By conventional definition, a firewall is a partition made of fireproof material designed to prevent the spread of fire from one part of a building to another. It can be used to isolate one compartment from another.
When applying the term firewall to a computer network (or to a Local Area Network – LAN), a firewall is a system or group of systems that manages access between two or more networks.
A simple network protected by a firewall is shown below:
Firewall operations are based on one of three technologies:
- Packet Filtering: Limits information that is allowed into a network based on static packet header information.
- Proxy Server: Requests connections on behalf of the client on the inside of the firewall and Internet.
- Stateful Filtering Firewall: Combines the best of packet filtering and proxy server technologies.
As shown from the diagram above, Packet Filtering can be applied on the Internet Border router (e.g using Access Control Lists), Proxy services can be implemented by a dedicated proxy server (located on the DMZ of the firewall), and full stateful firewall functionality is accomplished by a dedicated hardware firewall (e.g Cisco PIX or ASA firewall).
The scenario above combines all three firewall technologies and is considered the best security practice for protecting a network perimeter.