (39.5.2)
It is important to understand the different types of firewalls and their specific capabilities so that the right firewall is used for each situation.
Packet Filtering (Stateless) Firewall
Packet filtering firewalls are usually part of a router firewall, which permits or denies traffic based on Layer 3 and Layer 4 information, as shown in Figure 39-12. They are stateless firewalls that use a simple policy table lookup that filters traffic based on specific criteria.
Figure 39-12 Stateless Firewall OSI Layers
For example, SMTP servers listen to port 25 by default. An administrator can configure the packet filtering firewall to block port 25 from a specific workstation to prevent it from broadcasting an email virus.
Stateful Firewall
Stateful firewalls are the most versatile and the most common firewall technologies in use. Stateful firewalls provide stateful packet filtering by using connection information maintained in a state table. Stateful filtering is a firewall architecture that is classified at the network layer. It also analyzes traffic at OSI Layer 4 and Layer 5, as shown in Figure 39-13.
Figure 39-13 Stateful Firewall OSI Layers
Application Gateway Firewall
An application gateway firewall (proxy firewall), as shown in Figure 39-14, filters information at Layers 3, 4, 5, and 7 of the OSI reference model. Most of the firewall control and filtering is done in software. When a client needs to access a remote server, it connects to a proxy server. The proxy server connects to the remote server on behalf of the client. Therefore, the server only sees a connection from the proxy server.
Figure 39-14 Application Gateway Firewall OSI Layers
Next-Generation Firewall
Next-generation firewalls (NGFW) go beyond stateful firewalls by providing:
- Integrated intrusion prevention
- Application awareness and control to see and block risky apps
- Upgrade paths to include future information feeds
- Techniques to address evolving security threats
Figure 39-15 shows the Cisco ASA 5500-X series firewalls.
Figure 39-15 Cisco ASA 5500-X Series Firewalls
Other methods of implementing firewalls include:
- Host-based (server and personal) firewall—A PC or server with firewall software running on it.
- Transparent firewall—Filters IP traffic between a pair of bridged interfaces.
- Hybrid firewall—A combination of the various firewall types. For example, an application inspection firewall combines a stateful firewall with an application gateway firewall.
Check Your Understanding—Identify the Type of Firewall (39.5.3)
Refer to the online course to complete this activity.