Firewall Types

A firewall is a set of related programs located at a network gateway server that protects the resources of a private network from users on other networks. There are several types of firewalls used in the past and being used today based on their performance, technology, requirement, and level of security. Below here are most commonly used types of firewalls in the industry:

Static packet-filtering firewall


This first-generation firewall technology, a Layer 3 firewall, uses filtering rules and ACLs to determine whether to permit or deny traffic based on source and destination IP addresses, as well as source and destination port numbers. It also analyzes network traffic. IP packets are examined to see if they match one of a set of rules defining which data flows are allowed. These rules specify whether communication is allowed based on information contained in the network and transport layer headers, as well as the direction of the packet flow. Packet-filtering firewalls are similar to packet-filtering routers but offer additional benefits. For instance, packet filters are very scalable and application-independent and have high performance standards. The downside is that they do not offer the full range of security solutions required in today’s networks.

Circuit-level firewall

This second-generation firewall technology validates the fact that a packet is either a connection request or a data packet belonging to a connection or virtual circuit between two peer transport layers.

Application layer firewall

This third-generation firewall technology evaluates network packets for valid data at the application layer before allowing a connection. Data in all network packets is examined at the application layer and maintains complete connection state and sequencing information. Application layer firewalls also can validate other security items that appear only within the application layer data, such as user passwords and service requests. These firewalls filter traffic at Layers 3, 4, 5, and 7 of the OSI model. If you are looking to provide a higher level of security than what is offered via circuit-level firewalls, application layer firewalls may be the right choice. Application layer firewalls are also called as proxy firewalls or application gateways. Many application layer firewalls include specialized application software and proxy servers. Proxy services manage traffic through a firewall for a specific service, such as HTTP or FTP. The proxy services provided are specific to the protocols that they are designed to forward.

Dynamic packet-filtering firewall

This fourth-generation firewall technology, sometimes called stateful firewalls, keeps track of the actual communication process through the use of a state table. These firewalls operate at Layers 3, 4, and 5. The ability to dynamically filter packets is provided through stateful filtering. This stateful inspection is a firewall architecture that works at the network layer. Unlike static packet filtering, which examines a packet based on the information in its header, stateful inspection can track each connection traversing all interfaces of the firewall and confirm that they are valid. Stateful packet filtering maintains a state table that is part of the firewall’s internal structure. It tracks all sessions and inspects all packets passing through the firewall. If a packet has properties matching those listed in the state table, the firewall allows the packet to pass. Stateful firewalls use the state table to keep track of the actual communication process. At the transport layer, the firewall examines information in the headers of Layer 3 packets and Layer 4 segments. The stateful firewall would examine the TCP header for SYN, RST, ACK, FIN, and other control codes to determine the state of the connection. Whenever an outside service is accessed, the stateful packet filter firewall “remembers” certain details. In other words, it saves the details of the request in the state table. When a TCP or UDP connection is established, either inbound or outbound, the firewall logs the information in a stateful session flow table. This information is then used when the outside system responds to the request. The firewall compares the received packets with the saved state to allow or deny network access.

Transparent Firewalls

A transparent firewall is a Layer 2 firewall and behaves like a “stealth firewall”. In other words, it is not seen as a router hop to connected devices. In this implementation, the security appliance connects the same network on its inside and outside ports. However, each interface resides on a separate VLAN. Packets are bridged by the security appliance from one VLAN to the other instead of being routed. You can configure transparent firewalls to allow any traffic through using either an extended ACL (for IP traffic) or an EtherType ACL (for non-IP traffic) if you want. Without a specific ACL, the only traffic allowed to pass through the transparent firewall is Address Resolution Protocol (ARP) traffic.