At their most basic, firewalls are access control devices. They block or allow communications passing between network segments. Today, however, network firewalls have evolved into multifunction devices with features such as encryption (VPN), authentication, IP address translation (NAT) and traffic rate limiting (also known as Quality of Service), to name just a few.
Standard firewall features include:
- Access control -- The base component of what makes a firewall a firewall.
- Network address translation (NAT) -- Converting internal IP addresses into Internet-routable addresses.
- Authentication -- Granting access only after users have proven their identity.
The ability to establish an encrypted virtual link between networks.
- Remote access VPN -- Allowing remote users to connect securely to internal network resources.
Emerging or non-ubiquitous firewall features can include features such as quality of service, intrusion prevention, SSL VPN, antivirus and Web filtering:
- Quality of Service (QoS) -- Network traffic prioritization.
- IPS -- Blocking of network- or application-specific attacks.
- SSL VPN -- A feature that allows remote access VPN via a user's Web browser.
- Antivirus -- Filtering viruses from downloaded files as they pass through the firewall.
- Web filtering -- Blocking access to offensive or non-business-related Web sites.
Many of these emerging features provide significant customer value, and they may become standard offerings in the future. However, using all the features at once can cause a significant performance hit and care should be taken when recommending them to customers.
This was first published in November 2007