Firewalls

Illustration depicting a representation of firewall

A firewall is the first line of defense that monitors incoming and outgoing traffic and decides to allow or block specific traffic based on a defined set of security rules.

A primer on firewalls

A firewall is a network security device that separates a trusted internal network from an external network deemed untrustworthy, such as the internet. It regulates incoming and outgoing network traffic based on preset security rules. Firewalls are paramount in shielding networks from unauthorized access, harmful activities, and potential threats, and can exist as hardware, software, software-as-a-service (SaaS), or public or private (virtual) cloud.

Firewalls scrutinize network packets and implement security policies, effectively barring unauthorized users or potentially harmful data from infiltrating or exiting a network. Notably, firewalls serve as gatekeepers, scrutinizing each network packet and deciding whether to permit or block it based on pre-set rules. This helps to ensure that only traffic deemed safe and legitimate is allowed through the firewall.

In addition to these core functions, today's next-generation firewalls (NGFWs) have a range of features to bolster network security. These include deep packet inspection, application visibility and control, intrusion detection and prevention, malware defense, URL filtering, and more.

Cisco Secure Firewall: First line of defense

Watch now (02:27)

Types of firewalls

Packet filtering firewall

These firewalls scrutinize each packet of data that passes through them, and then filters them based on parameters like source and destination IP addresses, port numbers, and protocol types. While these firewalls are relatively simple and cost-effective, they are unable to examine the contents of packets, which makes them less effective against sophisticated attacks.

Proxy firewall

A proxy firewall is an early type of firewall device, serving as the gateway from one network to another for a specific application. Proxy servers can provide additional functionality, such as content caching and security, by preventing direct connections from outside the network. However, this also may impact throughput capabilities and the applications they can support.

Stateful inspection firewall

Now considered a traditional firewall, a stateful inspection firewall allows or blocks traffic based on state, port, and protocol. It monitors all activity from the opening of a connection until it is closed. Filtering decisions are made based on both administrator-defined rules as well as context, which refers to using information from previous connections and packets belonging to the same connection.

Web application firewall (WAF)

Web application firewalls act as intermediaries for internal and external networks, handling all communication requests on behalf of the internal network. They offer a high level of security, as they can inspect the content of packets and filter out malicious or unauthorized data. However, their reliance on proxy servers can introduce latency and impact network performance.

Unified threat management (UTM) firewall

A UTM device typically combines, in a loosely coupled way, the functions of a stateful inspection firewall with intrusion prevention and antivirus. It may also include additional services and often cloud management. UTMs focus on simplicity and ease of use.

Next-generation firewall (NGFW)

A next-generation firewall (NGFW) is a network security device that provides capabilities beyond a traditional, stateful firewall. While a traditional firewall typically provides stateful inspection of incoming and outgoing network traffic, a next-generation firewall includes additional features like application awareness and control, intrusion prevention system (IPS), URL filtering based on geolocation and reputation, and threat intelligence. An NGFW can ease administration and reduce complexity with unified policies that protect across the entire attack continuum.

AI-powered firewall

AI-powered firewalls use artificial intelligence (AI) and machine learning (ML) to enhance threat protection and network security. While traditional firewalls use predetermined rules to block and detect threats, AI-powered firewalls work in real time to analyze dynamic network traffic, identify patterns, and help organizations automate lifecycle management of their firewall policy.

Watch Cisco AI in Firewall video (01:29)

Virtual firewall

A virtual firewall is typically deployed as a virtual appliance. It can be hosted on-premises in a private cloud environment based on VMware ESXi, Microsoft Hyper-V, KVM, OpenStack, and Nutanix. A virtual firewall can also be deployed in a public cloud infrastructure, such as Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), Oracle Cloud Infrastructure (OCI). With a virtual firewall, you can secure your applications and data across the multicloud environments with unified policy controls, centralized management, and advanced threat defense.

Explore virtual firewalls for public cloud and private cloud

Cloud-native firewall

Cloud-native firewalls modernize the way to secure applications and workload infrastructure at scale. With automated scaling features, cloud-native firewalls enable networking operations and security operations teams to run at agile speeds. A cloud-native firewall supports agile and elastic security, multi-tenant capability, and smart load balancing.

Mechanics of firewalls

Understanding how firewalls function is critical for both businesses and individuals looking to strengthen their cybersecurity measures. Firewalls operate based on predefined rules. When data packets travel through a network, the firewall scrutinizes the packet headers and compares them against the established rules. If a packet matches a rule, it is either allowed or denied based on the policy in place.

Stateful inspection is an advanced firewall technology that monitors the state of network connections, allowing it to make more informed decisions about which packets to permit or block. By observing the entire communication session, stateful inspection firewalls can detect and prevent various types of attacks, such as IP spoofing and session hijacking.

Deep packet inspection elevates firewall security by analyzing the actual content of packets in addition to the header information. This capability allows firewalls to inspect the payload of packets, enabling them to identify and block specific types of traffic, such as malicious code or prohibited file types.

Firewall policies and configurations shape the behavior of a firewall and determine what traffic it permits or blocks. It is essential to regularly review and update these to align with your organization's security requirements.

Significance of firewalls

Implementing a firewall can significantly enhance the security of your network and sensitive data. Firewalls offer protection against common network threats and attacks, making them indispensable in the face of increasing sophistication of cyberthreats.

Beyond network security, firewalls also aid organizations in meeting compliance requirements and adhering to industry best practices. Many regulatory frameworks mandate the use of firewalls to protect sensitive customer information. By implementing a firewall, organizations can meet these compliance requirements and avoid potential penalties.

Selecting the right firewall requires careful consideration of such factors as the required level of security, network performance, scalability, and ease of management. It is vital to assess your organization's unique needs and consult with IT professionals to choose the firewall solution that is most suitable for your organization.

Best practices for firewalls

Implementing best practices for firewalls is key to securing your network. It is critical to appropriately configure and manage firewalls, implement regular updates and patches, and monitor and audit firewall activity.

Configuring and managing firewall rules

Proper configuration of firewall rules is essential for effective network security. Regularly review and update these rules to ensure they align with your organization's changing needs and evolving threat landscape.

Regular firewall updates and patches

Like any other software, firewalls require regular updates and patches to address vulnerabilities and safeguard optimal performance. Implement a consistent update and patch management process to minimize the risk of security breaches and potential exploits.

Monitoring and auditing firewall activity

Regularly reviewing firewall logs and alerts can help identify any suspicious or unauthorized activities. Additionally, consider implementing real-time monitoring solutions that can detect and respond to potential threats promptly. Auditing firewall configurations and policies can help identify misconfigurations or rule conflicts that may leave your network exposed.

Following these best practices can significantly enhance the security of your network and protect your valuable data.