[Dr. WoW] [No.1] What Are Firewalls?

d90001995  Medium  (1)
4 years 10 months ago  View: 3292  Reply: 3

In September 2013, Huawei released its Next Generation Firewall (NGFW) at the first Huawei Enterprise Networking Conference, marking the beginning of a new stage of development for Huawei’s firewalls.

Following this, in December 2013, Huawei’s NGFW made Huawei the only Chinese vendor mentioned in Forrester Research’s newest report on network segmentation gateways. This firewall’s comprehensive functional support and reliable quality guarantees have earned it an exceptionally high satisfaction rating of over 95%, as well as excellent reviews.

Thirteen years ago, in 2001, Huawei released its first plug-in firewall card. Time flies, and over these past 13 years, the Internet has developed at a speed that could not have been predicted. Huawei’s firewalls have weathered many storms during these formative years, all the while gradually maturing and growing, a process that continues today.

There are likely more readers familiar with network switches and routers than with firewalls. As a first line defense in cyber security, firewalls play an important role, and the time has come to learn a bit more about this faithful protector of cyber security.

My name is Dr. WoW. I’ve worked my way up through the ranks at Huawei, and today I’m a member of Huawei’s Firewall R&D team. In this chapter I’ll combine Huawei’s firewall and security products together to explain firewalls’ developmental history and their key technologies to everyone. I’ll also go over the implementation principles behind firewall’s security features, as well as the methods for their configuration. I hope that through my explanation, all of you network engineers will gain a firm understanding of firewalls.

I’ll begin with a discussion of the word "firewall". Walls had their beginnings as defensive structures, and since ancient times have given people a feeling of safety. A firewall is true to its name—firewalls prevent fires. The word was used originally in construction/architecture, and these original firewalls stopped fires from spreading from one area to another by isolating them.

As used in the telecommunications field, firewalls also came to embody this one feature: a firewall is a specific kind of network equipment generally used to separate two networks from one another. Of course, this kind of separation is highly ‘smart’; firewalls stop "fires" from spreading, but guarantee that "people" can still pass through. "Fire" here refers to various kinds of attacks on networks, while "people" refers to normal communication packets.

With this in mind, and to give a definition that suits firewalls’ position in the telecom world, a firewall is primarily used to protect a network from attacks and intrusion from other networks. Because of their abilities to isolate and protect, firewalls are flexibly positioned on network perimeters, used for subnet segmentation, and others. For example, they can be used on enterprise network egresses, or to segment internal subnets in large networks, or on data center perimeters, as shown in Figure 1-1.

Figure 1-1 Schematic of firewall deployment scenarios


From the above introduction we can see that firewalls, routers, and network switches are different from one another. Routers are used to connect different networks, and use routing protocols to guarantee interconnectedness and ensure that packets are sent to their intended destinations. Network switches are generally used to set up local area networks (LANs), and are important hubs for LAN communication, quickly forwarding packets through second/third layer switching. Firewalls are primarily deployed to network perimeters, exert control over access into and out of the network, and their core feature is security protection. Routers and network switches are based in forwarding, while firewalls are based in control, as shown in Figure 1-2.

Figure 1-2 Comparison of firewalls, network switches, and routers


There is an ongoing trend of low and mid-end routers and firewalls being combined together. This is largely because the two are similar in form and functionality. Huawei has released a line of this kind of low and mid-end equipment which possess both routing and security functions—these are truly "all in one" products.

Now that we’ve learned about the basic concepts behind firewalls, the next order of business is for me to take everyone down the road of firewalls’ evolution.

This article contains more resources

You need to log in to download or view. No account?Register

网络小强  Silver 
4 years 10 months ago
Harihar_Shrestha  Senior 
4 years 10 months ago
Crystal clear overview of Modern networks and practical mind mapping , illustration of the Uses of Firewall. Really impressive..... Routers and network switches forward, while firewalls control...
user_2837311  Diamond 
1 year 6 months ago
useful document, thanks