Firewall
A network security system that filters incoming and outgoing traffic based on defined rules at Layers 3 and 4 (IP, port, protocol). It protects network segments—unlike a WAF, which specifically secures web applications at Layer 7.
A firewall (literally: fire wall) is a network security system that controls incoming and outgoing data traffic based on configured security rules. It forms the foundation of nearly all network security architectures.
Firewall Generations
Generation 1 - Packet Filter: Checks IP addresses, ports, and protocols. Simple and fast, but blind to application context.
Generation 2 - Stateful Inspection: Tracks the connection state (e.g., TCP state machine). Blocks packets that do not belong to a known connection.
Generation 3 - Application Layer (Proxy Firewall): Understands application protocols (HTTP, SMTP, DNS) and can scan content for malware.
Next-Generation Firewall (NGFW): Combines all predecessors plus:
- Deep Packet Inspection (DPI)
- Intrusion Prevention System (IPS)
- SSL/TLS inspection (decryption, inspection, re-encryption)
- Application Awareness: Identification of applications regardless of port
- User Identity: Rule-based on users instead of IP addresses
Web Application Firewall (WAF)
A WAF is specifically designed for HTTP/HTTPS and protects web applications from OWASP Top 10 attacks. It operates at Layer 7 and understands HTTP semantics. WAFs are not a substitute for secure development, but they are an important layer of protection.
Firewalls in a Zero-Trust Context
Traditional perimeter firewalls lose their central role in the zero-trust model: Since there is no implicit trust for internal traffic, control shifts to identity-based access decisions and microsegmentation. Firewalls remain relevant as part of a defense-in-depth strategy.
