Types of firewalls: different options and how to use them
Firewalls are crucial components of a robust cybersecurity strategy, but not all firewalls are created equal. When evaluating types of firewalls for your clients, there are several different types available—from an application-level gateway firewall to a packet filtering firewall. Familiarizing yourself with the details on the most common types of firewalls will help you assess your clients’ needs and evaluate the best fit solution.
The role of firewalls in cybersecurity
Firewalls provide a crucial layer of defense against potential cybersecurity threats and unauthorized access to your clients’ networks. Firewalls also can alert and inform you of any potential threats, attempting to access your clients’ infrastructure.
Generally, firewalls are used to keep networks safe from the outside world by building “walls” around internal subnetworks and setting up traffic scanning on a single device. However, the scope of a firewall’s capabilities and protection varies between usage—therefore, each client may have a different firewall plan.
Although firewalls are the basis of network security in the client-server model, they can still be vulnerable to social insider threats, human error, and social engineering attacks. A firewall misconfiguration can lead to stolen data and IP, breaches, and lost revenue due to downtime.
Because of this, it is vital that your firewall strategy is robust and leverages the following:
- Share policies and settings between firewalls
- Facilitate simple patch management
- Zero-touch deployment services
- Ability to propagate firewall alerts to handle security-related events that may occur on firewalls
- Provide your clients with a dashboard view of their managed firewalls
You may be wondering if antivirus is a substitute or complement for firewalls. Generally, these two need to work together, along with other cybersecurity solutions, to protect your clients. Firewalls only focus on external traffic and filter what enters or leaves a certain endpoint. Antivirus is actually tasked with inspecting files and software on the server and acting accordingly. So if something bypasses your firewall that shouldn’t, antivirus is your next line of defense.
The major firewall types
What are the main firewall types? There are three core types used in cybersecurity:
- Software firewall: Software firewalls are implemented and run as software applications on individual devices or servers. They provide network security at the endpoint level and can offer granular control over network traffic as well as additional features like antivirus protection and intrusion detection.
- Hardware firewall: Hardware firewalls are physical devices dedicated to network security. They are typically placed at the network perimeter, often between the internal and external networks. Hardware firewalls, much like a server, are deployed as a standalone device and offer high-performance network security. They can also offer advanced features, such as VPN connectivity and traffic monitoring. Hardware firewalls protect every computer connected to the server and will remain running unless physically shut off.
- Cloud firewall: The third major firewall type is a cloud firewall, a solution specifically designed to secure cloud-based infrastructure and services. They are deployed and managed within cloud environments to provide security for virtual machines, containers, and cloud-based applications. Cloud firewalls are scalable and flexible to accommodate modern cloud infrastructures and often offer integrated security features with other cloud-based services.
MSPs should employ a combination of firewall types to provide comprehensive security for their clients—and the best choice depends on the specific needs and requirements of the client’s network infrastructure and their desired level of security.
While the three items above are the most common macro categories of firewalls, there are also several more subcategories that fulfill specific niches in the cybersecurity world. Here’s a closer look at those:
Packet filtering firewall
Packet filtering firewalls are the oldest and most simple type of firewall. They operate at the network layer and examine individual “packets” of data as they pass through the firewall and make decisions based on predefined rules. The concept of packet filtering entails setting configurations and protocols to determine whether or not a firewall allows packets of data to pass through.
With packet filtering firewalls, a single device can filter traffic for an entire network and examine addresses, protocols, and port numbers. Through this, the network is able to determine which packets were allowed through; however, as these firewalls cannot examine the content of data packets, even malicious data packets can be allowed through from trusted IP sources.
Packet filtering firewalls are best suited for simple filtering tasks and any scenario where speed and efficiency are paramount. These firewalls effectively block or allow traffic based on network-level criteria—however, they do not inspect the packet contents beyond the network layer.
Common use cases
Leverage packet filtering firewalls for basic network traffic filtering. This includes:
- Network segmentation: Divide your client’s network into different security zones based on either IP addresses or port numbers.
- Access control: Restrict access to certain services or ports, limiting access to critical resources.
- Bandwidth management: Prioritize or limit bandwidth usage for certain types of traffic, ensuring fair resource utilization and optimizing network performance.
Although packet filtering firewalls are not the most advanced firewall options available, they provide a cost-effective solution for basic network security needs, and MSPs can implement them as part of a layered security approach.
Circuit-level gateway firewalls are a type of firewall that operates at the session layer of the OSI model. It establishes a connection between two network endpoints, acting as an intermediary to monitor and control the flow of traffic between the two.
When a connection is initiated, circuit-level gateway firewalls establish an internal virtual connection to keep the identity and IP address of the internal user hidden.
Circuit-level gateways are ideal for any clients with a primary concern for verifying and controlling the overall connection. This type of firewall is particularly helpful in securing outbound connections from internal networks to external networks.
Common use cases
- Proxy server deployment: Utilize circuit-level gateways as proxy servers to provide secure and controlled access to external networks, keeping clients secure. For example, for a fintech client, implementing this could help safeguard sensitive data by filtering web traffic.
- Secure remote access: Enable secure remote access for clients’ teams, authenticating and validating remote connections and enhancing security for remote access scenarios. An example here could be establishing a VPN so client remote teams could safely and securely access resources from any location.
- Traffic redirection and load balancing: Redirect traffic and balance the load across multiple servers or services. This could be viable for situations like e-commerce clients that can experience heavy traffic on a seasonal basis, helping to avoid slowdown or overload.
Circuit-level gateways are highly beneficial in situations where a network connection needs to be controlled, authenticated, or directed. They can serve as a helpful added layer of security, particularly when managing outbound connections and providing secure remote access.
Application-level gateway firewalls, also known as proxy firewalls, are implemented at the application layer via a proxy device. This establishes a connection through the proxy firewall, which helps to keep any outsiders from directly accessing an internal network.
Unlike the two previous firewalls, application-level firewalls perform deep-level packet inspection. This includes analysis of all data packet content against user-defined rules to determine whether to permit or discard. Additionally, application-level gateway firewalls provide identification and location protection of data by preventing a direct connection between internal systems and external networks.
Application-level gateways are ideal for clients in need of granular control over application traffic. These firewalls are highly beneficial in filtering and monitoring specific application protocols, allowing organizations to enforce security policies on the application level.
Common use cases
- Web application security: Protect against web-based attacks through inspection and filtration of HTTP/HTTPS traffic. An example here could be deploying a web application firewall for an e-commerce company to protect against web-based attacks such as SQL injection and cross-site scripting (XSS).
- Email security: Enhance email security by using email proxies to inspect inbound and outbound email traffic, scanning attachments and content for malicious code, viruses, or spam. This could be very useful for a medical client in order to check for spam or malicious code, preventing the loss of medical data.
- File transfer security: Set up gateways to monitor file transfers, scan for malware-infected files, and enforce access controls for secure file exchange. This could be very viable for a financial MSP client in order to monitor file transfers and enforce access controls. This added support helps secure file exchange between authorized users and mitigate the risk of data breaches or unauthorized data sharing.
Application-level gateways offer a high level of control and security by deeply analyzing application-layer protocols. This can be particularly helpful in protecting web applications, securing email communications, and managing secure file transfers.
Stateful inspection firewall
Stateful inspection firewalls also perform packet inspection to verify and manage established connections. They check for legitimate connections and destination IP addresses to determine which data packets can pass through and drop those that do not belong to a verified, active connection.
Stateful inspection firewalls are ideal for clients that require advanced traffic analysis and context-aware security decisions. They are particularly useful in any environment with a focus on protecting against unauthorized access and maintaining the integrity of network connections.
Common use cases
- Network perimeter protection: Protect internal networks by filtering incoming and outgoing traffic, preventing unauthorized access, and protecting against network-based attacks. For example, if an MSP had a manufacturing client, this could be extremely useful to filter and protect against network-based attacks like DDoS.
- Application protocol analysis: Perform deep packet inspiration and analysis, enforcing security policies and mitigating threats. This could be particularly valuable for tech clients to help identify any potential threats from malicious applications.
- Virtual Private Network (VPN) security: Provide secure remote access for your clients or establish secure site-to-site VPN connections. This can be useful for a client that’s in the process of building out a remote team and wants to make sure they aren’t opening up any vectors for new attacks.
Stateful inspection firewalls offer a unique balance of performance and security. By combining packet filtering efficiency with the ability to analyze and track connections, these firewalls are very helpful in protecting your clients’ cybersecurity needs.
Next generation firewalls
Next-generation firewalls overcome the limitations of traditional firewalls by combining numerous features into a single solution. Next-generation firewalls can perform deep-level packet inspection in addition to port/protocol and surface-level packet inspection, as well as identify users and user roles.
Additionally, they may offer antivirus software for more comprehensive security. This allows security across personal devices and varied working environments—common in today’s remote-flexible workplace.
Next-generation firewalls are ideal for businesses that need to comply with the Health Insurance Portability and Accountability Act (HIPAA) or the payment card industry (PCI). These firewalls are best for organizations with complex network infrastructures, high-security requirements, and a need for detailed visibility into network traffic.
Common use cases
- Advanced threat protection: Deploy a next-generation firewall to protect your clients’ networks from sophisticated threats, such as zero-day exploits, advanced malware, and targeted attacks. This is especially important for government clients that are more likely to be targeted by some of these advanced tactics.
- Application control and visibility: Enforce specific policies for applications and block unauthorized applications. This can be extremely useful for any client’s business-critical operations to improve overall network performance.
- Secure web gateway: Utilize a next-generation firewall to protect clients’ networks from web-based threats, enforcing web access policies and detecting malicious web content. This can be very useful for settings like educational institutions which may have established policies for both faculty and students that need to be followed.
Next-generation firewalls provide comprehensive network security for your clients through a combination of advanced threat detection, application-level control, and deep packet inspection.
Network address translation (NAT) firewall
A Network address translation (NAT) firewall allows many devices on a private network to share a single internet gateway. This allows all of those devices to have the same public gateway and a unique private IP address. This is known as IP masquerading and is common on Wi-Fi routers and VPN services.
A NAT firewall allows requests or data packets to the gateway if a device on the private network requested it—all unsolicited traffic will be discarded to prevent communication with external malicious devices. Servers on the internet can only see the public address of the router, while the private IP addresses (of phones, laptops, smart TVs, and gaming consoles) are hidden.
A NAT firewall is ideal for any situation where multiple devices within a private network need to access the internet—while using a limited number of public IP addresses. These firewalls are commonly used in home networks, small businesses, and enterprise environments.
Common use cases
- IP address conservation: Share a single public IP address, enabling organizations to conserve IP address resources. This is great for small businesses that may not have the need for multiple addresses and can benefit from the added efficiency.
- Network segmentation: Use a NAT firewall to segment networks and enforce security boundaries. This is good for segments like finance which may need to enforce security not only from the outside, but also across departments.
- IPv6 transition: Facilitate the transition from IPv4 to IPv6 with a NAT firewall. This is important for any MSP client making the change to ensure operations aren’t impacted while the transition is finalized.
Using NAT firewalls play a crucial role in managing network connectivity for your clients while also providing an additional layer of protection by concealing internal IP addresses.
Choosing the right firewall for your clients
Firewalls were created to provide basic network security and operate as the first layer of defense against attacks. In addition to understanding the various delivery and types of firewalls, an MSP must also be aware of the functions of the client’s private network.
Packet filtering and circuit-level gateway firewalls are simple and cost-effective—but may not offer the best security for your clients. On the other hand, application-level gateway and stateful inspection firewalls are more robust but may compromise network performance. Next-generation firewalls may seem like the best of both worlds, but not every client may have the budget to set up and deploy them properly.
As threats and attacks become more sophisticated, a single firewall solution isn’t enough—each asset within a private network needs its protection. It is best to use a multi-layered firewall approach for optimal security instead of relying on just one.
To assess the best fit for your client’s needs, ask yourself the following:
- What is the firewall protecting?
- How is your client’s network structured?
- How big is the network and how many hosts are there?
- What kind of traffic will the firewall face?
- Do you have any compliance-related rules to consider?
- How much time can you set aside for firewall management?
- What resources can your client afford?
By keeping these questions in mind, you’re able to truly customize the firewall protection plan to your client’s needs.
Supporting firewalls with cybersecurity solutions
While a firewall is effective, it won’t fully cover all modern cybersecurity needs. Most modern organizations need a nuanced mix of several tools and technologies to thwart potential threats and optimize cybersecurity efforts.
The ConnectWise Cybersecurity Suite was designed to help growing MSPs take on today’s threats and protect against tomorrow's challenges, from continuous monitoring, 24/7/365 SOC services, and advanced threat detection. Take the first step toward getting your clients the security protection they demand by watching an on-demand demo today.