Firewall

A firewall acts as a security barrier between a trusted internal network and untrusted external networks (like the internet). It monitors all network traffic and permits or blocks data based on a defined set of security rules.

Types of firewalls:

• Packet filtering: Examines individual packets based on source, destination, and protocol
• Stateful inspection: Tracks active connections and makes decisions based on context
• Application layer (proxy): Inspects the actual content of network traffic
• Next-generation firewall (NGFW): Combines traditional firewall with intrusion prevention, application awareness, and deep packet inspection
• Web Application Firewall (WAF): Protects web applications from HTTP-based attacks

Firewall deployment models:

• Network firewall: Hardware or virtual appliance protecting the network perimeter
• Host-based firewall: Software running on individual devices (Windows Firewall, iptables)
• Cloud firewall: Cloud-native security groups and network ACLs
• WAF: Cloud-based or on-premises web application protection

Popular firewall solutions:

• Fortinet FortiGate: Leading NGFW for mid-market
• Palo Alto Networks: Advanced threat prevention
• Cisco Firepower: Enterprise-grade NGFW
• Sophos XG: Mid-market NGFW with strong management
• Cloudflare WAF: Cloud-based web application firewall
• AWS Security Groups/NACLs: Cloud-native network controls

Firewall best practices:

• Default deny: Block all traffic except explicitly allowed
• Regularly review and update rules
• Log all traffic for analysis and forensics
• Segment networks to limit lateral movement
• Keep firmware and software updated
• Implement outbound filtering (not just inbound)
• Use a WAF for web applications
• Monitor firewall health and performance