Firewall Generations

Firewall:

Software code can be run on Hardware or the cloud, Main function of the firewall is traffic control & inspection., it can be Hardware Device or Software base that can be installed as a VM.

Below is the different type of Firewalls

1. First Generation

2. Second Generation

3. Third Generation (Next Generation NGFW)

First Generation: (Stateless FW)

In this type of FW, the traffic controlling is based on IP address, Protocol like TCP, UDP

• Port number.
• Comparing source/Destination address, and port number with the configured policy then allow or block the traffic.
• Verification & checking of each packet passes through Firewall & due to this speed and performance are affected & slow.
• Not checking the content of traffic & session details about host/server connection. That’s why also called Stateless Firewall

Second Generation: (Stateful FW)

In this firewall, all features same as the above first-generation FW Plus Below extra capabilities

· Maintain session information b/w two hosts communicating with each other. That’s why called Stateful Firewall.

· After initial connection b/w host then it's not checking any packet that’s why performance is fast.

Third Generation: (Next generation FW)

This firewall includes all features in the above two types of firewalls Plus Below extra features.

· Also called an application firewall as it checks all Layer 7 information.

· Inspect the content of traffic & compare it with configured policy.

· Contain User/content/application base filtering

· Comparing traffic with defined signature to detect exploit, malware & application using no standard ports.

Zone:

It is the combination of interface/ports & logical grouping of traffic.

The zone name can be any, but the same nature interface is put in the same zone. For example, create a zone give the name Trust & put all LAN interfaces. Same for WAN side Untrust Zone & put WAN interfaces.

For our ease & understanding normally LAN side interfaces are part of the Trust Zone & WAN side is Untrust Zone.

1. Trust

2. Untrust

3. DMZ

Demilitarized Zone (DMZ):

All internet/public-facing servers are part of the DMZ Zone. As nature of these types of servers is that anyone from the internet can access the server. If we put this Server in LAN Zone then all internet users can access & reachable our LAN due to these servers & this is Critical for our organization's resources & server also easy for attackers to get access.

Above is the reason that Public accessible server put in DMZ & Organization resources in LAN for security purposes. Because by default traffic is not allowed b/w inter Zone LAN & DMZ.