The three main functions of a firewall are:
1. Traffic Filtering
Purpose :
Control incoming and outgoing network traffic based on predefined security rules.
How It Works?
Inspects packets (data units) and allows or blocks them based on criteria such as:
- IP addresses (source and destination).
- Port numbers (e.g., HTTP port 80, HTTPS port 443).
- Protocols (e.g., TCP, UDP, ICMP).
Use Case :
Prevents unauthorized access and blocks malicious traffic.
2. Network Address Translation (NAT)
Purpose :
Hide internal IP addresses from external networks, enhancing security and privacy.
How It Works?
Translates private IP addresses (used within a local network) into a single public IP address (used on the internet).
- This allows multiple devices on a local network to share a single public IP address.
Use Case :
Protects internal networks from direct exposure to the internet, reducing the risk of attacks.
3. Stateful Inspection (Session Monitoring)
Purpose :
Track and monitor the state of active connections to ensure only legitimate traffic is allowed.
How It Works?
- Maintains a state table to keep track of ongoing communication sessions (e.g., TCP connections).
- Analyzes the context of traffic, such as whether a packet is part of an established connection or a new request.
Use Case : Prevents attacks like IP spoofing and ensures that only authorized traffic flows through the network.
Additional Functions (Modern Firewalls) :
While the above three are the core functions, modern firewalls often include advanced capabilities:
- Intrusion Detection and Prevention (IDPS) : Identify and block malicious activities.
- Application-Level Filtering : Inspect and control traffic based on specific applications (e.g., blocking social media sites).
- VPN Support : Enable secure remote access to the network.
- Logging and Reporting : Record traffic data for analysis and compliance purposes.
The three main functions of a firewall—traffic filtering, NAT, and stateful inspection—work together to provide a strong defense against unauthorized access and cyber threats, ensuring the security and integrity of a network.
