What are firewall appliances and
why are they needed?
[what is a firewall appliance?] [basic firewall technology]
[firewall appliance and firewall software]
Filtering Firewall Products from Firewall Servers
Full product descriptions of turnkey filtering firewall appliances
New lower prices are located at
What is a firewall appliance?
First, let us define a firewall. A firewall is a
system or group of systems utilized to enforce access control between two network
entities. This can be accomplished in a variety of ways but fundamentally the firewall
is a pair of mechanisms: the first exists only to block traffic and the second one exists
to permit traffic. It allows people inside the organization, behind the firewall, to
access information on the outside and prevents people on the outside from getting into the
user's system. The singular most important aspect of a firewall is to allow the System
Administrator to easily implement an access control policy.
The Internet has become, in many ways, a mirror of
society. Within our society there is a segment of jerks, malcontents and rip-off artist
who delight in spray painting other people's walls, knocking down stop signs and mail
boxes and perpetrate all manners of scams such as credit card fraud and embezzlement. All
of these, and more, has become a routine part of the Internet society. Web sites are
defaced, phony misleading press releases are issued to manipulate stock prices and large
databases of credit card numbers are broken into for fun and profit. A firewall is the
first line of defense against the cyberpunks attempting to rip the fabric of the Internet
A firewall appliance is a dedicated hardware and
software system whose sole purpose is to function as the implementer of the defined access
control policy. A fully featured firewall appliance will include NAT (Network Address
Translation), DMZ (De-Militarized Zone), VPN (Virtual Private Network), Intrusion
Detection and extensive audit logging with alarm condition detection and reporting.
Content Filtering can be a highly desirable option to prevent pornography and specific
non-work related web sites from being accessed.
In the most ideal of situations, the firewall
appliance should be as ubiquitous as a telephone: take it out of the box, plug it in and
use it. The real world is not so utopian due to the large variety of options for blocking
or passing data in or out of the network as well as all of the network specific
information. At its worst, the time to properly configure a firewall can be measured in
hours. At its best, like the iSentryII Appliance, much of the configuration will be
performed at the factory prior to shipment, requiring only minutes for final
[return to top]
A firewall is generally a software package or a
combination of hardware and software and typically consists of several layers of
protection designed to intercept and prevent penetration by intruders. Today there are
three basic types of firewalls.
The simplest type is known as a screening router or
packet filter firewall. This approach screens every packet for content and decides whether
to pass through or deny access. This approach provides the very minimum of security and is
easily broached by sophisticated intruders who can falsify or spoof a packet so that it
appears to come from a legitimate source.
A second firewall approach utilizes a technique
known as stateful inspection. This approach is more adept than packet filtering at
preventing spoofing by comparing patterns of arriving data with data from previously
The third and generally accepted as the most secure
approach is known as the proxy server. The proxy server sits between the internal network
and all locations outside the network and does not allow direct traffic to pass directly
through. The proxy server changes the IP address of the user from anyone outside of the
firewall. When an internal user access an external web site the source IP address on the
outbound HTTP packet appears as the address of the firewall and not that of the
originator. When an external data packet arrives at the firewall, the application software
examines and evaluates the packet's IP address and content, compares it with the firewall
appliance's rule set to verify whether it complies with the pre-defined security policies.
[return to top]
Firewall appliance software and applications.
Unlike firewall software packages that are loaded on
to an existing server, a firewall appliance is a dedicated stand-alone hardware and
software solution. The firewall appliance mediates traffic between the Internet and the
user's protected networks. The iSentryII firewall appliance is rule driven and must
understand each of the application protocols that are allowed by the user's security
policy. An example of protocol-specific security could be a configuration that permits
incoming FTP but would block outbound FTP.
[return to top]