Picking the best firewall software, hardware or application
A comprehensive collection of articles, videos and more, hand-picked by our editors
What is the difference between a proxy server firewall and a gateway server firewall? And when should each be...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
There are three basic categories of firewalls: packet filtering firewalls, stateful inspection firewalls and application proxy firewalls. Often, people refer to packet filtering firewalls and stateful inspection firewalls using the term gateway server firewall. Each of these three approaches builds upon the previous one(s), offering greater protection to an enterprise network. Here's how they work:
- Packet filtering firewalls are the most basic firewall technology available. Each network packet reaching the firewall is evaluated based upon its source, destination IP address and port to determine whether it is allowed to pass through the firewall. The firewall does not have any information about active connections, so it makes this decision each time it receives a packet. Packet filter firewalls are not common and users of this technology are typically writing rules that run on their routers.
- Stateful inspection firewalls are the most commonly deployed firewalls in enterprises today. They build upon packet filters by having the firewall maintain information about the state of each active connection. When a new packet arrives at the firewall, the filtering mechanism first checks to determine whether the packet is part of a currently active (and previously authorized) connection. Only if it doesn't appear on the list of active connections does the firewall evaluate the packet against its rulebase. There's a reason stateful inspection firewalls are so common: They're the most efficient and cost-effective firewalls, and are generally suitable for protecting most network borders.
- Application proxy firewalls go a step beyond stateful inspection firewalls in that they don't actually allow any packets to directly pass between protected systems. Instead, the firewall creates a proxy connection on the destination network and then passes traffic through that proxied connection. Proxy firewalls often contain advanced application inspection capabilities, allowing them to detect sophisticated application-layer attacks, such as buffer overflow attempts and SQL injection attacks. They're much more expensive than stateful inspection firewalls, however, and are normally only used to protect data centers and other networks containing publicly accessible, high-value servers.
The choice of an appropriate firewall mix for your organization will depend upon budget, the types of systems on the network and the enterprise's risk tolerance. For more on this topic, read my tip How to choose a firewall.
Related Q&A from Mike Chapple
Are nonprofit organizations, like higher education institutions, subject to FTC cybersecurity regulations and oversight? Expert Mike Chapple explains.continue reading
It's important for healthcare organizations to have a clear social media policy. Expert Mike Chapple explains what needs to be in the policy to stay ...continue reading
SOC 2 evaluations can be helpful tools for organizations assessing their HIPAA compliance, but companies should not solely rely on them. Compliance ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.