What Is a Firewall? Types, Functions, and How It Secures Networks

1. What Is a Firewall?

Firewall originally referred to a fire‑proof wall that prevents fire from spreading, and the term was later adopted in networking to describe a strategy that blocks unauthorized inbound and outbound traffic.

Modern firewalls protect against external attacks such as DoS or illegal access, as well as internal threats like data leakage or using the internal network as a launchpad.

2. Types of Firewalls

Firewalls are divided into software firewalls and hardware firewalls . Software firewalls include personal firewalls (e.g., Windows Firewall) and gateway firewalls . Hardware firewalls implement the CIA triad (Confidentiality, Integrity, Availability) and are typically deployed at the LAN‑Internet edge.

Personal Firewall

Runs on a PC to monitor traffic between the PC and the Internet; often bundled with security suites.

Gateway Firewall

Operates on a network gateway to control traffic for all endpoints; can be software‑based or hardware‑based.

Hardware Firewall

Looks like a router with gigabit or 10‑gigabit ports; provides high‑performance filtering.

3. Technical Types of Firewalls

Includes packet‑filtering firewalls, stateful inspection firewalls, application‑gateway firewalls, and next‑generation firewalls with deep packet inspection.

4. What Is a Proxy Server?

A proxy server acts as an application‑gateway firewall, forwarding client requests to the target server and returning responses, effectively creating two separate sessions.

It inspects request and response packets at the application layer.

It hides the client’s IP address from the server.

5. Firewall Interface Modes

Four interface modes: L3 , L2 , L1 , and TAP . L1‑L3 are inline modes; TAP is a passive (span) mode.

6. Threats Firewalls Can Mitigate

Eavesdropping : Intercepting network data to steal credentials.

Tampering : Maliciously modifying web pages or emails.

Destruction : Using viruses or DoS attacks to disrupt services.

Impersonation : Phishing or spoofing attacks.

Information Leakage : Exposing sensitive files.

Attack Jump‑Points : Using compromised hosts as launchpads.

Spam : Mass‑mailing for profit.

7. Session Management Defense

Firewalls limit the number of concurrent sessions to prevent DoS attacks and control load.

8. Preventing Illegal Packets

Firewalls parse IP, TCP, and UDP headers to drop malformed or malicious packets.

IP Header Parsing

Checks Ethernet type, IP version, total length, TTL, source/destination addresses, flags, fragmentation, and options.

TCP Header Parsing

Validates header length, checksum, ports, and control flags (SYN, ACK, etc.).

UDP Header Parsing

Ensures completeness and correct checksum.

9. Security Zones

Firewalls define zones such as Trust (internal) , Untrust (external) , DMZ , and custom zones (e.g., Sales Zone) to segment traffic.

10. Security Policies

Policies (access‑control lists) specify source, destination, service, and action (allow/deny). They are evaluated top‑down; unmatched traffic is implicitly denied.

11. NAT (Network Address Translation)

Translates private IPs to public IPs. Types include Static NAT (one‑to‑one), Dynamic NAT (pool‑based), Source NAT (outbound translation), Destination NAT (inbound translation), and NAPT (port‑level translation).

12. VPN (Virtual Private Network)

Creates encrypted tunnels over public networks. Topologies: Site‑to‑Site , Hub‑and‑Spoke , and Remote‑Access . Protocols include IPsec (with SA, ESP, AH, IKE, etc.) and SSL‑VPN (HTTPS‑based).

13. DoS Attacks and Mitigation

Common DoS types: SYN Flood, ICMP Flood, UDP Flood, IP Flood, LAND, Tear‑Drop, Ping of Death, Smurf, Fraggle, Connection Flood, Reload. Firewalls limit traffic rates, use SYN cookies, and drop malformed packets.

14. Port Scanning

Attackers probe services using various scan techniques (TCP SYN, ACK, NULL, FIN, Xmas, UDP, Host Sweep). Firewalls can detect and block scanning behavior.

15. IDS/IPS and Deep Inspection

IDS detects intrusions; IPS blocks them. Deep Inspection reassembles application data streams to detect malicious payloads such as malware, SQL injection, XSS, buffer overflows, and exploits.

16. CVE (Common Vulnerabilities and Exposures)

CVE IDs uniquely identify known security flaws.

17. Anti‑Virus and Anti‑Spam

Host‑based AV protects endpoints; gateway AV scans traffic. Anti‑spam filters unwanted bulk email.

18. DLP (Data Loss Prevention)

Monitors and blocks sensitive data leaving the network via file and content filtering.

19. URL Filtering

Inspects HTTP URLs to block access to malicious or inappropriate sites.

20. Monitoring, Alerts, Logging, and Reporting

Firewalls provide real‑time monitoring, alerting via SNMP/email, log collection, and graphical reports.

21. Packet Capture

Allows administrators to capture traffic for analysis with tools like Wireshark.

22. Performance Metrics

Concurrent sessions

NAT table size

New sessions per second

Throughput (bps) and packets per second (pps)