Firewalls

A firewall is a layer 4 device, which essentially is a device that is used to protect the network from any attacks. The firewall basically inspects and filters packets based on predefined rules on the firewall. These rules might be of the following nature:

• Allow TCP outgoing connections only
• Rate limit TCP connection requests to a specific rate
• Block all TCP traffic on a specific port
• Block all UDP traffic on a specific port

Organizations generally use IP addresses that are not routable on the public internet. This prevents the users within the organization from accessing public internet resources, unless the source addresses in the packets is changed to a globally valid IP address. This is known as address translation, and is also a function that is performed by the firewalls. A firewall can also act like a Virtual Private Network (VPN) termination device, which helps the remote users to securely connect to the organization.

A new generation of firewalls provide additional information by providing context to the network traffic by integrating with other devices such as Active Directory servers, and correlating IP addresses seen on the network with the actual usernames. Some firewalls also provide deep packet inspection features and can look into the application layer information as well, providing advanced protection against threats. These firewalls with enhanced features and capabilities and the ability to correlate data across devices are called Next Generation Firewalls (NGFW).

A firewall is typically placed at the network edge to protect the network from any outside attacks or before critical servers to protect the servers from attacks from users. We will discuss the deployment of firewalls in Chapter 7, Understanding and Configuring Data Center Technologies.

A Cisco ASA firewall runs software that is different from the IOS, and is called the ASA OS.