Firewall basics: How to Plan for Firewall and Choose the Right Type

Firewalls are essential for network security, acting as a barrier between trusted and untrusted networks. Proper planning and selection of the right firewall can make all the difference in maintaining a secure and efficient network. This comprehensive guide will help you plan your firewall deployment, choose the best type for your needs, and ensure optimal security for your network.

What is a Firewall?​

A firewall is a security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. It acts as a barrier between a trusted internal network and untrusted external networks, such as the Internet, to protect systems from unauthorized access, cyber threats, and attacks.

How Does a Firewall Work?​

Packet Filtering
Packet filtering is the most fundamental function of a firewall. It examines the headers of data packets, which contain source and destination IP addresses, port numbers, and protocols. The firewall compares this information against a set of predefined rules and determines whether to allow or block the packet.
For example:

• Rule: Allow all HTTP traffic (port 80) and block all FTP traffic (port 21).
• Outcome: Packets matching port 80 are allowed; those on port 21 are blocked.

Packet filtering works at the network layer and is efficient for simple filtering tasks. However, it does not inspect the actual content of the data, which may limit its ability to detect sophisticated threats.

Stateful Inspection​

Stateful inspection, or dynamic packet filtering, goes a step further by monitoring the state of active connections. It keeps track of the characteristics of each session, such as source/destination IP, port numbers, and protocols, to determine whether an incoming packet is part of an established session.

• Example: If a user initiates a request to access a website, only the packets that correspond to that request are allowed back into the network. Unsolicited packets, even if they appear legitimate, are blocked.

This method provides better security by ensuring packets are part of valid, ongoing communications rather than arbitrary or malicious attempts.

Proxying​

In this method, the firewall acts as a middleman (proxy) between the client and the server. It intercepts all traffic, inspects it thoroughly, and decides whether to forward it to its intended destination.

• How it works: Instead of allowing direct communication between internal devices and external systems, the firewall completes the connection on behalf of the device.
• Benefits: This adds an extra layer of security by isolating the internal network from potentially harmful external entities.

Proxy firewalls operate at the application layer and can inspect high-level details like HTTP requests, email traffic, and file transfers.

Deep Packet Inspection (DPI)​

DPI is a sophisticated technique where the firewall examines the actual data payload of packets instead of just their headers. This involves:

• Scanning for specific keywords, patterns, or signatures that match known malicious content.
• Detecting and blocking attempts to exploit vulnerabilities in applications or protocols.

Example Use Case: DPI can identify and block malware embedded in seemingly legitimate traffic, such as an infected file sent via email or a harmful script in web traffic.
DPI is resource-intensive but highly effective for combating advanced threats, making it a core feature of Next-Generation Firewalls (NGFWs).

Policies Enforced by Firewalls​

Firewalls enforce security policies based on a set of rules that administrators configure. These policies can include:

1. Blocking Specific IP Addresses or Domains
   • Example: Preventing access to a known malicious IP or restricting access to specific websites.
2. Allowing Only Specific Types of Traffic
   • Example: Permitting only HTTPS (port 443) and SSH (port 22) while blocking other protocols.
3. Filtering by Port Numbers or Protocols
   • Example: Disabling unused ports to minimize potential attack vectors.
4. Detecting and Preventing Intrusions
   • Firewalls monitor traffic patterns to identify suspicious behavior, such as multiple failed login attempts or abnormal data volumes.

By implementing these policies, firewalls create a controlled environment that mitigates risks, ensuring only legitimate traffic flows in and out of the network.

Types of Firewalls​

Firewalls come in various types, each tailored to specific security needs and environments. Here's an in-depth look at the primary types of firewalls:

Packet-Filtering Firewall​

• Operation Layer: Network layer (OSI Layer 3).
• How It Works: This is the simplest type of firewall. It inspects the headers of data packets, including source/destination IP addresses, port numbers, and protocols. The firewall applies rules to determine whether to allow or block the packets.
• Advantages:
  • Lightweight and fast.
  • Effective for basic filtering tasks.
• Limitations:
  • Does not inspect the content of packets, making it less effective against advanced threats.
• Use Case: Suitable for small networks requiring simple access control.

Stateful Inspection Firewall​

• Operation Layer: Network and transport layers (OSI Layers 3 and 4).
• How It Works: It keeps track of active connections by maintaining a state table. Each packet is analyzed to ensure it matches a valid session initiated from within the network. Unsolicited or unexpected packets are blocked.
• Advantages:
  • More secure than packet filtering due to session awareness.
  • Can prevent spoofing attacks by validating traffic against active sessions.
• Limitations:
  • Higher resource consumption compared to packet-filtering firewalls.
• Use Case: Ideal for medium-sized networks needing enhanced traffic monitoring.

Proxy Firewall​

• Operation Layer: Application layer (OSI Layer 7).
• How It Works: This firewall acts as an intermediary between the user and the destination server. Instead of allowing direct communication, it analyzes requests and forwards them only if they meet security criteria. It can filter traffic based on application-level protocols such as HTTP, FTP, and SMTP.
• Advantages:
  • Provides detailed inspection and logging.
  • Shields internal networks from direct exposure to external traffic.
• Limitations:
  • Slower due to the additional processing of requests.
• Use Case: Suitable for high-security environments requiring deep inspection of application traffic.

Next-Generation Firewall (NGFW)​

• Operation Layers: Network, transport, and application layers (OSI Layers 3–7).
• How It Works: NGFWs combine traditional firewall features with advanced capabilities such as:
  • Deep Packet Inspection (DPI): Examines the full content of packets.
  • Intrusion Prevention System (IPS): Detects and blocks threats.
  • Malware and Antivirus Protection: Scans for known malicious signatures.
  • Application Awareness: Identifies and controls traffic based on specific applications.
• Advantages:
  • Comprehensive protection against sophisticated attacks.
  • Centralized management of multiple security features.
• Limitations:
  • Expensive and resource-intensive.
• Use Case: Best for large organizations requiring multilayered security.

Unified Threat Management (UTM) Firewall​

• Operation Layers: All OSI layers.
• How It Works: UTM firewalls integrate multiple security services into a single device, including:
  • Traditional firewall functions.
  • VPN (Virtual Private Network) support.
  • Antivirus and antimalware protection.
  • Web and content filtering.
  • Email spam filtering.
• Advantages:
  • Simplifies security management with an all-in-one solution.
  • Cost-effective for small and medium-sized businesses.
• Limitations:
  • May not handle high traffic volumes efficiently.
• Use Case: Ideal for SMBs needing a unified, easy-to-manage security solution.

Cloud-Based Firewall​

• Deployment: Hosted in the cloud rather than on physical hardware.
• How It Works: These firewalls are delivered as a service by cloud providers. They protect distributed and hybrid networks by routing traffic through the provider’s data centers for inspection.
• Advantages:
  • Scalability for growing businesses.
  • Centralized security for remote users and multiple locations.
  • Reduces the need for physical hardware.
• Limitations:
  • Dependent on internet connectivity.
  • May introduce latency in some cases.
• Use Case: Perfect for organizations with distributed networks, remote workforces, or cloud-based infrastructures.

Summary Table:​

Firewall Type	Key Features	Best For
Packet-Filtering	Basic rules for IPs, ports, and protocols.	Simple networks with low-security needs.
Stateful Inspection	Tracks sessions and validates traffic.	Medium networks require session awareness.
Proxy	Deep inspection of application-level traffic.	High-security environments.
Next-Generation (NGFW)	DPI, IPS, malware protection, and application awareness.	Large enterprises need multilayered security.
Unified Threat Management (UTM)	Combines multiple security services in one.	SMBs need an all-in-one solution.
Cloud-Based	Firewall as a service, scalable and flexible.	Distributed and hybrid cloud environments.

Each type of firewall addresses different levels of security complexity, from basic traffic filtering to comprehensive protection against advanced threats.

Hardware Firewall vs. Software Firewall​

Aspect	Hardware Firewall	Software Firewall
Deployment	Physical devices are placed between networks.	Installed on individual devices (e.g., PCs, servers).
Performance	Higher performance; handles large-scale traffic.	Relies on system resources; suitable for smaller setups.
Management	Centrally managed; protects entire networks.	Managed on each device individually.
Cost	Expensive; requires dedicated hardware.	More affordable; no additional hardware is needed.
Use Case	Best for businesses, data centers, and ISPs.	Ideal for personal computers or small networks.

​

How to Plan for Your Firewall and Choose the Right Type​

Step 1: Planning Your Firewall Deployment​

Before selecting a firewall, it’s critical to understand your network’s requirements. Effective planning involves several detailed steps:

1. Determine Functional Requirements​

Start by identifying the specific needs of your network:

• External Accessibility: Determine what internal resources (e.g., servers, client VPN connections, or a DMZ network) need to be accessible from the outside world.
• Traffic Control: Identify the types of traffic you want to allow, block, or prioritize. For example:
  • Blocking non-essential traffic.
  • Deprioritizing streaming and gaming traffic during work hours.
• Special Use Cases: Consider any unique requirements, such as support for VoIP systems, connecting remote locations via VPN, or enabling SD-WAN connections.

2. Plan for Growth​

Choose a firewall that can handle 20–30% more traffic than your current internet speed to accommodate future expansion. This ensures your network remains efficient as your organization grows.

3. Account for Redundancy​

Incorporate backup systems to ensure reliability during outages. This includes:

• Redundant firewalls.
• Backup switching equipment.
• Uninterrupted power supplies (UPS) for critical devices.

4. Prioritize Mission-Critical Needs​

Understand the importance of redundancy and uptime for your business operations. For example, some organizations cannot afford downtime during a power outage, requiring robust power management systems.

Step 2: Documenting Your Network​

Proper documentation is vital for maintaining, troubleshooting, and scaling your network. Follow these best practices:

• Take Detailed Notes: Record each step during the planning, setup, and maintenance processes.
• Organize and Share: Transfer your notes into a structured document that can be easily accessed and understood by team members.
• Update Regularly: Keep your documentation up-to-date as changes are made to your network.

Good documentation saves time and ensures smoother collaboration among IT staff and vendors.

Step 3: Budgeting and Vendor Research​

1. Set a Realistic Budget​

Your budget should align with your functional requirements. Avoid underfunding your plan, as this can lead to:

• Insufficient performance.
• Higher long-term costs due to frequent replacements or upgrades.

2. Research Vendors​

• Engage Multiple Vendors: Consult with several qualified vendors to compare solutions and gather insights.
• Leverage Expertise: Share your network plan with vendors to get their recommendations for optimized setups.
• Build Partnerships: Treat vendors as partners by purchasing equipment, extended warranties, and services from them.

Step 4: Choosing the Right Firewall​

The type of firewall you choose depends on your specific use case. Below are detailed recommendations for various scenarios:

Basic Firewall Requirements​

• Use a network firewall that offers more than simple NAT (Network Address Translation).
• Enable built-in firewalls on devices like Windows, macOS, or Linux systems for an additional layer of security.

Using Your ISP’s Firewall​

If budget and time are minimal, consider using your ISP’s provided firewall:

• Change default admin credentials to improve security.
• Enable the firewall feature and configure basic rules to deny unnecessary incoming traffic.
• Update the Wi-Fi SSID and password for better protection.

Home Security Appliances​

For families or small setups:

• Budget: Around $200.
• Features: Parental controls, real-time notifications, easy-to-read reporting, and screen time management.
• Requirements: Basic technical skills and a day for setup.

Professional-Grade Firewalls​

Ideal for businesses or advanced home setups:

• Suitable for high-speed internet and networks with many devices.
• Requires professional installation and management.
• Offers advanced features like SLA-backed support and enterprise-grade security.

Open-Source Firewalls​

For tech-savvy users who value flexibility and cost-effectiveness:

• Platforms like pfSense provide enterprise-level functionality at a lower cost.
• Requires patience and willingness to troubleshoot.
• Supported by active communities and extensive documentation.

Distributed Firewalls​

Best for large organizations:

• Ideal for zero-trust networking, assuming every network is vulnerable to compromise.
• Protects against both internal and external threats.
• Requires significant investment and expertise.

Step 5: Maintenance and Updates​

Maintaining your firewall is as important as its initial setup:

• Act Quickly: Don’t delay implementing a firewall, as staying exposed increases risk.
• Enable Automatic Updates: Configure your firewall to apply updates automatically, ensuring it stays protected with the latest security patches.
• Monitor Regularly: Periodically review logs and reports to identify potential security threats.

Conclusion​

Effective firewall planning and deployment are essential for safeguarding your network. By thoroughly understanding your needs, budgeting appropriately, and choosing the right firewall, you can build a secure, efficient network environment. Remember, consistent maintenance and updates are crucial to staying protected in an ever-evolving digital landscape. A well-planned and maintained firewall is your first line of defense against cyber threats.