A corporate firewall is the first line of defense when it comes to network security: it establishes a virtual fence between secure internal networks and untrusted sources like the Internet.
A firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules.
But even this definition is fairly broad, as there are many different types of firewalls that function in different ways to protect different resources. Here are six common corporate firewall types.
1) Network Firewalls
A traditional network firewall prevents unwanted traffic from gaining access to a corporate network by applying a set of security rules to decide exactly when to deny access.
2) Next-Generation Firewalls
NGFWs are similar to traditional firewalls but provide full stack visibility by analyzing the specific contents of each data packet when applying security rules, rather than just the port, source/destination IP address, or protocol.
3) Web Application Firewalls
A web application firewall is typically housed in a proxy server that is stood up between an application (running on a server) and the application’s users who require access to the application from outside the network. The proxy server receives incoming data and establishes a dedicated connection to the application on behalf of the external user.
4) Database Firewalls
As the name suggests, a database firewall is designed to protect databases. A type of web application firewall, database firewalls are installed directly in front of the database server they protect, or near the network gateway when they are used to protect multiple databases across multiple servers.
5) Unified Threat Management
UTM appliances typically include a traditional firewall, intrusion detection, and a secure web gateway to scan incoming traffic/emails for viruses and other malware.
6) Cloud Firewalls
Instead of implementing a firewall onsite in a corporate data center, a firewall may also be deployed virtually (in the cloud) where it can provide the same protection for networks, applications, and databases.
5 Features to Look for when Choosing a Corporate Firewall
1) Identify and Control Applications on any Port
Developers no longer adhere to the standard conventions of port/protocol/application mapping and many services are now capable of operating on non-standard ports or have the ability to “hop” ports. A firewall that allows IT to analyze traffic for any port is a great future-proofed tool.
2) Decrypt Outbound SSL
As more and more enterprises adopt SSL encryption, network security teams must be able to decrypt and inspect traffic as it leaves the network to ensure that sensitive data is not being leaked.
Encrypted traffic now represents over 72% of all network traffic.
3) Scan for Viruses and Malware in Allowed Applications
As more collaborative applications are hosted outside the corporate network (think Box, Google Docs, OneDrive), the volume of files moving in and out of a network presents a high-risk security threat. Manually inspecting application traffic is tedious at best; fortunately, many firewalls allow application-level scanning that can protect networks and save IT resources for other (more important) tasks.
4) Deal with Unknown Traffic by Policy
A firewall that attempts to classify all traffic, using a positive enforcement model that defaults to “deny” for unknown traffic, can significantly reduce security risks. However, this model can be unnecessarily restrictive so seek out a firewall that allows the use of a positive enforcement model in conjunction with policy control.
5) Enable the Same Visibility and Control for Remote Users
The bottom line is that more and more workers are moving off the corporate campus and relying on wireless networks (Wi-Fi, cellular, and even satellite) to perform critical daily tasks. To support these users and deliver a seamless experience, utilize a mobile VPN and a firewall that enables application visibility and control over traffic regardless of location.