What is the purpose and function of a firewall?
A firewall is a network security device (hardware or software) that monitors and filters incoming and outgoing network traffic based on predefined security rules.
Its purpose is to act as a barrier between a trusted internal network and an untrusted external network (like the Internet), blocking unauthorized access while permitting legitimate communication.
Name and explain the three types of firewall
The three main types of firewalls are Packet Filtering Firewall, Stateful Inspection Firewall, and Application-Level Gateway (Proxy Firewall).
A. Packet Filtering Firewall
- Also called a network-level firewall
- Operates at the Network Layer (Layer 3) and Transport Layer (Layer 4) of the OSI model
- Examines each individual packet and filters based on rules applied to:
- Source IP address
- Destination IP address
- Port numbers
- Protocol type (TCP/UDP)
- It does not examine the content (payload) of the packet
- Fast and efficient but offers limited security
- Example: A router configured with Access Control Lists (ACLs) that blocks traffic from a specific IP address
B. Stateful Inspection Firewall
- Also called a dynamic packet filtering firewall
- Operates at the Network and Transport Layers but also tracks the state of active connections
- Maintains a state table that records all ongoing sessions (connection tracking)
- Decisions are made based on the context of the traffic, not just individual packets
- It verifies that incoming packets belong to a valid, established session
- More secure than simple packet filtering because it understands whether a packet is part of a NEW, ESTABLISHED, or RELATED connection
- Example: If an internal user initiates a web request, the firewall allows the response back in because it recognizes the established session
C. Application-Level Gateway (Proxy Firewall)
- Also called a proxy firewall or application proxy
- Operates at the Application Layer (Layer 7) of the OSI model
- Acts as an intermediary (proxy) between the internal user and the external server
- The internal client never communicates directly with the outside server; all traffic passes through the proxy
- It can inspect the full content of packets (deep packet inspection), including URLs, commands, and data
- Can filter specific application-level attacks like SQL injection, malicious scripts, etc.
- Slower than other types due to deep inspection but provides the highest level of security
- Example: A web proxy that blocks users from accessing specific websites or scans HTTP traffic for malware
Comparison Summary
| Feature |
Packet Filtering |
Stateful Inspection |
Application-Level Gateway |
| OSI Layer |
Layer 3–4 |
Layer 3–4 (with state) |
Layer 7 |
| Speed |
Fastest |
Moderate |
Slowest |
| Security Level |
Basic |
Moderate |
Highest |
| Content Inspection |
No |
No |
Yes |
| Connection Awareness |
No |
Yes |
Yes |
Conclusion: Each firewall type offers a different trade-off between speed and security. Modern networks often use a combination of all three types (defense-in-depth approach) to achieve comprehensive protection.