7 Different Types of Firewalls & Deployment Options Explained

Firewalls protect the outside of a network and the storage systems and applications housed on the inside of that network. Companies use different types of firewalls depending on the size of the organization, its specific cybersecurity needs, and what it can afford to implement. 

Firewall solutions provide companies with various protective measures, from filtering traffic based on protocols to high security intrusion detection and traffic inspection. They provide different levels of complexity and feature sets, and they protect different environments.    

Types of firewalls

1. Next-generation firewalls 

Next-generation firewalls (NGFWs) are often enterprise-grade cybersecurity tools that go beyond standard firewall technology. Some of the features commonly included in NGFWs are:

  • Traffic monitoring: Network traffic should be observed and also collected for later analysis. 
  • Behavioral analytics: Studying network traffic over time helps businesses identify malicious behavior more quickly. 
  • Network access controls: Authenticating all users before they enter is a critical step in halting attackers.  
  • Network policy management: Storage and other IT administrators should set consistent and strict policies that determine who receives access and what traffic should be blocked. 

Next-generation firewalls are often the best choice for large businesses, because they’re comprehensive and analytical. Some of the top enterprise security providers, like Fortinet and Palo Alto Networks, offer NGFW solutions. NGFWs require significant planning and time invested in implementation, but they’re worthwhile for teams that have large storage systems or applications that process sensitive data.

Learn more about the best next-generation firewalls.

2. Application-level gateway firewalls 

An application-level gateway works at layer 7 of the Open Systems Interconnection (OSI) model, which is the application level. It uses application protocols to filter network traffic, specifically for software programs on the network. Application-level gateways are also known as proxy firewalls, because they handle traffic filtering for an application server. 

Application-level gateways are useful for large enterprises that have the computing resources and finances to support them. They’re particularly beneficial for any company that needs to protect critical applications that process sensitive proprietary or customer data, like Salesforce. However, although they’re a highly protective firewall, they may not be suitable for smaller enterprises that can’t yet support the processing power needed for a proxy firewall.

3. Host-based firewall

Host-based firewalls are installed on individual machines rather than at the entrance of a network. They protect computers or servers and are useful secondary firewalls to be implemented along with firewalls that detect traffic entering the network. Host-based firewalls are beneficial for enterprises that store sensitive data on individual computers and servers and want an additional firewall layer. 

Examples include:

  • Host-based firewall features that come with antivirus software. In these solutions, a host-based firewall is just one tool that protects the computer from malware.
  • The built-in host-based firewall for Microsoft operating systems. The Windows Defender Firewall allows users to configure traffic rules and uses Internet Protocol security (IPsec). 
  • Host-based firewalls installed on routers. Some network routers have host-based firewalls that filter traffic before it can reach the computer or server on the network.

4. Firewall as a service

Firewall-as-a-service (FWaaS) deployments are entirely managed by a provider who handles hardware maintenance, software upgrades, and other technical duties. Unlike traditional firewall deployments, which businesses shoulder themselves, a firewall offered as a service doesn’t require teams to purchase their own hardware or train their own personnel to install a firewall. 

Although FWaaS doesn’t require as much effort in deployment as traditional firewalls, note that businesses must still train security personnel to monitor and update the technology as needed. They should be knowledgeable enough to discuss the firewall with the vendor, such as in cases of damage or other failure to work properly.  

Learn more about FWaaS vendors. 

5. Unified threat management tools

Firewalls are only one component of unified threat management (UTM) solutions. These network security tools also include intrusion detection features as well as website blacklisting to protect the network from web pages with known malicious software.

UTM tools are useful for organizations that want additional security features along with a firewall. However, they aren’t typically as comprehensive as NGFWs. If an enterprise is looking for the most advanced, full-featured firewall, they should probably consider a next-generation firewall instead. But UTMs are a good choice for smaller organizations that can’t afford or manage an advanced firewall yet.  

Learn about the differences between NGFWs and UTM solutions.

6. Container firewalls 

Container firewalls address the security challenges presented by microservices architectures. Container environments have multiple hosts and multiple packaged applications, and if malicious traffic is able to laterally move between those hosts, it can compromise an entire infrastructure. East-west traffic, or lateral movement, between containers and other microservices requires a more granular approach to security. In other words, each individual container host should be protected.

Traditional firewalls are not able to identify security problems at the container level, especially because containers can be deployed and spun down so rapidly. Container firewalls are able to examine containers at runtime and are able to quarantine containers if they detect suspicious behavior in one. This protects the rest of the container orchestration environment. 

Multiple providers like Juniper Networks and Palo Alto offer container firewalls within their firewall portfolio. Organizations that run critical workloads in container environments should consider container firewalls, particularly if those containers handle sensitive customer or enterprise data. Container firewalls are best for larger organizations with security personnel experienced in monitoring infrastructures.

7. Database firewalls

Database firewalls are specifically designed to protect organizations’ information databases. Because of their organized nature, databases are often used to store huge volumes of customer personal information. Without protective measures, they’re highly vulnerable to customer data theft. In particular, businesses with large databases that have given access to multiple employees need security technology like a database firewall to guard their data at rest. 

Some database providers, like MySQL, offer their own firewalls for their databases. These have features like allowlists and blocklists and intrusion detection. Businesses that heavily rely on their databases for storing sensitive data should consider a database-specific firewall to monitor incoming traffic and queries.

Firewall deployment

Firewalls can be deployed using the following methods:

  • Hardware: Hardware firewall deployments are typically appliances installed at the perimeter of a network. 
  • Software: Software firewalls are installed onto computers or servers at the perimeter of the network, and the software accepts or rejects requests. 
  • Cloud-based: A cloud firewall is hosted in a cloud environment and protects cloud storage systems and applications, inspecting traffic that attempts to enter a storage application.

Learn more about how firewalls work in this guide.

Jenna Phipps
Jenna Phipps
Jenna Phipps is a contributor for Enterprise Mobile Today, Webopedia.com, and Enterprise Storage Forum. She writes about information technology security, networking, and data storage. Jenna lives in Nashville, TN.

Latest Articles

5 Top Security Assessment Trends in 2022

Think about the amount of information that is available today. It amounts to hundreds of zettabytes.  Yet, the bulk of security attention is aimed at...

5 Top Network Segmentation Trends in 2022

Storage has always used architectures that split large amounts of something into smaller segments.  There are disks, drives, partitions, physical and logical volumes, and logical...

Top Penetration Testing Trends in 2022

Penetration testing is growing in prominence.  Instead of defend, defend, defend against unseen attacks that could come from anywhere, a different view is needed: Look...