Cyber Security Expo
What is a Firewall? A high level explanation of firewall technologies and their features by B. Scott Wilson on 05/09/02

What You’ll Learn

  • The definition of a firewall
  • The three main firewall technologies
    • The purpose of the main firewall technologies in the industry

  • The definition of network address translation (NAT)
    • The purposes of using network address translation

  • Where to find more information about firewalls

Firewall Definition

A system or group of systems designed to preventunauthorized access to a network, a system, or group of systems.
Purpose is to divide the world into two or more networks which exist at various security levels
– A “DMZ” network
– A secured zone
– An insecure zone, etc.

Firewall Technologies

Packet filtering
– 1st generation technologies
– Examples are routers

Application Proxy
– 2nd generation technologies
– Examples are SOCKS, Metaframe

Stateful Inspection
– 3rd Generation technologies
– Examples are Check Point FireWall-1, Cisco PIX

Packet Filters

  • Purpose is to filter traffic based on packet content, such as IP address or protocol type
  • Examines a packet at the network layer
    – Application independent
  • Delivers good performance and scalability.
  • Least secure type of firewall - they are not application aware
    – Cannot understand the context of a given communication (e.g. cannot read the contents of a packet)

Application Layer Gateways

  • Examines all application layers, bringing context information into the decision process.
  • Every client/server communication requires two connections
    – First connection is from the client to the firewall
    – Second connection is from the firewall to the server
  • Proxies are application dependant, making scalability and support for new applications a problem
    – Exception is SOCKS, which is a generic proxy which supports any TCP or UDP application

Stateful Inspection

  • Provides the highest level of security possible
  • Provides full application-layer awareness without breaking the client/server model
  • Extracts the state-related information required for security decisions from all application layers and maintains this information in a dynamic state table for evaluating subsequent connection attempts.
  • Provides a highly secure solution
  • Maximum performance, scalability, and extensibility.

Network Address Translation

  • Known by the acronym NAT
  • Used to change the source IP, destination IP, or both
  • NAT is used for many reasons:
    – A known shortage of IP addresses
    – Ease and flexibility of network administration
    – Security needs regarding Internet communications

NAT Modes

  • 1-to-1 NAT
    – Used to translate either the source or destination IP address, one for one
    – Requires a mapping table to indicate which translation address belongs to which physical address
  • NAT-hide
    – All traffic on one network can “hide” behind an interface of a NAT device
    – Often used in conjunction with a private addressing scheme (e.g., an RFC1918 network)

An example of Network Address Translation


Vicomsoft Resource Knowledge Base -
RFC 1631 - The IP Network Address Translator (NAT)’s Firewalls FAQ -
PhoneBoy’s FireWall-1 FAQ -
DeathStar’s Firewall Security website -’s Enterprise Firewall documentation -
Check Point FireWall-1/VPN-1 -

Rate this article

All images, content & text (unless other ownership applies) are © copyrighted 2000 -  , All rights reserved. Comments are property of the respective posters.