Networking - Firewall

Firewall 

1. Definition

A firewall is a network security device or software that monitors, filters, and controls incoming and outgoing network traffic based on predefined security rules.

  • It acts as a barrier between a trusted internal network (e.g., your private network) and an untrusted external network (e.g., the internet).

  • Its main purpose is to prevent unauthorized access and protect sensitive data.

Example:
When you browse the internet, your firewall checks every data packet and decides whether to allow or block it based on security policies.

2. Purpose of a Firewall

  • Protects against unauthorized access.

  • Blocks malicious traffic.

  • Monitors and logs network activities.

  • Prevents data breaches.

  • Allows only legitimate communication.

3. How Firewall Works

Firewalls work by inspecting network traffic based on rules defined by administrators.
The traffic is divided into data packets, and the firewall decides:

  • ALLOW → If the packet matches security rules.

  • BLOCK → If the packet is suspicious or unauthorized.

Firewall Decision Process

  1. Packet Enters Firewall

  2. Packet Header & Content Checked

  3. Firewall Rules Applied

  4. Decision Made → Allow, Block, or Monitor

4. Types of Firewalls

Firewalls are classified into five major types based on deployment and functionality.

A. Based on Deployment

1. Hardware Firewall

  • A physical device placed between the internal network and the internet.

  • Offers high-speed filtering and protects the entire network.

Example:

  • Cisco ASA Firewall

  • Fortinet FortiGate

  • Palo Alto Firewall

Use Case:
Used by organizations and data centers for enterprise-level protection.

2. Software Firewall

  • Installed on individual devices (PCs, laptops, servers).

  • Protects only the device where it’s installed.

Example:

  • Windows Defender Firewall

  • ZoneAlarm

  • Comodo Firewall

Use Case:
Used by home users and small businesses.

3. Cloud Firewall (Firewall-as-a-Service – FWaaS)

  • A cloud-based firewall hosted on remote servers.

  • Protects cloud infrastructure and SaaS platforms.

Example:

  • Cloudflare Firewall

  • AWS Firewall Manager

  • Azure Firewall

Use Case:
Used by companies running web apps and cloud-based services.

B. Based on Functionality

4. Packet-Filtering Firewall

  • Examines individual data packets.

  • Allows or blocks packets based on:

    • IP addresses

    • Port numbers

    • Protocols

  • Fast but less secure.

Example:

  • Cisco Packet-Filtering Firewall.

5. Stateful Inspection Firewall

  • Tracks the state of active connections.

  • Monitors entire sessions instead of just individual packets.

  • More secure than packet filtering.

Example:

  • Check Point Stateful Firewall.

6. Proxy Firewall (Application-Level Gateway)

  • Acts as an intermediary between the user and the internet.

  • Hides the user’s IP address and inspects requests at the application layer.

Example:

  • Blue Coat ProxySG

  • Squid Proxy Firewall

7. Next-Generation Firewall (NGFW)

  • The most advanced firewall.

  • Combines:

    • Deep packet inspection

    • Intrusion prevention systems (IPS)

    • Malware detection

    • Application-layer security

Example:

  • Palo Alto NGFW

  • Fortinet NGFW

  • Sophos XG Firewall

8. Web Application Firewall (WAF)

  • Specifically designed to protect web applications.

  • Blocks attacks like:

    • SQL Injection

    • Cross-Site Scripting (XSS)

    • DDoS attacks

Example:

  • AWS WAF

  • Cloudflare WAF

  • Imperva WAF

5. Firewall Modes

Firewalls operate in different modes depending on the network architecture:

  • Network-based Mode → Monitors all traffic entering or leaving the network.

  • Host-based Mode → Installed on individual devices.

  • Hybrid Mode → Combines network and host-based firewalls.

6. Firewall Examples in Real Life

Example 1 – Home Network

  • You install Windows Defender Firewall.

  • It blocks unauthorized apps from accessing your internet.

Example 2 – Company Network

  • A bank uses Palo Alto NGFW.

  • It filters traffic, prevents phishing attacks, and monitors employee activity.

Example 3 – E-commerce Website

  • Amazon uses AWS WAF.

  • It protects against DDoS attacks and ensures customer data security.

7. Advantages of Firewalls

  • Protection → Prevents unauthorized access.

  • Traffic Monitoring → Tracks incoming & outgoing data.

  • Prevents Malware → Blocks malicious connections.

  • Supports VPNs → Enables secure remote access.

  • Policy Enforcement → Ensures compliance with company rules.

8. Disadvantages of Firewalls

  • Costly → Hardware firewalls can be expensive.

  • Configuration Complexity → Requires skilled professionals.

  • Performance Impact → May slow down network speed.

  • Not Foolproof → Cannot detect insider threats.

  • Bypass Risks → Advanced hackers can exploit firewall gaps.

9. Use Cases of Firewalls

  • Home Users → Protect personal devices.

  • Companies → Secure internal networks and customer data.

  • E-commerce → Prevent fraud and hacking.

  • Cloud Security → Protect cloud-based apps and services.

  • Banks & Healthcare → Comply with strict data protection laws.

10. Firewall Workflow Diagram

[Internet]
     ↓
[Firewall]
  ┌─────────────┬─────────────┐
  │ Allow Traffic │ Block Traffic │
  └─────────────┴─────────────┘
     ↓
[Internal Network]

11. Summary Table

Aspect Details Examples
Definition Filters and monitors network traffic Cisco, Palo Alto
Types Hardware, Software, Cloud, NGFW, WAF Fortinet, Cloudflare
Layers Network, Transport, Application NGFW covers all
Features Packet filtering, DPI, malware detection AWS Firewall
Use Cases Home, Business, Cloud, E-commerce Amazon, Netflix

12. Conclusion

A firewall is a first line of defense in cybersecurity.
It:

  • Monitors traffic

  • Blocks unauthorized access

  • Protects against malware

  • Ensures network security

For home users, a software firewall is enough.
For businesses, hardware firewalls or next-generation firewalls (NGFW) are essential.