Firewall Overview and Types

Jul 24, 2025

Overview

This lecture explains the role of firewalls in network security, including types, key features, and specific uses such as content filtering and application-level controls.

Introduction to Firewalls

  • Firewalls manage and control network traffic between two points, such as your home or office and the internet.
  • Firewalls help secure environments with many users by controlling incoming and outgoing data flows.
  • They can restrict website and content access as parental or corporate controls.
  • Firewalls are often a platform for extra security functions like antivirus and antimalware.

Types of Firewalls

  • Network-based firewalls use specialized hardware to filter traffic, typically by OSI layer 4 port numbers (TCP/UDP).
  • Next Generation Firewalls (NGFWs) operate at OSI layer 7, filtering traffic by application type, not just port numbers.
  • Firewalls can also provide VPN services, routing, network address translation, and other network functions.

Unified Threat Management (UTM)

  • UTM devices are all-in-one security appliances combining firewall, content filtering, malware blocking, spam filtering, and sometimes routing.
  • These are also called web security gateways.
  • UTMs may offer basic intrusion detection/prevention (IDS/IPS) and bandwidth management.
  • Many UTM devices only inspect layer 4 traffic, which can limit effectiveness and slow performance if too many features are enabled.

Next Generation Firewalls (NGFW)

  • NGFWs inspect application layer traffic, allowing control over specific applications regardless of port usage.
  • Rules can block or allow specific app actions, such as posting to social media, not just visiting.
  • NGFWs often include URL categorization and can block traffic to specific sites or categories.
  • NGFWs may incorporate up-to-date vulnerability lists and act as intrusion prevention systems (IPS).

Web Application Firewall (WAF)

  • WAFs filter input and requests to web applications, focusing on threats like SQL injection and cross-site scripting.
  • Commonly used alongside NGFWs but target different kinds of threats.
  • Often required by regulations for web-based financial applications (e.g., PCI DSS compliance).
  • WAFs log attacks and block malicious web traffic based on defined security policies.

Key Terms & Definitions

  • Firewall — A system that controls network traffic flow based on predetermined security rules.
  • Network-based Firewall — Hardware device that filters traffic using port/protocol rules (layer 4).
  • Next Generation Firewall (NGFW) — Firewall that filters traffic by application (layer 7) and can integrate IDS/IPS.
  • Unified Threat Management (UTM) — All-in-one device providing multiple security functions, including firewall, filtering, and IDS/IPS.
  • Web Application Firewall (WAF) — Filters web application traffic, blocking attacks such as SQL injection and cross-site scripting.

Action Items / Next Steps

  • Review firewall types and their functions for your next assignment.
  • Read textbook section on NGFW versus UTM devices.
  • Complete exercises on configuring firewall rules and policies.

Full transcript