Welcome to www.linknewnet.com.

New Promotion

Cisco Switch Catalyst 9500 Series C9500-40X-A
$6350 $5850
Cisco Catalyst 9300 Series Switch C9300-24T-A
$1750 $1250
Cisco MDS 9200 Series Switch DS-C9250I-K9
$1600 $1100
Cisco Catalyst 2960 Series Switch WS-C2960L-48PQ-LL
$800 $500
Cisco ASR 9001 Series Power Supply A9K-750W-AC
$600 $350

What is a firewall and what are its classifications? (with security configuration steps)
Apr 26 , 2024 943

A firewall is a network security device used to monitor, filter and control data traffic to and from a network to protect the internal network from unauthorized access, malicious attacks and cyber threats. It can set up rules to allow or block specific types of traffic to pass through, thus ensuring the security and privacy of the network

firewall configuration.png

Based on different criteria and features, firewalls can be categorized into various types such as network-layer firewalls, host-layer firewalls, cloud firewalls, application-layer firewalls, state-based firewalls, hardware firewalls, and software firewalls.

Network layer firewalls are deployed at the network boundary to filter traffic based on source address, destination address, ports and other network layer information, and are commonly used for enterprise boundary defense and network segmentation control. Host firewalls are mainly deployed on hosts or servers to protect the operating systems and applications of specific hosts or servers, and are commonly used for server protection and system security reinforcement. And cloud firewall is mainly designed for cloud computing environment to protect cloud resources from network attacks and data leakage, commonly used in cloud security control and cloud service provider security enhancement.

The classification described above is based on deployment location, while the classification based on technical implementation can be further divided into application layer firewalls and state-based firewalls. State-based firewalls are able to track the state of network connections and filter traffic based on the connection state, providing higher performance and security, and are commonly used for dynamic security policies and protection against advanced threats. Application-layer firewalls, on the other hand, can deeply inspect the application-layer content of network packets, identify and block attacks and malicious behaviors of specific application-layer protocols, and are commonly used on top of application-layer security control and data leakage prevention.

And based on the deployment method of classification can be divided into hardware firewalls and software firewalls. Hardware firewalls can be realized through dedicated hardware devices with high performance and reliability, and this classification is often used for network security protection in large enterprises and data centers. Software firewalls are usually installed on servers, routers or computer operating systems, and are suitable for network security protection in small and medium-sized enterprises.

So, we are in the process of using the firewall, how to configure its security? The following is the net degree communication engineer to Huawei firewall as an example, for you to organize the configuration tutorial, the need for friends to collect spare!

This configuration takes small and medium-sized enterprises as an example, and configures the firewall according to the following requirements:

1. Reasonable planning of the internal network, security area

2. Interconnection of intranet and extranet through security policy

3. Both intranet users and extranet users can access the company's servers.

Step 1: Configure the firewall port IP address

Firewall port configuration address:

[FW1]int g1/0/0

[FW1-GigabitEthernet1/0/0]ip ad 24

[FW1-GigabitEthernet1/0/0]int g1/0/1

[FW1-GigabitEthernet1/0/1]ip ad1. 24

[FW1-GigabitEthernet1/0/1]int g1/0/2

[FW1-GigabitEthernet1/0/2]ip ad 24

Step 2: According to the type of endpoints, the firewall interface reasonable planning security zone


[FW1]firewall zone trust                //Access to the trust area

[FW1-zone-trust]add interface g1/0/0      //Add interface G1/0/0 to the trust region

[FW1-zone-trust]firewall zone untrust     //Access to the untrust area

[FW1-zone-untrust]ad interface g1/0/1



[FW1]firewall zone dmz                   //Access to the DMZ area

[FW1-zone-dmz]ad interface g1/0/2

Step 3: Configure security policies as required


[FW1]security-policy          //Enter the security policy view

[FW1-policy-security]rule name vode    //Create a security rule named vode

[FW1-policy-security-rule-vode]source-zone trust     //Set the source security address of the security rule to trust

[FW1-policy-security-rule-vode]destination-zone untrust dmz   //Set the destination security address of the security rule to untrust and DMZ

[FW1-policy-security-rule-vode]source-address 24   //Set the security rule source network segment (the source and destination areas are set above. In fact, the network segment can be left out, but it is better to set it for insurance purposes

[FW1-policy-security-rule-vode]destination-address 24   //Setting the Rule Destination Segment

[FW1-policy-security-rule-vode]destination-address 24

[FW1-policy-security-rule-vode]action permit         //Set the action of the security rule to allow

Did you learn it? If you still need to know anything else about firewalls, or if you have firewall needs, please feel free to consult Linknewnet.

In conclusion, firewall, as an important network security device, provides various options for enterprises of different sizes and needs through a variety of categorization methods. When choosing and deploying firewalls, enterprises should consider different types of firewalls according to their own network architecture, security needs and budgets, and choose the products and solutions that best suit their situation in order to achieve the best network security protection.

Related Blogs