{"id":7737,"date":"2024-01-04T18:20:31","date_gmt":"2024-01-04T18:20:31","guid":{"rendered":"https:\/\/www.esecurityplanet.com\/2018\/03\/21\/types-of-firewalls-what-it-security-pros-need-to-know\/"},"modified":"2024-05-25T17:46:42","modified_gmt":"2024-05-25T17:46:42","slug":"types-of-firewalls","status":"publish","type":"post","link":"https:\/\/www.esecurityplanet.com\/networks\/types-of-firewalls\/","title":{"rendered":"8 Types of Firewalls Explained &amp; When to Use Each"},"content":{"rendered":"\n<p>While originally created to protect internal networks, firewall solutions have evolved into diversified and specialized solutions suitable for a number of architectures and purposes. The eight types of deployable firewalls include traditional network firewalls, unified threat management (UTM), next-generation firewalls (NGFW), web application firewalls (WAF), database firewalls, cloud firewalls, container firewalls, and firewalls-as-a-service (FWaaS).<\/p>\n\n\n\n<p>To deploy the appropriate type of firewall, it first requires an understanding of the available features and deployment options. These inform the pros, cons, and the best use cases for each firewall and how each type of firewall delivers a unique solution.&nbsp;<\/p>\n\n\n<!-- ICP Plugin: Start --><div class=\"icp-list icp-list-main icp-list-body-horizontal row\">\n    \n        <!--\n            ICP Plugin - body horizontal\n            ----------\n            Category: \n            Count: 4\n            Country: HK\n        -->\n    <\/div><!-- ICP Plugin: End -->\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_68_1 ez-toc-wrap-left counter-flat ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-66d6d037709a1\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"ez-toc-cssicon\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #ffffff;color:#ffffff\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #ffffff;color:#ffffff\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-66d6d037709a1\"  aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.esecurityplanet.com\/networks\/types-of-firewalls\/#Features-Deployment-Options-for-Firewalls\" title=\"Features &amp; Deployment Options for Firewalls\">Features &amp; Deployment Options for Firewalls<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.esecurityplanet.com\/networks\/types-of-firewalls\/#Traditional-Network-Firewalls\" title=\"Traditional Network Firewalls\">Traditional Network Firewalls<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.esecurityplanet.com\/networks\/types-of-firewalls\/#Unified-Threat-Management-UTM\" title=\"Unified Threat Management (UTM)\">Unified Threat Management (UTM)<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.esecurityplanet.com\/networks\/types-of-firewalls\/#Next-Generation-Firewalls-NGFWs\" title=\"Next-Generation Firewalls (NGFWs)\">Next-Generation Firewalls (NGFWs)<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.esecurityplanet.com\/networks\/types-of-firewalls\/#Web-Application-Firewalls-WAF\" title=\"Web Application Firewalls (WAF)\">Web Application Firewalls (WAF)<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.esecurityplanet.com\/networks\/types-of-firewalls\/#Database-Firewalls\" title=\"Database Firewalls\">Database Firewalls<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/www.esecurityplanet.com\/networks\/types-of-firewalls\/#Cloud-Based-Firewalls\" title=\"Cloud-Based Firewalls\">Cloud-Based Firewalls<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/www.esecurityplanet.com\/networks\/types-of-firewalls\/#Container-Firewalls\" title=\"Container Firewalls\">Container Firewalls<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/www.esecurityplanet.com\/networks\/types-of-firewalls\/#Firewall-as-a-Service\" title=\"Firewall-as-a-Service\">Firewall-as-a-Service<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/www.esecurityplanet.com\/networks\/types-of-firewalls\/#Firewall-Services-as-Alternatives-to-Firewall-Purchases\" title=\"Firewall Services as Alternatives to Firewall Purchases\">Firewall Services as Alternatives to Firewall Purchases<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/www.esecurityplanet.com\/networks\/types-of-firewalls\/#9-Questions-to-Ask-to-Find-the-Right-Firewall-Solutions\" title=\"9 Questions to Ask to Find the Right Firewall Solutions\">9 Questions to Ask to Find the Right Firewall Solutions<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/www.esecurityplanet.com\/networks\/types-of-firewalls\/#Bottom-Line-Choose-the-Right-Firewall-Solution-As-Part-of-a-Bigger-Security-Picture\" title=\"Bottom Line: Choose the Right Firewall Solution As Part of a Bigger Security Picture\">Bottom Line: Choose the Right Firewall Solution As Part of a Bigger Security Picture<\/a><\/li><\/ul><\/nav><\/div>\n\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody><tr><td class=\"has-text-align-center\" data-align=\"center\" colspan=\"5\"><strong>Firewall Types<\/strong><\/td><\/tr><tr><td class=\"has-text-align-center\" data-align=\"center\"><strong>Firewall Types<\/strong><\/td><td><strong>Pros<\/strong><\/td><td><strong>Cons<\/strong><\/td><td><strong>Best Use Cases<\/strong><\/td><td><strong>Deployment Options<\/strong><\/td><\/tr><tr><td class=\"has-text-align-center\" data-align=\"center\"><strong>Traditional (AKA: Basic, Host, or Network) Firewall<\/strong><\/td><td>Effective, fast data throughput, quick deployment, inexpensive<\/td><td>Limited functions and capacity, low security, no traffic inspection<\/td><td>Low-risk and low-budget environments<\/td><td>Physical hardware, software virtual machine<\/td><\/tr><tr><td class=\"has-text-align-center\" data-align=\"center\"><strong>Unified Threat Management (UTM)<\/strong><\/td><td>Multiple basic security functions, centralized control, easy installation, medium security<\/td><td>More frequent updates required, less effective than dedicated solutions, lacks customization, low throughput<\/td><td>Moderate risk, low resource environments<\/td><td>Physical hardware, software virtual machine<\/td><\/tr><tr><td class=\"has-text-align-center\" data-align=\"center\"><strong>Next Generation Firewall (NGFW)<\/strong><\/td><td>High security, inspects encrypted traffic, directly blocks malware<\/td><td>More expensive, slow throughput, increased maintenance, more risk of misconfiguration<\/td><td>High-risk environments (finance, healthcare, etc.)<\/td><td>Physical hardware, software virtual machine<\/td><\/tr><tr><td class=\"has-text-align-center\" data-align=\"center\"><strong>Web Application Firewall (WAF)<\/strong><\/td><td>High security for applications, specialized HTTP inspection, highly focused purpose<\/td><td>Doesn\u2019t secure all applications, must be part of a security stack, expense only makes sense for larger needs<\/td><td>Specialized application defense, high performance firewall<\/td><td>Physical hardware, software virtual machine<\/td><\/tr><tr><td class=\"has-text-align-center\" data-align=\"center\"><strong>Database Firewall<\/strong><\/td><td>High and specialized security and monitoring for databases, improved compliance reports,&nbsp;<\/td><td>Must be part of a security stack, expense only makes sense for larger needs<\/td><td>Extra defense for databases, high performance firewall<\/td><td>Physical hardware, software virtual machine<\/td><\/tr><tr><td class=\"has-text-align-center\" data-align=\"center\"><strong>Cloud Firewall<\/strong><\/td><td>More scalable, often pre-configured for the cloud provider, no maintenance for underlying hardware<\/td><td>No control of underlying hardware, more expensive for baseline firewall needs, may not be multi-cloud compatible<\/td><td>Specialized cloud defense, centralized enterprise firewall, highly-variable firewall traffic<\/td><td>Software virtual machine<\/td><\/tr><tr><td class=\"has-text-align-center\" data-align=\"center\"><strong>Container Firewall<\/strong><\/td><td>Centralized or DevOps configuration, can be deployed by code, container visibility and control, rapid scalability and on-demand deployment<\/td><td>Must be part of a security stack, expense only makes sense for larger needs<\/td><td>Extra and specialized container security, high performance firewall<\/td><td>Containerized software<\/td><\/tr><tr><td class=\"has-text-align-center\" data-align=\"center\"><strong>Firewall-as-a-Service (FWaaS)<\/strong><\/td><td>More scalable than on-prem firewalls, unified security, flexible and simplified deployment, requires less IT skill and resources, fully automated updates and maintenance, more rapid identification and updates for attack threats&nbsp;<\/td><td>Less attentive to specific customer needs, reduced customization options, loss of control, potential information exposure to 3rd party service provider, doesn\u2019t replace device or specialty firewalls<\/td><td>Centralized management for geographically diverse organizations, robust security for resource constrained organizations, turnkey firewall solution for rapid deployment or legacy replacement<\/td><td>n\/a (Service)<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"text-transform:none\"><span class=\"ez-toc-section\" id=\"Features-Deployment-Options-for-Firewalls\"><\/span>Features &amp; Deployment Options for Firewalls<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p><a href=\"https:\/\/www.esecurityplanet.com\/networks\/network-firewalls\/\">Firewalls<\/a> are the bouncers for IT. They screen incoming traffic to networks, applications, databases, and other resources for unauthorized and unwanted traffic.<\/p>\n\n\n\n<p>Firewalls must balance security performance with operations throughput, and more advanced functions improve security but slow down data delivery. In most cases, the \u201cbest\u201d firewall solution will be the deployment of multiple firewalls to maximize their best attributes and minimize their flaws; however, budgets and resource constraints often deny ideal deployments.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Types of Firewall Features<\/h3>\n\n\n\n<p>The key features of firewalls include packet filtering, stateful inspection, session filtering, proxy service, application layer filtering, source filtering, malware filtering, and deep packet inspection. The chart below compares generally-available features with the associated firewall type, but keep in mind all classifications are generalities and some advanced traditional firewalls may perform some malware filtering and some database firewalls may be capable of session filtering.<\/p>\n\n\n\n<figure class=\"wp-block-image aligncenter size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"960\" height=\"540\" src=\"https:\/\/assets.esecurityplanet.com\/uploads\/2024\/01\/esp_20240104-types-of-firewalls-types_of_firewall_features.jpg\" alt=\"Graph showing different firewall types and features.\" class=\"wp-image-33363\" style=\"width:900px\" srcset=\"https:\/\/assets.esecurityplanet.com\/uploads\/2024\/01\/esp_20240104-types-of-firewalls-types_of_firewall_features.jpg 960w, https:\/\/assets.esecurityplanet.com\/uploads\/2024\/01\/esp_20240104-types-of-firewalls-types_of_firewall_features-300x169.jpg 300w, https:\/\/assets.esecurityplanet.com\/uploads\/2024\/01\/esp_20240104-types-of-firewalls-types_of_firewall_features-768x432.jpg 768w\" sizes=\"(max-width: 960px) 100vw, 960px\" \/><\/figure>\n\n\n\n<p>Each feature delivers a different type of screening function. Fast, simple features don\u2019t add much security, while the more complex features add significant security at the similarly significant cost of operational throughput.<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th class=\"has-text-align-center\" data-align=\"center\">Feature<\/th><th class=\"has-text-align-center\" data-align=\"center\">Security Level<\/th><th class=\"has-text-align-center\" data-align=\"center\">Complexity<\/th><th class=\"has-text-align-center\" data-align=\"center\">Speed<\/th><th>Description<\/th><\/tr><\/thead><tbody><tr><td class=\"has-text-align-center\" data-align=\"center\"><strong>Packet Filtering<\/strong><\/td><td class=\"has-text-align-center\" data-align=\"center\">Low<\/td><td class=\"has-text-align-center\" data-align=\"center\">Low<\/td><td class=\"has-text-align-center\" data-align=\"center\">Fast<\/td><td>Compares headers of packets against preset rules that define permitted IP address, protocols, source\/destination port<\/td><\/tr><tr><td class=\"has-text-align-center\" data-align=\"center\"><strong>Session Filtering (AKA: Circuit-Level Gateway)<\/strong><\/td><td class=\"has-text-align-center\" data-align=\"center\">Low<\/td><td class=\"has-text-align-center\" data-align=\"center\">Low<\/td><td class=\"has-text-align-center\" data-align=\"center\">Fast<\/td><td>Examines session level connections (TCP\/UDP) to verify connections are legitimate, often creates proxy connections (see below)<\/td><\/tr><tr><td class=\"has-text-align-center\" data-align=\"center\"><strong>Proxy Services<\/strong><\/td><td class=\"has-text-align-center\" data-align=\"center\">Low<\/td><td class=\"has-text-align-center\" data-align=\"center\">Low<\/td><td class=\"has-text-align-center\" data-align=\"center\">Medium<\/td><td>Makes protocol connections (TCP\/UDP) on behalf of other devices or apps; hides IP addresses and blocks queries to learn about open ports and services&nbsp;<\/td><\/tr><tr><td class=\"has-text-align-center\" data-align=\"center\"><strong>Stateful Inspection<\/strong><\/td><td class=\"has-text-align-center\" data-align=\"center\">Medium<\/td><td class=\"has-text-align-center\" data-align=\"center\">Medium<\/td><td class=\"has-text-align-center\" data-align=\"center\">Medium<\/td><td>Tracks connections (TCP, etc.) in tables to detect, track, and block potentially malicious traffic<\/td><\/tr><tr><td class=\"has-text-align-center\" data-align=\"center\"><strong>Application-layer Filtering<\/strong><\/td><td class=\"has-text-align-center\" data-align=\"center\">High<\/td><td class=\"has-text-align-center\" data-align=\"center\">High<\/td><td class=\"has-text-align-center\" data-align=\"center\">Slow<\/td><td>Uses proxies and more complex rules to inspect and filter out application layer attacks; resource intensive&nbsp;<\/td><\/tr><tr><td class=\"has-text-align-center\" data-align=\"center\"><strong>Source Filtering<\/strong><\/td><td class=\"has-text-align-center\" data-align=\"center\">Medium<\/td><td class=\"has-text-align-center\" data-align=\"center\">Medium<\/td><td class=\"has-text-align-center\" data-align=\"center\">Medium<\/td><td>Uses website URL, IP address, and geolocation information to identify and filter out potentially dangerous traffic sources; difficult to keep up-to-date<\/td><\/tr><tr><td class=\"has-text-align-center\" data-align=\"center\"><strong>Malware Filtering<\/strong><\/td><td class=\"has-text-align-center\" data-align=\"center\">High<\/td><td class=\"has-text-align-center\" data-align=\"center\">High<\/td><td class=\"has-text-align-center\" data-align=\"center\">Slow<\/td><td>Detects (often using signatures) and blocks known malware or block malicious behavior; resource-intensive and difficult to keep up-to date<\/td><\/tr><tr><td class=\"has-text-align-center\" data-align=\"center\"><strong>Deep Packet Inspection<\/strong><\/td><td class=\"has-text-align-center\" data-align=\"center\">High<\/td><td class=\"has-text-align-center\" data-align=\"center\">High<\/td><td class=\"has-text-align-center\" data-align=\"center\">Slow<\/td><td>Inspects contents of traffic packets to identify indicators of compromise, malicious content, and sensitive information; very resource intensive, especially when decrypting encrypted traffic<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Types of Firewall Deployment<\/h3>\n\n\n\n<p>When deploying a firewall, the security team needs to consider where the solution fits into the overall architecture. Traditionally, vendors delivered all firewalls in purpose-built hardware appliances, but now nearly all types of firewalls may be deployed as software ready to be installed as virtual machines (VMs) or containers.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" style=\"text-transform:none\">Hardware Firewalls<\/h4>\n\n\n\n<p>Hardware comes in server rack and desktop profiles and will be fixed in capacity based upon the hardware configuration. The dedicated hardware and fixed capacity improves convenience for updates and remote deployments.<\/p>\n\n\n\n<p>However, hardware firewalls cost more than equivalent VMs, take up physical space, and are much less flexible to change. The limited flexibility plus capacity constraints make hardware less attractive for deployment in dynamic environments.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" style=\"text-transform:none\">Software-Based Firewalls (VM, Cloud, Container)<\/h4>\n\n\n\n<p>Software-based virtual machine firewalls can be installed on desktops, servers, cloud, and container orchestration environments. Virtual firewalls offer improved flexibility, rapid deployment, and a full range of capabilities, from simple-host-based operating system firewalls to full-NGFW capabilities.<\/p>\n\n\n\n<p>However, VM firewalls become security dependent on the host environment and can cause conflicts with other applications running on the host. VM firewalls also increase complexity and opportunities for mistakes in installation, integration, and configuration.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"text-transform:none\"><span class=\"ez-toc-section\" id=\"Traditional-Network-Firewalls\"><\/span>Traditional Network Firewalls<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Traditional, basic, or simple <a href=\"https:\/\/www.esecurityplanet.com\/networks\/network-firewalls\/\">network firewalls<\/a> screen data packets by following rules and performing data header inspections. These firewalls provide inexpensive security and can be deployed easily as hardware devices or virtual machines throughout a network to perform filtering or network segmentation.<\/p>\n\n\n\n<p>No vendor sells a firewall listed as \u2018traditional,\u2019 \u2018simple,\u2019 or \u2018basic.\u2019 However, a buyer can observe that the lowest priced firewall options will generally deploy the simplified features attributed to a traditional firewall.<\/p>\n\n\n\n<p>Traditional firewalls are known as host-based firewalls when built into operating systems (EX: <a href=\"https:\/\/learn.microsoft.com\/en-us\/windows\/security\/operating-system-security\/network-security\/windows-firewall\/\" target=\"_blank\" rel=\"noreferrer noopener\">Windows Firewall<\/a>, <a href=\"https:\/\/support.apple.com\/guide\/mac-help\/block-connections-to-your-mac-with-a-firewall-mh34041\/mac\" target=\"_blank\" rel=\"noreferrer noopener\">macOS<\/a>, etc.), enterprise network routers, and consumer Wi-Fi routers. Purchasing low-cost firewalls providing traditional functionality can enable fast and easy firewall protection, but IT teams with more time might prefer open-source software firewalls.<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>Protection Level<\/th><th>Operations Throughput<\/th><th>Vendors<\/th><th>Open-Source Options<\/th><\/tr><\/thead><tbody><tr><td>Low: Simple and basic<\/td><td>High (stateful inspection can cause some slowness)<\/td><td>Netgate (pfSense hardware), Zyxel<\/td><td>pfSense, OPNsense Firewall, IPFire<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Use Cases<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Branch offices or small and home offices (SOHO)<\/li>\n\n\n\n<li>Low-risk environments (industrial facilities with limited tech, etc.)<\/li>\n\n\n\n<li>Layer of defense for servers, endpoints, and network segments<\/li>\n\n\n\n<li>Internal network segmentation, access control, or bandwidth management<\/li>\n\n\n\n<li>Initial high-throughput filtering of traffic in front of more sophisticated or specialized solutions (NGFW, WAF, etc.)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Common Features&nbsp;<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Packet filtering<\/li>\n\n\n\n<li>Stateful inspection<\/li>\n\n\n\n<li>Session filtering<\/li>\n\n\n\n<li>Proxy service<\/li>\n\n\n\n<li>Application layer filtering<\/li>\n\n\n\n<li>Source filtering<\/li>\n\n\n\n<li>Malware filtering<\/li>\n\n\n\n<li>Deep packet inspection<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Pros<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Very effective for a narrow set of tasks<\/li>\n\n\n\n<li>Fast processing and high data throughput<\/li>\n\n\n\n<li>Inexpensive or free to implement<\/li>\n\n\n\n<li>Quick to install and configure<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Cons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Doesn\u2019t block application or web-based (HTML) attacks<\/li>\n\n\n\n<li>No traffic inspection<\/li>\n\n\n\n<li>Typically limited capacity<\/li>\n\n\n\n<li>Can be fooled by manipulated headers<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"974\" src=\"https:\/\/assets.esecurityplanet.com\/uploads\/2024\/01\/Traditional-Firewalls-rnd2-1024x974.png\" alt=\"Traditional standalone, host-based, and operating system firewalls\" class=\"wp-image-33821\" srcset=\"https:\/\/assets.esecurityplanet.com\/uploads\/2024\/01\/Traditional-Firewalls-rnd2-1024x974.png 1024w, https:\/\/assets.esecurityplanet.com\/uploads\/2024\/01\/Traditional-Firewalls-rnd2-300x285.png 300w, https:\/\/assets.esecurityplanet.com\/uploads\/2024\/01\/Traditional-Firewalls-rnd2-768x730.png 768w, https:\/\/assets.esecurityplanet.com\/uploads\/2024\/01\/Traditional-Firewalls-rnd2-1536x1461.png 1536w, https:\/\/assets.esecurityplanet.com\/uploads\/2024\/01\/Traditional-Firewalls-rnd2.png 1800w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\">Traditional stand-alone, host-based, and operating system firewalls perform basic and simple data filtering.<\/figcaption><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"text-transform:none\"><span class=\"ez-toc-section\" id=\"Unified-Threat-Management-UTM\"><\/span>Unified Threat Management (UTM)<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p><a href=\"https:\/\/www.esecurityplanet.com\/products\/unified-threat-management-vendors\/\">Unified threat management (UTM)<\/a> appliances provide a robust security stack in a turn-key appliance that simply plugs into the network. The typical UTM expands upon the basic traditional firewall capabilities to perform additional scanning that incorporates the capabilities of <a href=\"https:\/\/www.esecurityplanet.com\/products\/antivirus-software\/\">antivirus<\/a>, <a href=\"https:\/\/www.esecurityplanet.com\/products\/intrusion-detection-and-prevention-systems\/\">intrusion detection systems<\/a>, <a href=\"https:\/\/www.esecurityplanet.com\/products\/secure-web-gateway-vendors\/\">secure web gateways<\/a> (SWGs), <a href=\"https:\/\/www.esecurityplanet.com\/networks\/what-is-dns-security\/\">domain name service<\/a> (DNS) security, and <a href=\"https:\/\/www.esecurityplanet.com\/products\/best-secure-email-gateways\/\">email gateway<\/a> security.<\/p>\n\n\n\n<p>UTMs target small and medium-sized organizations that want to save money with a combined security solution. This solution also works for any-sized organization that wouldn\u2019t have the resources to fine-tune security options for their organization.<\/p>\n\n\n\n<p>All UTMs inspect the unencrypted components of the incoming and outgoing packet headers for malware, malicious attachments, and known-malicious or suspected <a href=\"https:\/\/www.esecurityplanet.com\/threats\/email-spoofing\/\">phishing<\/a> sites (IP addresses, URLs, etc.) and perform some basic application-layer protections. Some UTMs can sometimes perform deep-packet scanning but will lack the full-powered scanning available in NGFW because resources will be shared with the non-firewall features of the appliance.<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>Protection Level<\/th><th>Operations Throughput<\/th><th>Vendors<\/th><th>Open-Source Options<\/th><\/tr><\/thead><tbody><tr><td>Medium<\/td><td>Low: Many inspections are performed<\/td><td>Fortinet, SonicWALL, Juniper Networks, Check Point Software, WatchGuard, and Sophos<\/td><td>Endian, Untangle<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Use Cases<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Small and medium-sized organizations or branch offices<\/li>\n\n\n\n<li>Organizations with limited IT resources<\/li>\n\n\n\n<li>Moderate risk facilities (industrial facilities, cruise ships, etc.)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Common Features (Firewall only)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Packet filtering<\/li>\n\n\n\n<li>Stateful inspection<\/li>\n\n\n\n<li>Session filtering<\/li>\n\n\n\n<li>Proxy service<\/li>\n\n\n\n<li>Application layer filtering*<\/li>\n\n\n\n<li>Source filtering<\/li>\n\n\n\n<li>Malware filtering<\/li>\n\n\n\n<li>Deep packet inspection*<\/li>\n<\/ul>\n\n\n\n<p>*Some features may be present but limited in capability compared to more robust solutions (NGFW, WAF, etc.).<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Pros<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Includes a variety of security features in a single deployment<\/li>\n\n\n\n<li>Centralized management console<\/li>\n\n\n\n<li>Makes installation and management easier for IT teams<\/li>\n\n\n\n<li>Inexpensive compared to deploying individual solutions for each function<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Cons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Expanded capabilities often require more frequent updates, especially for antivirus signatures and malicious URLs<\/li>\n\n\n\n<li>Tends to be less effective than dedicated solutions<\/li>\n\n\n\n<li>Slow data throughput compared to dedicated solutions or traditional firewalls<\/li>\n\n\n\n<li>Lacks customization options<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"text-transform:none\"><span class=\"ez-toc-section\" id=\"Next-Generation-Firewalls-NGFWs\"><\/span>Next-Generation Firewalls (NGFWs)<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p><a href=\"https:\/\/www.esecurityplanet.com\/products\/top-ngfw\/\">Next-generation firewalls<\/a> expand on the capabilities of traditional firewalls with more robust inspection of the contents of each data packet. This inspection includes examining the source and destination IP addresses to block malicious (malware, phishing, etc.) and unwanted connections (adult entertainment sites, unwanted geolocations, etc.).<\/p>\n\n\n\n<p>NGFWs perform some application level filtering of harmful applications using signature matching and SSL decryption. Next-gen firewall application filtering capabilities can even enable banning the use of specific applications, such as peer-to-peer (P2P) file-sharing applications, or partially restrict application use, such as allowing Skype calls but blocking Skype file sharing.<\/p>\n\n\n\n<p>Most firewalls currently sold provide at least simple packet inspection and URL filtering. Newer and more powerful NGFWs incorporate <a href=\"https:\/\/www.esecurityplanet.com\/networks\/ueba-protecting-your-network-when-other-security-systems-fail\/\">behavioral detection<\/a> and deploy artificial intelligence (AI) for anomaly detection and proactive defense.<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>Protection Level<\/th><th>Operations Throughput<\/th><th>Vendors<\/th><th>Open-Source Options<\/th><\/tr><\/thead><tbody><tr><td>Very high: deep packet inspection, decryption, malware filtering<\/td><td>Low: Advanced features take time to perform<\/td><td>Arista, Barracuda, Check Point Software, Cisco, Forcepoint, Fortinet, Huawei, Juniper Networks, Palo Alto Networks, SonicWall (Dell), Sophos<\/td><td>OPNsense Firewall, DynFi<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Use Cases<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Maximum protection in a firewall solution for the broadest needs<\/li>\n\n\n\n<li>Extensive protection to satisfy PCI or HIPAA <a href=\"https:\/\/www.esecurityplanet.com\/networks\/security-compliance\/\">compliance<\/a><\/li>\n\n\n\n<li>Performance insensitive environments little affected by reduced data flow<\/li>\n\n\n\n<li>Enterprise, government, and education campus environments with robust IT resources for installation, configuration, and maintenance<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Common Features&nbsp;<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Packet filtering<\/li>\n\n\n\n<li>Stateful inspection<\/li>\n\n\n\n<li>Session filtering<\/li>\n\n\n\n<li>Proxy service<\/li>\n\n\n\n<li>Application layer filtering<\/li>\n\n\n\n<li>Source filtering<\/li>\n\n\n\n<li>Malware filtering<\/li>\n\n\n\n<li>Deep packet inspection<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Pros<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>More thoroughly searches incoming data for malicious code<\/li>\n\n\n\n<li>More likely to meet compliance requirements<\/li>\n\n\n\n<li>Can directly block some malware and attacks (such as DDoS)<\/li>\n\n\n\n<li>Can inspect encrypted traffic<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Cons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>More expensive solution<\/li>\n\n\n\n<li>More limited data throughput can cause network performance issues<\/li>\n\n\n\n<li>More features mean more options, which increases installation time, configuration requirements, and misconfiguration risk<\/li>\n\n\n\n<li>More maintenance and updates will be required<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"895\" src=\"https:\/\/assets.esecurityplanet.com\/uploads\/2024\/01\/Packet-Inspection-Firewalls-rnd2-1-1024x895.png\" alt=\"UTM, NGFW, or FWaaS perform deep packet inspection.\" class=\"wp-image-33824\" srcset=\"https:\/\/assets.esecurityplanet.com\/uploads\/2024\/01\/Packet-Inspection-Firewalls-rnd2-1-1024x895.png 1024w, https:\/\/assets.esecurityplanet.com\/uploads\/2024\/01\/Packet-Inspection-Firewalls-rnd2-1-300x262.png 300w, https:\/\/assets.esecurityplanet.com\/uploads\/2024\/01\/Packet-Inspection-Firewalls-rnd2-1-768x672.png 768w, https:\/\/assets.esecurityplanet.com\/uploads\/2024\/01\/Packet-Inspection-Firewalls-rnd2-1-1536x1343.png 1536w, https:\/\/assets.esecurityplanet.com\/uploads\/2024\/01\/Packet-Inspection-Firewalls-rnd2-1.png 1800w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\">Deep packet inspection firewall solutions (UTM, NGFW, FWaaS) filter application layer threats.<\/figcaption><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"text-transform:none\"><span class=\"ez-toc-section\" id=\"Web-Application-Firewalls-WAF\"><\/span>Web Application Firewalls (WAF)<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>A <a href=\"https:\/\/www.esecurityplanet.com\/products\/top-web-application-firewall-waf-vendors\/\">web application firewall<\/a> (WAF) provides an application-layer proxy between an application and the application\u2019s users to filter potentially malicious traffic. These firewalls provide improved operational performance by focusing on specialized defense such as filtering out <a href=\"https:\/\/www.esecurityplanet.com\/threats\/how-to-prevent-sql-injection-attacks\/\">deliberately malformed<\/a> or <a href=\"https:\/\/www.esecurityplanet.com\/endpoint\/prevent-xss-attacks\/\">malicious requests<\/a>.<\/p>\n\n\n\n<p>Installing a WAF allows for NGFW at the edge of the network to skip application layer inspections and focus on more basic scanning tasks to improve data flow to the application server. The proxy architecture shields the application from malicious activity such as port scans, attempts to determine the software running on the application server (or container information), and <a href=\"https:\/\/www.esecurityplanet.com\/endpoint\/prevent-xss-attacks\/\">cross-site scripting<\/a> (XSS).<\/p>\n\n\n\n<p>In addition to application layer filtering, many WAFs now provide protection for application programming interfaces (APIs), bot detection, and microservices. More advanced WAFs boost performance using AI and ML for anomaly detection and autonomous threat blocking.<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>Protection Level<\/th><th>Operations Throughput<\/th><th>Vendors<\/th><th>Open-Source Options<\/th><\/tr><\/thead><tbody><tr><td>High, but specialized; usually ignores basic firewall functions<\/td><td>Medium; application packet inspection takes time, but specialized filtering reduces operations drag<\/td><td>Akamai, Barracuda, Citrix, Cloudflare, F5 Networks, Fastly, Fortinet, Imperva, Netscaler, Radware, Wallarm<\/td><td>Coraza, ModSecurity, open-appsec, Shadow Daemen<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Use Cases<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Extra and specialized defense for application servers and applications<\/li>\n\n\n\n<li>Specialized high-performance firewall to remove burden and slowdown from other firewalls<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Common Features&nbsp;<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Proxy service<\/li>\n\n\n\n<li>Application layer filtering<\/li>\n\n\n\n<li>Source filtering<\/li>\n\n\n\n<li>Malware filtering<\/li>\n\n\n\n<li>Deep packet inspection*<\/li>\n<\/ul>\n\n\n\n<p>Deep packet inspection will typically be focused on application attack prevention (XSS, DDoS, SQLi, etc.) and pay less attention to blocking malware to improve performance.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Pros<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Adds an extra layer of protection between the application and potentially malicious code<\/li>\n\n\n\n<li>Specialized inspection of HTTP\/HTTPS traffic to defend against code-based attacks such as SQL injection (SQLi) or cross-site scripting (XSS)<\/li>\n\n\n\n<li>Specialized packet inspection improves ease of use and reduces operations drag<\/li>\n\n\n\n<li>Specialized focus also decreases installation and configuration mistakes<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Cons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Only cost effective for organizations with higher risks, budgets, and resources<\/li>\n\n\n\n<li>Doesn\u2019t provide full security for all applications<\/li>\n\n\n\n<li>May slow the performance of some applications<\/li>\n\n\n\n<li>Doesn\u2019t provide a full spectrum of security and should only be part of a security stack<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"text-transform:none\"><span class=\"ez-toc-section\" id=\"Database-Firewalls\"><\/span>Database Firewalls<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Database firewalls are a subset of web application firewalls that protect databases. They are installed directly in front of the database server or occasionally in front of the network gateway when protecting multiple databases running on multiple servers.<\/p>\n\n\n\n<p>Database firewalls detect and prevent specific database attacks, such as <a href=\"https:\/\/www.esecurityplanet.com\/threats\/how-to-prevent-sql-injection-attacks\/\">SQL injection<\/a> (SQLi), that can lead to attackers accessing confidential information stored on the databases. Installing a database firewall allows a security team to skip inspections for database attacks at NGWF and application servers earlier in the data flow to improve data throughput and performance overall.<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>Protection Level<\/th><th>Operations Throughput<\/th><th>Vendors<\/th><th>Open-Source Options<\/th><\/tr><\/thead><tbody><tr><td>High, but specialized; usually ignores basic firewall functions<\/td><td>High; application packet inspection takes time, but highly specialized filtering reduces operations drag compared to NGFW or WAF<\/td><td>DataSunrise, Fortinet, Imperva, Oracle<\/td><td>DBHawk, GreenSQL<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Use Cases<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Extra and specialized defense for databases and database servers<\/li>\n\n\n\n<li>Extra compliance reporting regarding database access and usage<\/li>\n\n\n\n<li>Specialized high-performance firewall to remove burden and slowdown from other firewalls<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Common Features&nbsp;<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Proxy service<\/li>\n\n\n\n<li>Application layer filtering<\/li>\n\n\n\n<li>Source filtering<\/li>\n\n\n\n<li>Malware filtering<\/li>\n\n\n\n<li>Deep packet inspection*<\/li>\n<\/ul>\n\n\n\n<p>Deep packet inspection will focus on database attack prevention (SQLi, etc.) and pay less attention to blocking other types of attacks to improve performance.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Pros<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Specialized inspection of HTTP\/HTTPS traffic to defend against code-based attacks such as SQL injection (SQLi)<\/li>\n\n\n\n<li>Security focus improves ease of use and decreases installation or configuration mistakes<\/li>\n\n\n\n<li>Can double as a monitoring and auditing tool for database access<\/li>\n\n\n\n<li>Can produce reports regarding database access for compliance and regulatory purposes<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Cons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Only cost-effective for organizations with higher risks, budgets, and resources<\/li>\n\n\n\n<li>Doesn\u2019t provide a full spectrum of security and should only be part of a security stack<\/li>\n\n\n\n<li>Decreases performance for database access<\/li>\n\n\n\n<li>Hyper-specialized protection may require specialized resources, such as database experts, to help with the integration and configuration<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"text-transform:none\"><span class=\"ez-toc-section\" id=\"Cloud-Based-Firewalls\"><\/span>Cloud-Based Firewalls<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>A cloud-based firewall can be purchased in the marketplace for cloud providers (Azure, AWS, Google Cloud, etc.) to protect cloud resources behind the firewall. An ambitious organization could technically configure their entire network infrastructure to run behind a cloud-scalable firewall, assuming that no control of the underlying hardware is acceptable.<\/p>\n\n\n\n<p>Many popular firewall vendors (Fortigate, Fortinet, Juniper, Palo Alto, Sophos, etc.) offer cloud-optimized VM solutions in a cloud marketplace preconfigured for that specific cloud (Azure, AWS, etc.). Some cloud providers will also make their own branded firewalls available (Azure, IBM, etc.).<\/p>\n\n\n\n<p>Cloud-based firewalls may be specialized firewalls (Ex: WAF, Container) or may be fully functional NGFWs. Unlike FWaaS, covered below, a cloud-based firewall will require internal IT resources to install, configure, maintain, and monitor the firewall.<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>Protection Level<\/th><th>Operations Throughput<\/th><th>Vendors<\/th><th>Open-Source Options<\/th><\/tr><\/thead><tbody><tr><td>Variable: A full range from basic to NGFW can be implemented<\/td><td>Variable: Fully dependent upon the features selected and level of packet inspection<\/td><td>Arista, AWS, Fortigate, Fortinet, Juniper, Microsoft, Palo Alto, Sophos<\/td><td>OPNsense*<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>*Note: Open-source resources obtained as cloud-firewalls won\u2019t generally be free deployments. At the very least, the cloud provider will charge fees for the VM (CPU, memory, etc.).<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Use Cases<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Specialized layer of defense for cloud resources<\/li>\n\n\n\n<li>Centralized firewall for an entire enterprise<\/li>\n\n\n\n<li>Highly variable needs benefit from the scalability of cloud resources<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Common Features<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Packet filtering<\/li>\n\n\n\n<li>Stateful inspection<\/li>\n\n\n\n<li>Session filtering<\/li>\n\n\n\n<li>Proxy service<\/li>\n\n\n\n<li>Application layer filtering<\/li>\n\n\n\n<li>Source filtering<\/li>\n\n\n\n<li>Malware filtering<\/li>\n\n\n\n<li>Deep packet inspection<\/li>\n<\/ul>\n\n\n\n<p>Note: Not all features will be available with all cloud-based firewall products.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Pros<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>More scalable (up and down) than on-premises options<\/li>\n\n\n\n<li>Less expensive than an on-premises option licensed for peak use requirements<\/li>\n\n\n\n<li>Often pre-configured for cloud-specific deployment<\/li>\n\n\n\n<li>No maintenance and upgrade requirements for the underlying hardware<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Cons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>No control of the underlying hardware<\/li>\n\n\n\n<li>More expensive than on-premises equipment scaled for baseline requirements<\/li>\n\n\n\n<li>Cloud-vendor-optimized deployments may not be multi-cloud compatible<\/li>\n\n\n\n<li>Cloud-deployed firewalls may require cloud experts to ensure proper implementation and configuration of the deployment<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"text-transform:none\"><span class=\"ez-toc-section\" id=\"Container-Firewalls\"><\/span>Container Firewalls<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>A container firewall protects and isolates <a href=\"https:\/\/www.esecurityplanet.com\/products\/container-and-kubernetes-security-vendors\/\">containerized application<\/a> stacks, workloads, and services on a container host. Container firewalls deliver traditional firewall capabilities and filter traffic in, out, and within the container environment.<\/p>\n\n\n\n<p>This specialized security improves operational throughput and creates highly isolated containers with limited exposure (and access) to external networks or other non-containerized applications. The lightweight design of a container firewall integrates tightly with container engines (Docker, etc.) and orchestration tools (Kubernetes, OpenShift, etc.).<\/p>\n\n\n\n<p>As with other container resources, container firewalls can be easily scaled, deployed, and removed from service using code. Container firewalls can also be integrated with developer operations (DevOp) tools and processes to keep up with agile requirements.<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>Protection Level<\/th><th>Operations Throughput<\/th><th>Vendors<\/th><th>Open-Source Options<\/th><\/tr><\/thead><tbody><tr><td>High, but specialized; relies upon other firewalls and tools for full protection<\/td><td>High; tightly defined allow lists and focused packet inspections keep throughput high<\/td><td>Juniper Networks, Palo Alto Networks<\/td><td>SUSE (NeuVector), Tigera (Calico)<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Use Cases<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Extra and specialized defense for containers<\/li>\n\n\n\n<li>Specialized high-performance firewall to remove burden and slowdown from other firewalls<\/li>\n\n\n\n<li>Deploy on demand and in tandem to protect containerized microservices<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Common Features<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Application layer filtering<\/li>\n\n\n\n<li>Source filtering<\/li>\n\n\n\n<li>Malware filtering<\/li>\n\n\n\n<li>Deep packet inspection<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Pros<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Centralized configuration or configuration through DevOps<\/li>\n\n\n\n<li>Can be deployed by code<\/li>\n\n\n\n<li>Provides visibility and control over containers<\/li>\n\n\n\n<li>Container deployment provides rapid scalability and on-demand installation<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Cons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Only cost-effective for organizations with higher risks, budgets, and resources<\/li>\n\n\n\n<li>Doesn\u2019t provide a full spectrum of security and should only be part of a security stack<\/li>\n\n\n\n<li>Code deployment without security oversight risks deployment of obsolete firewalls that no longer provide good security<\/li>\n\n\n\n<li>Specialized container deployments will require specialized (and more expensive) container expertise for configuration and integration<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"970\" src=\"https:\/\/assets.esecurityplanet.com\/uploads\/2024\/01\/App-Layer-Firewalls-rnd2-1024x970.png\" alt=\"Specialist application layer firewalls protect applications (WAF), databases, and containers.\" class=\"wp-image-33825\" srcset=\"https:\/\/assets.esecurityplanet.com\/uploads\/2024\/01\/App-Layer-Firewalls-rnd2-1024x970.png 1024w, https:\/\/assets.esecurityplanet.com\/uploads\/2024\/01\/App-Layer-Firewalls-rnd2-300x284.png 300w, https:\/\/assets.esecurityplanet.com\/uploads\/2024\/01\/App-Layer-Firewalls-rnd2-768x727.png 768w, https:\/\/assets.esecurityplanet.com\/uploads\/2024\/01\/App-Layer-Firewalls-rnd2-1536x1455.png 1536w, https:\/\/assets.esecurityplanet.com\/uploads\/2024\/01\/App-Layer-Firewalls-rnd2.png 1800w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\">Specialty app-layer firewalls improve protection and reduce data flow slowdown for applications, databases, and containers.<\/figcaption><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"text-transform:none\"><span class=\"ez-toc-section\" id=\"Firewall-as-a-Service\"><\/span>Firewall-as-a-Service<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p><a href=\"https:\/\/www.esecurityplanet.com\/cloud\/firewalls-as-a-service-fwaas\/\">Firewall-as-a-Service (FWaaS)<\/a> provides NGFW capabilities as a fully-outsourced service. FWaaS can be considered a specialized sub-category of NGFW or cloud-based firewalls in which most configuration and maintenance are outsourced to the SaaS provider.<\/p>\n\n\n\n<p>FWaaS professionals completely specialize in firewall management, and this focus provides superior maintenance and threat updates. Zero-day attacks detected for one customer become information shared for all customers and improve security accordingly.<\/p>\n\n\n\n<p>Deployment requires configuring corporate routers to divert traffic to the cloud-based firewall, while mobile users either connect to it via a VPN or by using it as a proxy. This process enables rapid deployment for geographically dispersed organizations or can be used during the replacement of legacy technology from corporate acquisitions.<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>Protection Level<\/th><th>Operations Throughput<\/th><th>Vendors<\/th><th class=\"has-text-align-center\" data-align=\"center\">Open-Source Options<\/th><\/tr><\/thead><tbody><tr><td>High; robust NGFW capabilities delivered at scale and with expansive geographic presence<\/td><td>Medium; scalable cloud resources provide power, but FWaaS cannot be optimized and customized to the same level as fully controlled firewall architecture&nbsp;<\/td><td>AppTrana (WAF specialist), Cisco, Forcepoint, Fortinet, NordLayer, Perimeter 81 (Check Point), SecurityHQ, Zscaler<\/td><td class=\"has-text-align-center\" data-align=\"center\">n\/a<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Use Cases<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Centralized management for geographically dispersed offices<\/li>\n\n\n\n<li>More robust security for IT resource-constrained organizations<\/li>\n\n\n\n<li>Turnkey firewall capabilities for rapid startup or replacement of legacy systems<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Common Features&nbsp;<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Packet filtering<\/li>\n\n\n\n<li>Stateful inspection<\/li>\n\n\n\n<li>Session filtering<\/li>\n\n\n\n<li>Proxy service<\/li>\n\n\n\n<li>Application layer filtering<\/li>\n\n\n\n<li>Source filtering<\/li>\n\n\n\n<li>Malware filtering<\/li>\n\n\n\n<li>Deep packet inspection<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Pros<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Cloud-hosted firewalls provide more flexible and scalable solutions with improved uptime compared to on-premises options<\/li>\n\n\n\n<li>Simple and easy deployment without any maintenance requirement<\/li>\n\n\n\n<li>Unified security applied consistently across the organization<\/li>\n\n\n\n<li>More rapid identification and updates for attack threats<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Cons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Service provider probably doesn\u2019t know the specific security needs of its customers<\/li>\n\n\n\n<li>May have fewer options than more established hardware and software firewall solutions<\/li>\n\n\n\n<li>Loss of control and potential to expose internal information to third parties (through packet inspection, etc.)<\/li>\n\n\n\n<li>Doesn\u2019t replace the need for device (OS, router) and narrow-solution firewalls (database, container)<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"text-transform:none\"><span class=\"ez-toc-section\" id=\"Firewall-Services-as-Alternatives-to-Firewall-Purchases\"><\/span>Firewall Services as Alternatives to Firewall Purchases<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>All of the types of firewalls above can be purchased or installed. However, some companies may be too small, lack IT staff, or simply want to avoid the hassles of configuring and managing their own firewalls.<\/p>\n\n\n\n<p>FWaaS provides one option for fully-outsourced firewalls in the lowest common denominator form. However, this won\u2019t always be the best fit for organizations with resource constraints or secrecy or compliance requirements that don\u2019t allow for data to pass through third-party providers.<\/p>\n\n\n\n<p>Organizations with these additional constraints can hire <a href=\"https:\/\/www.esecurityplanet.com\/networks\/what-is-managed-service-provider\/\">managed service providers<\/a> (MSPs), <a href=\"https:\/\/www.esecurityplanet.com\/networks\/what-is-a-managed-security-service-provider\/\">managed security service providers<\/a> (MSSPs), and other cybersecurity consultants to purchase, install, configure, monitor, and maintain a diverse array of firewalls.<\/p>\n\n\n\n<p>In addition to addressing resource constraints, adopting a service (including FWaaS) eliminates capital expenditure (CapEx) costs in favor of operating expenses (OpEx). Although the overall cost of the OpEx expense may eventually exceed the costs of a CapEx firewall acquisition, services provide more flexibility and scalability to right-size the expenditure to match changing needs.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"text-transform:none\"><span class=\"ez-toc-section\" id=\"9-Questions-to-Ask-to-Find-the-Right-Firewall-Solutions\"><\/span>9 Questions to Ask to Find the Right Firewall Solutions<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>To determine the appropriate firewall solution, first understand and define the needs. These needs must incorporate not only the security requirements but also the operations requirements, risk profiles, and resource constraints.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>What kind of resources are being protected?<\/li>\n\n\n\n<li>Which features may already be handled by other solutions?<\/li>\n\n\n\n<li>What kind of traffic will the firewall face, and how critical is packet throughput?<\/li>\n\n\n\n<li>How many resources are being protected?<\/li>\n\n\n\n<li>What is the network architecture?<\/li>\n\n\n\n<li>How costly is the risk of failure?<\/li>\n\n\n\n<li>Are there compliance or secrecy risks?<\/li>\n\n\n\n<li>How many resources are available for firewall management?<\/li>\n\n\n\n<li>What is the realistic budget?<\/li>\n<\/ul>\n\n\n\n<p>Each of these questions contributes to determining the type of features needed and the type of resources available to implement and manage those features. Gaps between needs and risks and resources can sometimes be filled with services, but sometimes will be required to be satisfied by compromise and accepted risk.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"text-transform:none\"><span class=\"ez-toc-section\" id=\"Bottom-Line-Choose-the-Right-Firewall-Solution-As-Part-of-a-Bigger-Security-Picture\"><\/span>Bottom Line: Choose the Right Firewall Solution As Part of a Bigger Security Picture<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Not all businesses will need the same types of firewalls. Small businesses and those without a dedicated security team may gain more benefits from a FWaaS or traditional firewall than large enterprises with the budgets and resources to support NGFWs. The \u201cbest\u201d firewall really depends on how a network is set up, the personnel available, and the needed features.<\/p>\n\n\n\n<p>Of course, deploying the selected firewall only starts the process. The firewall must be properly installed, <a href=\"https:\/\/www.esecurityplanet.com\/networks\/fine-tuning-firewall-rules-best-practices\/\">configured<\/a>, and integrated into the broader <a href=\"https:\/\/www.esecurityplanet.com\/networks\/network-security\/\">network security<\/a> stack as part of the strategy for layers of security.<\/p>\n\n\n<div id=\"ta-campaign-widget-66d6d03745ff0-popup-wrapper\" class=\"ta-campaign-widget__popup-wrapper\">\n    \n<div\n    style=\"\n        --ta-campaign-plugin-primary: #3545ed;\n        --ta-campaign-plugin-button-text: #fff;\n        --ta-campaign-plugin-button-hover-background: #3231b4;\n        --ta-campaign-plugin-button-hover-text: #fff;\n        --ta-campaign-plugin-button-toggle-background: #3231b4;\n        --ta-campaign-plugin-button-toggle-text: #3231B4;\n    \"\n    data-ajax-url=\"https:\/\/www.esecurityplanet.com\/wp\/wp-admin\/admin-ajax.php\">\n    <div\n        id=\"ta-campaign-widget-66d6d03745ff0\"\n        class=\"ta-campaign-widget ta-campaign-widget--popup\"\n        data-campaign-fields='{\"properties\":{\"campaign_type\":\"popup\",\"campaign_category\":false,\"sailthru_list\":[\"cybersecurity-insider\"],\"popup_type\":\"exit_intent\",\"appearance\":{\"colors\":{\"primary_color\":\"#3545ed\",\"button\":{\"button_text_color\":\"#fff\",\"hover\":{\"button_hover_background_color\":\"#3231b4\",\"button_hover_text_color\":\"#fff\"},\"toggle\":{\"button_toggle_background_color\":\"#3231b4\",\"button_toggle_text_color\":\"#3231B4\"}}},\"custom_scss\":\"\"},\"behavior\":{\"opt_in_enabled\":true},\"language\":{\"tagline\":\"Get the Free Cybersecurity Newsletter\",\"subtagline\":\"\",\"content\":\"Strengthen your organization&#39;s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday\",\"email_placeholder\":\"Work Email Address\",\"opt_in\":\"By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at any time.\",\"subscribe_button\":\"Subscribe\"}},\"identifier\":\"66d6d03745ff0\",\"campaign_id\":26045,\"campaign_type\":\"popup\",\"popup_type\":\"exit_intent\",\"newsletters\":[\"cybersecurity-insider\"],\"behavior\":{\"opt_in_enabled\":true},\"appearance\":{\"colors\":{\"primary\":\"#3545ed\",\"button\":{\"text\":\"#fff\",\"hover\":{\"background\":\"#3231b4\",\"text\":\"#fff\"},\"toggle\":{\"background\":\"#3231b4\",\"text\":\"#3231B4\"}}},\"custom_css\":\"\"},\"language\":{\"tagline\":\"Get the Free Cybersecurity Newsletter\",\"subtagline\":\"\",\"content\":\"Strengthen your organization&#39;s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday\",\"email_placeholder\":\"Work Email Address\",\"opt_in\":\"By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at any time.\",\"subscribe_button\":\"Subscribe\"}}'>\n\n                <div class=\"ta-campaign-widget__exit\">\n            <svg class=\"w-8\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.5\" viewBox=\"0 0 24 24\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" aria-hidden=\"true\">\n                <path stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M6 18L18 6M6 6l12 12\"><\/path>\n            <\/svg>\n        <\/div>\n        \n        <div class=\"ta-campaign-widget__wrapper\">\n            <div class=\"ta-campaign-widget__header mb-6\">\n                                <h3 class=\"ta-campaign-widget__tagline\">\n                    Get the Free Cybersecurity Newsletter                <\/h3>\n                \n                \n                                <p class=\"ta-campaign-widget__content mt-6\">\n                    Strengthen your organization's IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday                <\/p>\n                            <\/div>\n\n            <form class=\"ta-campaign-widget__form\">\n                <div class=\"ta-campaign-widget__input mb-4\"  data-field=\"email\">\n                    <label\n                        class=\"sr-only\"\n                        for=\"email-66d6d03745ff0\">\n                        Email Address\n                    <\/label>\n                    <input\n                        class=\"ta-campaign-widget__input__text\"\n                        placeholder=\"Work Email Address\"\n                        id=\"email-66d6d03745ff0\"\n                        name=\"email\"\n                        type=\"email\">\n                <\/div>\n\n                                <div class=\"ta-campaign-widget__checkbox mb-4\" data-field=\"opt_in\">\n                    <div class=\"flex items-start\">\n                        <input\n                            id=\"opt-in-66d6d03745ff0\"\n                            class=\"ta-campaign-widget__checkbox__input mr-2\"\n                            name=\"opt-in\"\n                            type=\"checkbox\"\/>\n                        <label\n                            class=\"ta-campaign-widget__checkbox__label\"\n                            for=\"opt-in-66d6d03745ff0\">\n                            By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at any time.                        <\/label>\n                    <\/div>\n                <\/div>\n                \n                <button class=\"ta-campaign-widget__button\" type=\"submit\" >\n                    Subscribe                <\/button>\n            <\/form>\n        <\/div>\n    <\/div>\n<\/div>\n\n<style>\n<\/style><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Choosing the right type of firewall for your network is an essential part of a security strategy. Discover when to use each and how they operate.<\/p>\n","protected":false},"author":271,"featured_media":33362,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_gazelle_contributing_experts":"","footnotes":""},"categories":[14],"tags":[4113,30582,21378],"b2b_audience":[34],"b2b_industry":[],"b2b_product":[395,391,392],"class_list":["post-7737","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-networks","tag-next-generation-firewalls","tag-ngfw","tag-utm","b2b_audience-evaluation-and-selection","b2b_product-firewalls-and-intrusion-prevention-and-detection","b2b_product-security-appliances","b2b_product-web-security"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>8 Common Types of Firewalls Explained &amp; When to Use Each<\/title>\n<meta name=\"description\" content=\"Choosing the right type of firewall for your network is an essential part of a security strategy. Discover when to use each and how they operate.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.esecurityplanet.com\/networks\/types-of-firewalls\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"8 Common Types of Firewalls Explained &amp; When to Use Each\" \/>\n<meta property=\"og:description\" content=\"Choosing the right type of firewall for your network is an essential part of a security strategy. Discover when to use each and how they operate.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.esecurityplanet.com\/networks\/types-of-firewalls\/\" \/>\n<meta property=\"og:site_name\" content=\"eSecurity Planet\" \/>\n<meta property=\"article:published_time\" content=\"2024-01-04T18:20:31+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-05-25T17:46:42+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/assets.esecurityplanet.com\/uploads\/2024\/01\/esp_20240104-types-of-firewalls.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1400\" \/>\n\t<meta property=\"og:image:height\" content=\"900\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Chad Kime\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@eSecurityPlanet\" \/>\n<meta name=\"twitter:site\" content=\"@eSecurityPlanet\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Chad Kime\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"19 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/types-of-firewalls\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/types-of-firewalls\/\"},\"author\":{\"name\":\"Chad Kime\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/86e8ee2d3bc71af07dbe303d16f17dc9\"},\"headline\":\"8 Types of Firewalls Explained &amp; When to Use Each\",\"datePublished\":\"2024-01-04T18:20:31+00:00\",\"dateModified\":\"2024-05-25T17:46:42+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/types-of-firewalls\/\"},\"wordCount\":4013,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/types-of-firewalls\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2024\/01\/esp_20240104-types-of-firewalls.png\",\"keywords\":[\"next-generation firewalls\",\"ngfw\",\"UTM\"],\"articleSection\":[\"Networks\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.esecurityplanet.com\/networks\/types-of-firewalls\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/types-of-firewalls\/\",\"url\":\"https:\/\/www.esecurityplanet.com\/networks\/types-of-firewalls\/\",\"name\":\"8 Common Types of Firewalls Explained & When to Use Each\",\"isPartOf\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/types-of-firewalls\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/types-of-firewalls\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2024\/01\/esp_20240104-types-of-firewalls.png\",\"datePublished\":\"2024-01-04T18:20:31+00:00\",\"dateModified\":\"2024-05-25T17:46:42+00:00\",\"description\":\"Choosing the right type of firewall for your network is an essential part of a security strategy. Discover when to use each and how they operate.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/types-of-firewalls\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.esecurityplanet.com\/networks\/types-of-firewalls\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/types-of-firewalls\/#primaryimage\",\"url\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2024\/01\/esp_20240104-types-of-firewalls.png\",\"contentUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2024\/01\/esp_20240104-types-of-firewalls.png\",\"width\":1400,\"height\":900,\"caption\":\"Image: deepagopi2011\/Adobe Stock\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/types-of-firewalls\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.esecurityplanet.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"8 Types of Firewalls Explained &amp; When to Use Each\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#website\",\"url\":\"https:\/\/www.esecurityplanet.com\/\",\"name\":\"eSecurity Planet\",\"description\":\"Industry-leading guidance and analysis for how to keep your business secure.\",\"publisher\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.esecurityplanet.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#organization\",\"name\":\"eSecurityPlanet\",\"url\":\"https:\/\/www.esecurityplanet.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png\",\"contentUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png\",\"width\":1134,\"height\":375,\"caption\":\"eSecurityPlanet\"},\"image\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/eSecurityPlanet\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/86e8ee2d3bc71af07dbe303d16f17dc9\",\"name\":\"Chad Kime\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/08\/2023-Kime-HeadShot-150x150.jpg\",\"contentUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/08\/2023-Kime-HeadShot-150x150.jpg\",\"caption\":\"Chad Kime\"},\"description\":\"eSecurity Planet lead writer Chad Kime covers a variety of security, compliance, and risk topics. Before joining the site, Chad studied electrical engineering at UCLA, earned an MBA from USC, managed 200+ ediscovery cases, and helped market a number of IT and cybersecurity products, then transitioned into technical writing policies and penetration test reports for MSPs and MSSPs. In his free time, Chad enjoys walks on the beach with his wife, annoying his children, and trying to carve out time for movies, books, video games, and bike rides.\",\"url\":\"https:\/\/www.esecurityplanet.com\/author\/chad-kime\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"8 Common Types of Firewalls Explained & When to Use Each","description":"Choosing the right type of firewall for your network is an essential part of a security strategy. Discover when to use each and how they operate.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.esecurityplanet.com\/networks\/types-of-firewalls\/","og_locale":"en_US","og_type":"article","og_title":"8 Common Types of Firewalls Explained & When to Use Each","og_description":"Choosing the right type of firewall for your network is an essential part of a security strategy. Discover when to use each and how they operate.","og_url":"https:\/\/www.esecurityplanet.com\/networks\/types-of-firewalls\/","og_site_name":"eSecurity Planet","article_published_time":"2024-01-04T18:20:31+00:00","article_modified_time":"2024-05-25T17:46:42+00:00","og_image":[{"width":1400,"height":900,"url":"https:\/\/assets.esecurityplanet.com\/uploads\/2024\/01\/esp_20240104-types-of-firewalls.png","type":"image\/png"}],"author":"Chad Kime","twitter_card":"summary_large_image","twitter_creator":"@eSecurityPlanet","twitter_site":"@eSecurityPlanet","twitter_misc":{"Written by":"Chad Kime","Est. reading time":"19 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.esecurityplanet.com\/networks\/types-of-firewalls\/#article","isPartOf":{"@id":"https:\/\/www.esecurityplanet.com\/networks\/types-of-firewalls\/"},"author":{"name":"Chad Kime","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/86e8ee2d3bc71af07dbe303d16f17dc9"},"headline":"8 Types of Firewalls Explained &amp; When to Use Each","datePublished":"2024-01-04T18:20:31+00:00","dateModified":"2024-05-25T17:46:42+00:00","mainEntityOfPage":{"@id":"https:\/\/www.esecurityplanet.com\/networks\/types-of-firewalls\/"},"wordCount":4013,"commentCount":0,"publisher":{"@id":"https:\/\/www.esecurityplanet.com\/#organization"},"image":{"@id":"https:\/\/www.esecurityplanet.com\/networks\/types-of-firewalls\/#primaryimage"},"thumbnailUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2024\/01\/esp_20240104-types-of-firewalls.png","keywords":["next-generation firewalls","ngfw","UTM"],"articleSection":["Networks"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.esecurityplanet.com\/networks\/types-of-firewalls\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.esecurityplanet.com\/networks\/types-of-firewalls\/","url":"https:\/\/www.esecurityplanet.com\/networks\/types-of-firewalls\/","name":"8 Common Types of Firewalls Explained & When to Use Each","isPartOf":{"@id":"https:\/\/www.esecurityplanet.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.esecurityplanet.com\/networks\/types-of-firewalls\/#primaryimage"},"image":{"@id":"https:\/\/www.esecurityplanet.com\/networks\/types-of-firewalls\/#primaryimage"},"thumbnailUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2024\/01\/esp_20240104-types-of-firewalls.png","datePublished":"2024-01-04T18:20:31+00:00","dateModified":"2024-05-25T17:46:42+00:00","description":"Choosing the right type of firewall for your network is an essential part of a security strategy. Discover when to use each and how they operate.","breadcrumb":{"@id":"https:\/\/www.esecurityplanet.com\/networks\/types-of-firewalls\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.esecurityplanet.com\/networks\/types-of-firewalls\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esecurityplanet.com\/networks\/types-of-firewalls\/#primaryimage","url":"https:\/\/assets.esecurityplanet.com\/uploads\/2024\/01\/esp_20240104-types-of-firewalls.png","contentUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2024\/01\/esp_20240104-types-of-firewalls.png","width":1400,"height":900,"caption":"Image: deepagopi2011\/Adobe Stock"},{"@type":"BreadcrumbList","@id":"https:\/\/www.esecurityplanet.com\/networks\/types-of-firewalls\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.esecurityplanet.com\/"},{"@type":"ListItem","position":2,"name":"8 Types of Firewalls Explained &amp; When to Use Each"}]},{"@type":"WebSite","@id":"https:\/\/www.esecurityplanet.com\/#website","url":"https:\/\/www.esecurityplanet.com\/","name":"eSecurity Planet","description":"Industry-leading guidance and analysis for how to keep your business secure.","publisher":{"@id":"https:\/\/www.esecurityplanet.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.esecurityplanet.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.esecurityplanet.com\/#organization","name":"eSecurityPlanet","url":"https:\/\/www.esecurityplanet.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/","url":"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png","contentUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png","width":1134,"height":375,"caption":"eSecurityPlanet"},"image":{"@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/eSecurityPlanet"]},{"@type":"Person","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/86e8ee2d3bc71af07dbe303d16f17dc9","name":"Chad Kime","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/image\/","url":"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/08\/2023-Kime-HeadShot-150x150.jpg","contentUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/08\/2023-Kime-HeadShot-150x150.jpg","caption":"Chad Kime"},"description":"eSecurity Planet lead writer Chad Kime covers a variety of security, compliance, and risk topics. Before joining the site, Chad studied electrical engineering at UCLA, earned an MBA from USC, managed 200+ ediscovery cases, and helped market a number of IT and cybersecurity products, then transitioned into technical writing policies and penetration test reports for MSPs and MSSPs. In his free time, Chad enjoys walks on the beach with his wife, annoying his children, and trying to carve out time for movies, books, video games, and bike rides.","url":"https:\/\/www.esecurityplanet.com\/author\/chad-kime\/"}]}},"_links":{"self":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts\/7737"}],"collection":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/users\/271"}],"replies":[{"embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/comments?post=7737"}],"version-history":[{"count":6,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts\/7737\/revisions"}],"predecessor-version":[{"id":35487,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts\/7737\/revisions\/35487"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/media\/33362"}],"wp:attachment":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/media?parent=7737"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/categories?post=7737"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/tags?post=7737"},{"taxonomy":"b2b_audience","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/b2b_audience?post=7737"},{"taxonomy":"b2b_industry","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/b2b_industry?post=7737"},{"taxonomy":"b2b_product","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/b2b_product?post=7737"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}