Firewalls protect the outside of a network and the storage systems and applications housed on the inside of that network. Companies use different types of firewalls depending on the size of the organization, its cybersecurity needs, and what it can afford to implement.
Firewall solutions provide companies with various protective measures, from filtering traffic based on protocols to high security intrusion detection and traffic inspection. These firewalls provide different levels of complexity and feature sets, and they protect different environments:
Types of firewalls
- Next-generation firewall
- Application-level gateway firewall
- Host-based firewall
- Firewall as a service
- Unified threat management tools
- Container firewall
- Database firewall
- Firewall deployment
- Bottom line
1. Next-generation firewall
Next-generation firewalls (NGFWs) are often enterprise-grade cybersecurity tools that go beyond standard firewall technology. Some of the features commonly included in NGFWs are:
- Traffic monitoring: Network traffic should be observed and also collected for later analysis.
- Behavioral analytics: Studying network traffic over time helps businesses identify malicious behavior more quickly.
- Network access controls: Authenticating all users before they enter is a critical step in halting attackers.
- Network policy management: Storage and other IT administrators should set consistent and strict policies that determine who receives access and what traffic should be blocked.
Next-generation firewalls are often the best choice for large businesses, because they’re comprehensive and analytical. Some of the top enterprise security providers, like Fortinet and Palo Alto Networks, offer NGFW solutions. NGFWs require significant planning and time invested in implementation, but they’re worthwhile for teams that have large storage systems or applications that process sensitive data.
Learn more about the best next-generation firewalls.
2. Application-level gateway firewall
An application-level gateway works at layer 7 of the Open Systems Interconnection (OSI) model, which is the application level. It uses application protocols to filter network traffic, specifically for software programs on the network. Application-level gateways are also known as proxy firewalls, because they handle traffic filtering for an application server.
Application-level gateways are useful for large enterprises that have the computing resources and finances to support them. They’re particularly beneficial for any company that needs to protect critical applications that process sensitive proprietary or customer data, like Salesforce. However, although they’re a highly protective firewall, they may not be suitable for smaller enterprises that can’t yet support the processing power needed for a proxy firewall.
Learn more about firewalls in this guide.
3. Host-based firewall
Host-based firewalls are installed on individual machines rather than at the entrance of a network. They protect computers or servers and are useful secondary firewalls to be implemented along with firewalls that detect traffic entering the network. Host-based firewalls are beneficial for enterprises that store sensitive data on individual computers and servers and want an additional firewall layer.
Examples include:
- Host-based firewall features that come with antivirus software. In these solutions, a host-based firewall is just one tool that protects the computer from malware.
- The built-in host-based firewall for Microsoft operating systems. The Windows Defender Firewall allows users to configure traffic rules and uses Internet Protocol security (IPsec).
- Host-based firewalls installed on routers. Some network routers have host-based firewalls that filter traffic before it can reach the computer or server on the network.
Learn more about host-based firewalls.
4. Firewall as a service
Firewall-as-a-service (FWaaS) deployments are entirely managed by a provider that handles hardware maintenance, software upgrades, and other technical duties. Unlike traditional firewall deployments, which businesses shoulder themselves, a firewall offered as a service doesn’t require teams to purchase their own hardware or train their own personnel to install a firewall.
Although FWaaS doesn’t require as much effort in deployment as traditional firewalls, note that businesses must still train security personnel to monitor and update the technology as needed. They should be knowledgeable enough to discuss the firewall with the vendor, such as in cases of damage or other failure to work properly.
Learn more about FWaaS vendors.
5. Unified threat management tools
Firewalls are only one component of unified threat management (UTM) solutions. These network security tools also include intrusion detection features as well as website blacklisting to protect the network from web pages with known malicious software.
UTM tools are useful for organizations that want additional security features along with a firewall. However, they aren’t typically as comprehensive as NGFWs. If an enterprise is looking for the most advanced, full-featured firewall, they should probably consider a next-generation firewall instead. But UTMs are a good choice for smaller organizations that can’t afford or manage an advanced firewall yet.
Learn about the differences between NGFWs and UTM solutions.
6. Container firewall
Container firewalls address the security challenges presented by microservices architectures. Container environments have multiple hosts and multiple packaged applications, and if malicious traffic is able to laterally move between those hosts, it can compromise an entire infrastructure. East-west traffic, or lateral movement, between containers and other microservices requires a more granular approach to security. In other words, each individual container host should be protected.
Traditional firewalls are not able to identify security problems at the container level, especially because containers can be deployed and spun down so rapidly. Container firewalls are able to examine containers at runtime and are able to quarantine containers if they detect suspicious behavior in one. This protects the rest of the container orchestration environment.
Multiple providers like Juniper Networks and Palo Alto Networks offer container firewalls within their firewall portfolio. Organizations that run critical workloads in container environments should consider container firewalls, particularly if those containers handle sensitive customer or enterprise data. Container firewalls are best for larger organizations with security personnel experienced in monitoring infrastructures.
Learn about the differences between next-generation firewalls and container firewalls.
7. Database firewall
Database firewalls are specifically designed to protect organizations’ information databases. Because of their organized nature, databases are often used to store huge volumes of customer personal information. Without protective measures, they’re highly vulnerable to customer data theft. In particular, businesses with large databases that have given access to multiple employees need security technology like a database firewall to guard their data at rest.
Some database providers, like MySQL, offer their own firewalls for their databases. These have features like allowlists and blocklists and intrusion detection. Businesses that heavily rely on their databases for storing sensitive data should consider a database-specific firewall to monitor incoming traffic and queries.
Read more about database firewalls.
Firewall deployment
Firewalls can be deployed using the following methods:
- Hardware: Hardware firewall deployments are typically appliances installed at the perimeter of a network.
- Software: Software firewalls are installed onto computers or servers at the perimeter of the network, and the software accepts or rejects requests.
- Cloud-based: A cloud firewall is hosted in a cloud environment and protects cloud storage systems and applications, inspecting traffic that attempts to enter a storage application.
Learn more about how firewalls work in this guide.
Bottom line
Firewalls serve as a first line of defense for enterprise networks, processing large volumes of traffic and determining whether that traffic is safe to enter. For businesses selecting a firewall for their systems, consider the technology you need to protect. Do you have a smaller company that only needs a UTM solution, or is your infrastructure big enough that you’ll need an NGFW? And do you have containers or databases that your IT or security teams need to prioritize protecting?
Choose a firewall (or multiple firewalls) suitable for your organization’s security needs to reap the best possible benefits from the technology you deploy.
Read more about the importance of having an enterprise firewall.