[Dr.WoW] [No.2] Development of Firewalls

Latest reply: Sep 13, 2017 10:55:34 5441 2 1 1

In the last section I introduced the basics about firewalls. In this section I will talk with all of you about the past, present, and future of firewalls. I ask that everyone come along with me, Dr. WoW, on a trip through the developmental history of firewalls, after which we’ll climb into our time machine to catch a glimpse of their bright future.

Just as with mankind’s evolution, firewalls have transitioned from being simple ‘life forms’ (simple functionality) to advanced ‘life forms’ (complex functionality) over the course of their evolutionary history, as shown in Figure 1-1. During this process, the development and evolution of firewalls have been spurred forward by the fast development of network technology and continuous new demand.

Figure 1-1 Firewalls’ developmental history

[Dr.WoW] [No.2] Development of Firewalls-1259531-1


The earliest firewalls can be traced back to the end of the 1980s, meaning that firewalls have already been around for more than 20 years. Over these 20+ years, their developmental process can roughly be broken down into three stages.

Stage One: 1989?1994

The major events during this stage of firewalls’ development include:

  • 1989 saw the birth of packet filtering firewalls, which achieved simple control over access. We call these 1st generation firewalls
  • Following this came proxy firewalls, which act as application layer proxies for communication between internal and external networks―these are the 2nd generation firewalls. Proxy firewalls are fairly secure, but have slow processing speeds. Moreover, developing a corresponding proxy service for every application is very difficult to achieve, and therefore these can only provide proxy support for a small number of applications.
  • In 1994, the Checkpoint Company released the first firewall based in stateful inspection technology. Stateful inspection uses dynamic ***ysis of the state of a packet to determine the action it should take towards the packet, and does not require proxy services for every application. These firewalls also have fast processing times, and provide a high level of security. Stateful inspection firewalls have been called 3rd generation firewalls.

NOTE: CheckPoint is an Israeli security company, and released the first stateful inspection technology-based firewall intended for commercial use.

Stage Two: 1995?2004

The major events during this stage of firewalls’ development include:

  • Stateful inspection firewalls became mainstream. In addition to offering functions for controlling access, firewalls also began to incorporate other functions, such as virtual private networks (VPNs).
  • Meanwhile, specialized equipment also began to appear in embryonic form. One example of this was Web application firewall (WAF) equipment specially designed to protect the security of Web servers.
  • In 2004, the united threat management (UTM) theory was first introduced in the industry. This combined traditional firewalls, intrusion detection, anti-virus functions, URL filtering, application control, email filtering, and other functions into one firewall, thus achieving comprehensive security protection.

Stage Three: 2005?Present

The major events during this stage of firewalls’ development include:

  • After 2004, the UTM market developed quickly, and numerous UTM products sprung onto the scene. However, new problems also appeared. First among these was that the degree to which application layer information could be inspected was limited. For example, if a firewall allowed "men" to pass through, but refused to pass "women" through, should it allow an alien named Professor Du to pass through? Such scenarios require even more advanced inspection measures, and this has resulted in the wide use of deep packet inspection (DPI) technology. A second issue is that of performance: with multiple security functions operating at the same time, UTM equipment’s processing performance was significantly lower than other models.
  • In 2008, Palo Alto Networks released the Next-Generation Firewall (NGFW), which resolved these issues of performance degradation that occurred when multiple functions are running at the same time. NGFWs also allow for management/control of users, applications, and content.
  • In 2009, Gartner defined Next Generation Firewalls, clarifying the functions and features that such firewalls should possess. Following this, each security solutions company released its own NGFW, marking the beginning of a new era for firewalls.


Palo Alto Networks is an American security products vendor. It was the first to release the Next Generation Firewall, and is thus the trailbreaker for NGFWs.

Gartner is a renowned IT research & consulting company, and is the developer of the world famous Magic Quadrant. In 2013, Huawei became the first Chinese company to enter the Gartner firewall and UTM Magic Quadrant, ample evidence of Huawei’s abilities in developing security products.


Below are three of the main messages to be learned from firewalls’ developmental history:

  • The first is that firewalls have attained increasingly accurate control over access. The transition from simple access control in the earliest stages of firewall development, to session-based access control, and then again to NGFW’s user, application and content-based access control, has all been to bring about more effective and accurate control.
  • The second is that firewalls’ protective capabilities have grown ever stronger. In the initial stages of their development, the function of firewalls was to separate/segment. Intrusion detection functions were then gradually added, as were functions such as anti-virus capabilities, URL filtering, application control, and email filtering. Therefore, protective measures have increased, and the scope of firewalls’ protection has become broader.
  • Third is that firewall processing performance has become better with time. The explosion in network traffic has placed increasingly high demands on firewall performance. Vendors have continued to improve and optimize both the hardware and software framework of their firewalls, bringing about continued improvement in firewall processing performance.

NGFWs do not signal the ‘end of history’ for firewalls. Networks are changing all the time, and new technologies and demands will continue to arise. Therefore, it may not be many years before firewalls become even more advanced and smart, and even easier to manage and configure―this is something worth looking forward to.



To view the list of all Dr. WoW technical posts, click here.

  • x
  • convention:

Created Mar 13, 2015 07:42:22 Helpful(0) Helpful(0)

Thank you for sharing.
  • x
  • convention:

Created Sep 13, 2017 10:55:34 Helpful(0) Helpful(0)

Things are very open and intensely clear explanation of issues. was truly information. Your website is very beneficial.
gmail sign up |  gmail login | hotmail login
[Dr.WoW] [No.2] Development of Firewalls-2486777-1[Dr.WoW] [No.2] Development of Firewalls-2486777-2[Dr.WoW] [No.2] Development of Firewalls-2486777-3
  • x
  • convention:


You need to log in to reply to the post Login | Register

Notice Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Login and enjoy all the member benefits

Login and enjoy all the member benefits