What is a firewall? Firewall types and functions. UTM and NGFW.

5/5 (6)

A firewall, also known as a “firewall”, is a system that acts as a border between several sites and serves to add some kind of security or inspection between them.

What is a corporate network firewall?

If we look at its meaning from the point of view of computer networks, a firewall is a security equipment that separates the private network of a company from the public network (Internet).
Nowadays, firewalls are very important equipment due to the large number of attacks that all companies receive.

What types of firewalls exist?

Firewalls can be differentiated according to various criteria. Here’s how we can separate or differentiate network firewalls:

  • Physical or virtual firewall
  • Firewall network level: Layer 3, Layer 7.
  • Firewalls by functionality: UTM, NGFW
  • Others: Firewall Application, Web, PC, Windows….

Physical vs. virtual firewall?

If our firewall is physical, we will have a computer or hardware dedicated to this function. On the other hand, if our firewall is virtual, we will have it integrated into our virtual infrastructure.

Depending on the function we want and the characteristics or infrastructure of our network, we will be interested in using a physical or virtual firewall.

What is a physical firewall?

A physical firewall consists of a computer dedicated exclusively to firewall functions. It’s just another hardware in our network infrastructure.

They are typically used for network firewalls that separate the private network from the Internet.

Physical firewalls can be as small as a router, for small and medium businesses.

Operators or large enterprises have very large firewalls and can be partitioned for different areas or services.

What is a virtual firewall?

A virtual firewall is a virtual machine that performs firewall functions through specific software. Many manufacturers have developed virtual machines or software to integrate the firewall function into our virtual environment. Leverage their existing network, processing and storage infrastructure to add additional functionality.

They are becoming more and more popular and major manufacturers such as Cisco, Fortinet, Palo Alto or Watchguard have licenses to integrate a virtual firewall.

What is the difference between Layer 3-4 and Layer 7 firewalls?

If you look at firewalls at the network level, you can usually differentiate between two types: Layer 3-4 Firewall and Layer 7 Firewall.

Firewall Layer 3 or 4

A layer 3 or 4 firewall is one that only performs functions of layer 3 or 4 of the OSI model separation.

The main functions of a Layer 3 firewall are basically at the Routing, ACL or IP level. That is, you can only make decisions based on the information you get from layer 3.

Here are some of the features:

  • Packet filtering depending on:
    • Origin
    • Destination
    • Protocol
  • Discard malformed packages

If the firewall performs layer 4 functions, it will be a Stateful Inspection firewall. This means that you can control or filter depending on the state of the connections. For example, you could discard all SYN, REPLY connections or any status information that contains the headers of an IP packet.

Layer 7 Firewall

Layer 7 firewalls perform application-level functions. This means that they will be able to perform functions in the network protocols above the OSI model.

So with a layer 7 or application firewall, we could inspect the HTTP, HTTPS and other protocols.

Currently these firewalls are the most used. They allow us to monitor traffic very well and make rules to allow or deny traffic depending on many factors.

In addition to the functions of a layer 3 and 4 firewall, the main functions of a layer 7 firewall are:

  • Application-level filtering
  • Filter by URL.
  • Application control: WEB, FTP, P2P,….
  • Protect against denial of service attacks.
  • Protect against code injection attacks.
  • SandBox
  • SSL traffic inspection.
  • Filtering by user.

These types of firewalls are also called application firewalls.

What are UTM firewalls (Unified Threat Managment) or NGFW firewalls (Next Generation Firewall)?

UTM or NGFW firewalls are those that develop inspection, packet control and application functions at layer 7 level. They also include other functions that are not specific to a firewall or can be performed by other, more specific equipment. Below we show you 2 of the most used equipment such as UTM or NGFW firewalls.

Fortigate Firewall UTM

¿Que és un equip UTM (Unified Threat Managment?

A UTM or unified threat management team was born around 2004, as teams for the unified management of the company’s IT security.

In addition to the traditional firewall features, they added features such as VPN, IPS (Intrusion Protection System), Web Filtering, Application Control, Antivirus…

So UTM firewalls are actually management systems that control everything that has to do with network security.

This centralizes protection functions on a computer, whereas before you had to have software or hardware for each of these functions.

The firewalls currently available on the market are almost all UTM or NGFW.

What is the difference between a NGFW (Next Generation Firewall) and UTM?

We really believe that there is no difference, it is just a marketing term, because after comparing a UTM with an NGFW no difference is distinguished.

If we look at the leading manufacturers of unified security equipment, each one chooses and presents its solutions, with the terms of UTM or NGFW. At the level of functionalities we see that they are the same.

Other types of firewalls: Windows Firewall and Web Firewall.

The term firewall can also be applied to the different services or computers involved in a computer network. So there are other types of firewalls that are not network firewalls.

Windows Firewall

The Windows firewall is a part of the Windows operating system that controls the incoming and outgoing connections of your computer. We can configure several options and we can even disable the Windows 10 firewall easily.

Firewall Web

A web firewall is usually installed or running within our web server or web application. The main function of a web firewall is to control incoming connections before consuming web resources. With this we can avoid denial of service attacks, for attacks coming from an IP or from IPs of a country among other functions.

With these last examples of firewalls we finish this article dedicated to describe the types of firewalls that exist and the ways to classify them, according to their characteristics, functions…

I hope you liked it and if you have any questions, don’t hesitate to contact me or leave your comments.

Remember…see you in the nets!

2018-06-20T11:00:11+00:00 20 de June de 2018|Categories: Networking|

Leave A Comment