[Dr. WoW] [No.1] What Are Firewalls?

Latest reply: Jun 12, 2018 07:07:43 5500 7 3 0

In September 2013, Huawei released its USG6600 Next Generation Firewall (NGFW) at the first Huawei Enterprise Networking Conference, marking the beginning of a new stage of development for Huawei’s firewalls.

Following this, in December 2013, Huawei’s NGFW made Huawei the only Chinese vendor mentioned in Forrester Research’s newest report on network segmentation gateways. This firewall’s comprehensive functional support and reliable quality guarantees have earned it an exceptionally high satisfaction rating of over 95%, as well as excellent reviews.

Thirteen years ago, in 2001, Huawei released its first plug-in firewall card. Time flies, and over these past 13 years, the Internet has developed at a speed that could not have been predicted. Huawei’s firewalls have weathered many storms during these formative years, all the while gradually maturing and growing, a process that continues today.

There are likely more readers familiar with network switches and routers than with firewalls. As a first line defense in cyber security, firewalls play an important role, and the time has come to learn a bit more about this faithful protector of cyber security.

My name is Dr. WoW. I’ve worked my way up through the ranks at Huawei, and today I’m a member of Huawei’s Firewall R&D team. In this chapter I’ll combine Huawei’s firewall and security products together to explain firewalls’ developmental history and their key technologies to everyone. I’ll also go over the implementation principles behind firewall’s security features, as well as the methods for their configuration. I hope that through my explanation, all of you network engineers will gain a firm understanding of firewalls.

I’ll begin with a discussion of the word "firewall". Walls had their beginnings as defensive structures, and since ancient times have given people a feeling of safety. A firewall is true to its name―firewalls prevent fires. The word was used originally in construction/architecture, and these original firewalls stopped fires from spreading from one area to another by isolating them.

As used in the telecommunications field, firewalls also came to embody this one feature: a firewall is a specific kind of network equipment generally used to separate two networks from one another. Of course, this kind of separation is highly ‘smart’; firewalls stop "fires" from spreading, but guarantee that "people" can still pass through. "Fire" here refers to various kinds of attacks on networks, while "people" refers to normal communication packets.

With this in mind, and to give a definition that suits firewalls’ position in the telecom world, a firewall is primarily used to protect a network from attacks and intrusion from other networks. Because of their abilities to isolate and protect, firewalls are flexibly positioned on network perimeters, used for subnet segmentation, and others. For example, they can be used on enterprise network egresses, or to segment internal subnets in large networks, or on data center perimeters, as shown in Figure 1-1.

Figure 1-1 Schematic of firewall deployment scenarios

[Dr. WoW] [No.1] What Are Firewalls?-1254281-1

From the above introduction we can see that firewalls, routers, and network switches are different from one another. Routers are used to connect different networks, and use routing protocols to guarantee interconnectedness and ensure that packets are sent to their intended destinations. Network switches are generally used to set up local area networks (LANs), and are important hubs for LAN communication, quickly forwarding packets through Layer-2/Layer-3 switching. Firewalls are primarily deployed to network perimeters, exert control over access into and out of the network, and their core feature is security protection. Routers and network switches are based in forwarding, while firewalls are based in control, as shown in Figure 1-2.

Figure 1-2 Comparison of firewalls, network switches, and routers

[Dr. WoW] [No.1] What Are Firewalls?-1254281-2

There is an ongoing trend of low and mid-end routers and firewalls being combined together. This is largely because the two are similar in form and functionality. Huawei has released a line of this kind of low and mid-end equipment (for example the USG2000/5000 firewall series) which possess both routing and security functions―these are truly "all in one" products.

Now that we’ve learned about the basic concepts behind firewalls, the next order of business is for me to take everyone down the road of firewalls’ evolution.

 

 

To view the list of all Dr. WoW technical posts, click here.

  • x
  • convention:

user_2790689
Created Mar 10, 2015 05:41:56 Helpful(0) Helpful(0)

Thank you for sharing.
  • x
  • convention:

x00151571
Created Mar 10, 2015 07:05:03 Helpful(0) Helpful(0)

Very good!
  • x
  • convention:

user_29397
Created Mar 10, 2015 08:55:43 Helpful(0) Helpful(0)

WoW is uncle qiang?
  • x
  • convention:

m84041126
Created Jun 29, 2015 05:45:33 Helpful(0) Helpful(0)

Thx for sharing

  • x
  • convention:

CefinityYY
Created May 31, 2017 04:15:15 Helpful(0) Helpful(0)

love your sharing very much... =)
  • x
  • convention:

WheatGrass
Created Jun 12, 2018 03:04:16 Helpful(0) Helpful(0)

Thanks for sharing :)
  • x
  • convention:

Mysterious.color
MVE Created Jun 12, 2018 07:07:43 Helpful(0) Helpful(0)

thank you for sharing knowledge
  • x
  • convention:

Core%20Engineer%2C%20Technical%20Department.%20High%20experience%20in%20Networking

Reply

Reply
You need to log in to reply to the post Login | Register

Notice Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Login and enjoy all the member benefits

Login and enjoy all the member benefits

Login