You are viewing a free preview of this lesson.
Subscribe to unlock all 10 lessons in this course and every other course on LearningBro.
Firewalls are the cornerstone of perimeter security and typically the first line of defence in any network security architecture. They control which traffic is allowed to enter and leave the network based on a defined set of rules.
A firewall is a network security device — hardware, software, or both — that monitors and filters incoming and outgoing network traffic based on predefined security rules. It establishes a barrier between a trusted internal network and untrusted external networks.
| Generation | Type | Capabilities |
|---|---|---|
| 1st Gen | Packet Filter | Inspects headers only (IP, port, protocol) |
| 2nd Gen | Stateful Inspection | Tracks connection state (SYN, ACK, FIN) |
| 3rd Gen | Application Layer (Proxy) | Inspects application data, acts as intermediary |
| 4th Gen | Next-Generation Firewall (NGFW) | Deep packet inspection, IPS, application awareness, TLS inspection |
| Cloud Era | Cloud Firewall / FWaaS | Firewall-as-a-Service delivered from the cloud |
| Feature | Detail |
|---|---|
| Operates at | OSI Layer 3-4 (Network/Transport) |
| Inspects | Source/destination IP, port, protocol |
| State tracking | None — each packet evaluated independently |
| Performance | Very fast — minimal processing |
| Limitation | Cannot inspect payloads or track connections |
| Feature | Detail |
|---|---|
| Operates at | OSI Layer 3-4 with state table |
| Inspects | Headers plus connection state |
| State tracking | Maintains a connection table (established, related, new) |
| Performance | Fast with moderate overhead |
| Advantage | Only allows traffic matching known, legitimate connections |
| Feature | Detail |
|---|---|
| Operates at | OSI Layer 3-7 |
| Inspects | Full packet content including application data |
| Capabilities | IPS, application control, user identity awareness, TLS decryption, threat intelligence |
| Performance | Higher processing requirements — hardware acceleration common |
| Advantage | Comprehensive visibility and control over all traffic |
Every firewall rule contains these elements:
| Element | Description | Example |
|---|---|---|
| Source | Where the traffic originates | 10.0.1.0/24 |
| Destination | Where the traffic is going | 192.168.10.5 |
| Service/Port | The protocol and port | TCP/443 (HTTPS) |
| Action | What to do with matching traffic | Allow, Deny, Log |
| Logging | Whether to record the match | Enabled/Disabled |
Rule 1: Allow HTTPS from internal to web servers ← Checked first
Rule 2: Allow DNS from internal to DNS servers
Rule 3: Allow SMTP from mail server to internet
Rule 4: Deny SSH from guest network to servers
...
Rule N: DENY ALL (implicit default deny) ← Last rule
Rules are evaluated top-to-bottom — the first matching rule is applied and processing stops.
Subscribe to continue reading
Get full access to this lesson and all 10 lessons in this course.