Types of firewalls, Acl and packet filter firewalls, Types of firewalls -10 – Enterasys Networks Security Router X-PeditionTM User Manual

Firewall Feature Set Overview

16-10 Configuring Security on the XSR

Figure 16-10 XSR Firewall Topology

There are many possible network configurations for a firewall. The figure above shows a scenario
with the firewall connected to the trusted network (internal) and servers that can be accessed
externally (via the DMZ).

The XSR firewall feature set inspects packets coming in from open ports and either passes them on
to the router or drops them based on policies defined in the policy database which is configured
using the XSR’s CLI.

In this example, the firewall acts as a shield for traffic coming in and out of the external and DMZ
networks. The internal interface does not have nor does it need firewall inspection enabled
because it is a trusted network.

While this flexibility is useful, it emphasizes the fact that the shield is only as effective as the
intelligence of the policies. Functionally, the XSR’s policy database defines the configuration and
retains information about the sessions currently allowed through the firewall.

Types of Firewalls

Generally speaking, there are three types of firewalls: Access Control List (ACL) or Packet Filter,
Application Level Gateway (ALG) or Proxy, and Stateful Inspection. Each of these firewall types
operate at different layers of the TCP/IP network model, using different criteria to restrict traffic.

ACL and Packet Filter Firewalls

ACL and packet filter firewalls statically apply security policy to a packet’s contents according to
pre-configured rules you specify such as permitted or denied source and destination addresses

DMZ

Internal

HTTP server

Internet

Policy DB

Firewall
inspection
enabled

External

Client

Firewall
inspection
enabled

SMTP server

XSR

Router