What Is a Firewall?

A firewall is a network security solution that protects your network from unwanted traffic. Firewalls block incoming malware based on a set of pre-programmed rules. These rules can also prevent users within the network from accessing certain sites and programs.

Firewalls are based on the simple idea that network traffic from less secure environments should be authenticated and inspected before moving to a more secure environment. This prevents unauthorized users, devices, and applications from entering a protected network environment or segment.  Without firewalls, computers and devices in your network are susceptible to h ackers and make you an easy target for attacks.

While an advanced firewall can no longer single-handedly defend a network against today’s complex cyber threat landscape, these devices are still considered to be the foundational building block for creating a proper cybersecurity system. As part of the first line of defense against cyberattacks, firewalls offer essential monitoring and filtering of all traffic, including outgoing traffic, application-layer traffic, online transactions, communications and connectivity— such as IPSec or SSL VPN— and dynamic workflows. Proper firewall configuration is also essential, as default features may not provide maximum protection against cyberattacks.

As the digital landscape grows more complex due to more devices, users, and applications crossing through the network perimeters – especially due to the growing volume of IoT and end user devices – and less overall centralized control from IT and security teams, companies are becoming much more vulnerable to cyberattacks. Therefore, it is essential to understand how firewalls work, what different types are available, and which are the best for securing which areas of your network. 

Firewall security has been around since the 1980s. Originally, it only consisted of packet filters and existed within networks designed to examine the packets of data sent and received between computers. Since then, firewalls have evolved in response to the growing variety of threats:

1. Generation 1 firewalls—antivirus protection: These consisted of antivirus protections designed to stem the proliferation of viruses invading PCs in the 1980s.
2. Generation 2 firewalls—network protection: In the mid-1990s, physical firewalls had to be created to protect networks.
3. Generation 3 firewalls—applications: In the early 2000s, firewalls were developed to address vulnerabilities in applications.
4. Generation 4 firewalls—payload: These firewalls, developed around 2010, were designed to address evasive and polymorphic attacks.
5. Generation 5 firewalls—large-scale protection: Around 2017, large-scale attacks using new and more complex methods necessitated advanced threat detection and prevention solutions.

How does a firewall work? Firewalls work by inspecting packets of data and checking them for threats to enhance network security. They can check the contents of the data, the ports it uses to travel, and its origin to see if it poses a danger. Further, next-generation firewalls (NGFWs) use machine learning to detect patterns of data behavior that may signify anomalous—and dangerous—activity. These capabilities can prevent several kinds of attacks.

Backdoors are a form of malware that allow hackers to access an application or system remotely. Firewalls can detect and stop data that contains backdoors.

Denial-of-service (DoS) attacks overwhelm a system with fake requests. You can use a network firewall with an access control list (ACL) to control which kinds of traffic are allowed to reach your applications. You can also use a web application firewall (WAF) to detect DoS-style traffic and stop it from impacting your web app.

Macros can be used by hackers to destroy data on your computer. A firewall can detect files with malicious macros and stop them from entering your system.

Firewalls can prevent people from remotely logging in to your computer, which can be used to control it or steal sensitive information.

Spam, which involves unwanted emails being sent without the consent of the recipient, can also be stopped by firewalls. An email firewall can inspect incoming messages and detect spam using a predesigned assortment of rules.

Viruses copy themselves and spread to adjacent computers on a network. Firewalls can detect data packets containing viruses and prevent them from entering or exiting the network.

Here are some of the different firewall types and their functions:

1. Packet layer: A packet layer analyzes traffic in the transport protocol layer. At the transport protocol layer, applications can communicate with each other using specific protocols: Transmission Control Protocol (TCP) and User Datagram Protocol (UDP). The firewall examines the data packets at this layer, looking for malicious code that can infect your network or device. If a data packet is identified as a potential threat, the firewall gets rid of it.
2. Circuit level: A firewall at the circuit level is positioned as a layer between the transport layer and the application layer of the TCP/Internet Protocol (TCP/IP) stack. Thus, they work at the session layer of the Open Systems Interconnection (OSI) model. In the TCP model, before information can be passed from one cyber entity to another, there needs to be a handshake. A circuit level firewall examines the data that passes during this handshake. The information in the data packets can alert a firewall to potentially harmful data, and the firewall can then discard it before it infects another computer or system.
3. Application layer: An application layer firewall makes sure that only valid data exists at the application level before allowing it to pass through. This is accomplished through a set of application-specific policies that allow or block communications being sent to the application or those the application sends out.
4. Proxy server: A proxy server captures and examines all information going into or coming out of a network. A proxy server acts like a separate computer between your device and the internet. It has its own IP address that your computer connects to. As information comes in or goes out of the proxy server, it is filtered, and harmful data is caught and discarded.
5. Software firewalls: The most common kind of software firewall can be found on most personal computers. It works by inspecting data packets that flow to and from your device. The information in the data packets is compared against a list of threat signatures. If a data packet matches the profile of a known threat, it is discarded.

The Fortinet line of FortiGate next-generation firewalls (NGFWs) combine the functionality of traditional firewalls with deep packet inspection (DPI) and machine learning to bring enhanced protection to your network. In this way, FortiGate can identify malware, attacks by hackers, and many other threats and block them. 

FortiGate also provides secure sockets layer (SSL) inspection, so even encrypted traffic is examined and filtered. FortiGate has paths allowing for future updates that incorporate the latest information from the threat landscape.

Download the 2022 Gartner Magic Quadrant for Network Firewalls where Fortinet was recognized for the 12th time in the Magic Quadrant.  

A firewall is a network security solution that protects your network from unwanted traffic. Firewalls block incoming malware based on a set of pre-programmed rules.

Firewalls are based on the simple idea that network traffic from less secure environments should be authenticated and inspected before moving to a more secure environment. This prevents unauthorized users, devices, and applications from entering a protected network environment or segment

Different firewall types include; Packet layer, Circuit level, Application layer, Proxy server, and Software firewalls.