Firewall Functionality and Features:
The main function of a firewall is to regulate (allow/deny) data traffic between two or more computer networks (zones). Typically, two of these networks are the Internet and the local/corporate network. The firewall is interposed between two networks that have different levels of trust. The Internet has a low level of trust, while the corporate network or home network has the maximum level of trust. A third perimeter network or Demilitarized Zone (DMZ) has a medium level of trust.
The purpose of placing a firewall is to prevent attacks on the local network and deal with them.
The firewall, for managing the flow of data to, from, and through the router, operates through packet filtering. Together with Network Address Translation (NAT), it serves as a tool to prevent unauthorized access to networks directly connected to each other and the router itself. It also acts as a filter for outbound traffic.
A properly configured firewall plays a crucial role in the effective and secure development of network infrastructure. For the correct configuration of the firewall, access policies (inbound-outbound) must be defined for each zone in relation to the others. Then, the policy is applied through rules on the device with specific hierarchy.
Characteristics supported by a Firewall include:
- Stateful Packet Inspection
- Layer-7 Protocol Detection
- Peer-to-Peer Protocols Filtering
- Traffic Classification by:
- Source MAC Address
- IP Addresses (network or list) and Address Types (broadcast, local, multicast, unicast)
- Port or Port Range
- IP Protocols
- Protocol Options (ICMP type and code fields, TCP flags, IP options, and MSS)
- Interface the Packet Arrived From or Left Through Internal Flow and Connection Marks
- DSCP Byte
- Packet Content
- Rate at Which Packets Arrive and Sequence Numbers
- Packet Size
- Packet Arrival Time
