9-1Contivity 221 VPN Switch User’s GuideChapter 9FirewallsThis chapter gives some background information on firewalls and introduces the Contivity 221firewall.9.1 Firewall OverviewOriginally, the term firewall referred to a construction technique designed to prevent the spread offire from one room to another. The networking term “firewall” is a system or group of systems thatenforces an access-control policy between two networks. It may also be defined as a mechanismused to protect a trusted network from an untrusted network. Of course, firewalls cannot solveevery security problem. A firewall is one of the mechanisms used to establish a network securityperimeter in support of a network security policy. It should never be the only mechanism or methodemployed. For a firewall to guard effectively, you must design and deploy it appropriately. Thisrequires integrating the firewall into a broad information-security policy. In addition, specificpolicies must be implemented within the firewall itself.9.2 Types of FirewallsThere are three main types of firewalls:1. Packet Filtering Firewalls2. Application-level Firewalls3. Stateful Inspection Firewalls9.2.1 Packet Filtering FirewallsPacket filtering firewalls restrict access based on the source/destination computer network addressof a packet and the type of application.9.2.2 Application-level FirewallsApplication-level firewalls restrict access by serving as proxies for external servers. Since they useprograms written for specific Internet services, such as HTTP, FTP and telnet, they can evaluatenetwork packets for valid application-specific data. Application-level firewalls have a number ofgeneral advantages over the default mode of permitting application traffic directly to internal hosts: