Introduction
In today’s digital world, network security is indispensable—individuals, companies, and government organizations alike face various threats such as cyberattacks, data theft, and quiet sabotage. A firewall is one of the most important defenses against these dangers.
A firewall is a system or device (hardware and/or software) that monitors and filters incoming and outgoing network traffic according to predefined security rules. It acts like a guarded gate: it allows only traffic that is trusted or authorized, while traffic that is suspicious or potentially harmful is blocked or denied.
This article aims to provide a comprehensive understanding of firewalls: what they are, their types and how to choose between them, how security policies are set up, protective mechanisms, and how to configure them effectively. The goal is that readers will gain a clear view of how firewalls are used, why they are essential, and how to design strong security policies to protect modern networks.
What is Firewall?
Firewall is a network security system that monitors and
controls incoming and outgoing network traffic based on predetermined security
rules.
A firewall typically establishes a barrier between a trusted network and an untrusted network, such as the internet.
Firewall Technology / Firewall Versions
1. Stateless firewall device
2. Stateful firewall device
3. Application firewall device
Stateless Firewall vs Stateful Firewall
What Does It Do
1. Prevents the transmission of unwanted information.
2. Unauthorized remote access is prevented.
3. Based on protocol and IP address, it ensures security.
4. Ensures that business operations run smoothly.
5. Conversations and coordination contents are protected.
Types of Firewalls
1. Packet-filtering firewalls: It functions as a management
tool that monitors network traffic and filters incoming packets according to
security rules that have been specified.
2. Circuit-level Gateways: Circuit-level gateways are
another sort of simplified firewall that can be designed to allow or block
traffic without spending a lot of CPU power.
3. Application-Level Gateways (Proxy Firewall): A proxy
firewall is an early type of firewall device that acts as a gateway from one
network to another for a specific application.
4. Stateful Multi-layer Inspection (SMLI) Firewalls: A
stateful inspection firewall, sometimes known as a “conventional” firewall, allows
or blocks traffic based on state, port, and protocol.
5. Next-Generation Firewalls (NGFW): To combat modern threats such as complex
malware and application-layer attacks, most businesses are implementing
next-generation firewalls.
6. Threat-Focused NGFW: Threat-Focused NGFW employ intelligent
security automation to set security rules and policies, enhancing the overall
defensive system’s security.
7. Network Address Translation (NAT) Firewalls: NAT firewalls, also known as network address translation firewalls,
are generally used to access internet traffic while blocking any undesired
connections.
8. Cloud Firewall: A cloud
firewall, also known as FaaS, is a firewall that is built utilizing a cloud solution
(firewall-as-service).
9. Unified Threat Management (UTM) Firewalls: A UTM device often integrates the capabilities of a stateful inspection firewall, intrusion prevention, and antivirus in a loosely connected manner.
Why Is It Needed
A well-managed firewall will greatly lower your system’s risk. Your organization/system could easily fall victim to a cyber-attack if you don’t have a firewall in place, resulting in the loss of all of your vital data.
Firewall Features
1. Logical
area filter
2. Hiding the
Internet structure
3. Security
assurance
4. Proactive defense against attacks
Firewall Classification
Firewalls are
classified into the following types according to access control modes:
1. Packet
filtering firewalls
2. Proxy
firewalls
3. Stateful inspection firewalls
Firewall Security Policies
Definition: Security polices
control traffic forwarding according to specified rules and apply integrated
content security detection to traffic.
Rules: Focus on
packet filtering.
Major Application
1. Security policies
control network communication through the firewall.
2. Security policies control access to the firewall.
Firewall Security Policy Mechanism
Step One: The
incoming data flow passes through the firewall.
Step Two: The firewall
searches for a matching security policy. The firewall determines whether to
allow the next operation.
Step Three: The firewall processes the data packets according to the rules defined in the security policy.
Function of Firewall Security Policies
1. Filter the traffic passing through the firewall according to defined rules, and determine the next operation according to keyword.
Stateful Inspection Mechanism
1. When the
stateful inspection mechanism is enabled, a session can be created only when
the first packet passes the inspection performed by the firewall. Subsequent
packets are forwarded based on the session.
2. When the stateful inspection mechanism I disabled, even if the first packet does not pass through the firewall, subsequent packets can trigger the generation of a session as long as they pass through the firewall.
Configuring a Security Policy on the Web UI
A security
policy includes:
1. Matching conditions: Source security zone, destination
security zone, source address, destination address, user, service, application,
and schedule.
2. Action: Permit or
deny.
3. Content security profile (optional): Antivirus, intrusion prevention, URL filtering, file blocking, data filtering, application behavior control, mail filtering, and APT defense.
Configuring Address and Address Groups on the Web UI
- An address object is a set of IPv4/IPv6 addresses or MAC addresses. An address group is a set of address objects.
An address object contains one or more IPv4/IPv6 addresses or MAC addresses. It is like a basic component and can be referenced by different policies (such as security policies and NAT policies).
Configuring Regions and Region Groups on the Web UI
- A region group contains multiple regions or region groups, region groups can be configured and referenced by policies.
Configuring Services and Service Groups
- A service is a type of application protocol determined by a protocol type and a port number. A service group is a collection of service and service groups.
- Predefined service: A service that has been preset in the system by default and can be selected directly.
- User-defined service: A service defined by specifying certain information including the application protocol type (such as TCP, UDP, or ICMP) and port number.
Multi-channel Protocol Technology
1. Single-Channel Protocol: Uses only one port during communication. For example, WWW uses only port
80.
2. Multi-Channel Protocol: Uses two or more ports for communication. Fr example, FTP passive mode uses port 21 and a random port.
Conclusion:
Firewalls remain a critical component of modern network defense, protecting against increasing internet threats such as cyberattacks, data theft, and unauthorized access. Their various type stateless, stateful, proxy, and NGFW offer essential features, making it crucial to understand how each operates and where it is most suitable.
Well-defined security policies and mechanisms like stateful inspection and multi-channel protocol technology enhance firewall effectiveness. Additionally, configuring addresses, address groups, services, and service groups ensures comprehensive management of access and data flow, helping to reduce security errors and identify vulnerabilities.
Ultimately,
investing time and resources in optimizing firewalls and security policies
provides safety, confidence, and data protection, which are vital for the
continuity and reputation of any organization relying on a healthy network.
0 Comments