D03. What Are The Basic Types Of Firewalls - ZyXEL Communications ZyWALL 5 Support Notes

determine if an inbound connection is allowed through the firewall to the private LAN. The ZyWALL
supports Network Address Translation (NAT), which translates the private local addresses to one or
multiple public addresses. This adds a level of security since the clients on the private LAN are invisible
to the Internet.

D03. What are the basic types of firewalls?

Conceptually, there are three types of firewalls:
1. Packet Filtering Firewall
2. Application-level Firewall
3. Stateful Inspection Firewall
Packet Filtering Firewalls generally make their decisions based on the header information in individual
packets. This header information includes the source, destination addresses and ports of the packets.
Application-level Firewalls generally are hosts running proxy servers, which permit no traffic directly
between networks, and which perform logging and auditing of traffic passing through them. A proxy
server is an application gateway or circuit-level gateway that runs on top of general operating system such
as UNIX or Windows NT. It hides valuable data by requiring users to communicate with secure systems
by mean of a proxy. A key drawback of this device is performance.
Stateful Inspection Firewalls restrict access by screening data packets against defined access rules. They
make access control decisions based on IP address and protocol. They also 'inspect' the session data to
assure the integrity of the connection and to adapt to dynamic protocols. The flexible nature of Stateful
Inspection firewalls generally provides the best speed and transparency, however, they may lack the
granular application level access control or caching that some proxies support.
D04. What kind of firewall is the ZyWALL?
1. The ZyWALL's firewall inspects packets contents and IP headers. It is applicable to all protocols,
that understands data in the packet is intended for other layers, from network layer up to the
application layer.
2. The ZyWALL's firewall performs stateful inspection. It takes into account the state of connections
it handles so that, for example, a legitimate incoming packet can be matched with the outbound
request for that packet and allowed in. Conversely, an incoming packet masquerading as a
response to a nonexistent outbound request can be blocked.
3. The ZyWALL's firewall uses session filtering, i.e., smart rules, that enhance the filtering process
and control the network session rather than control individual packets in a session.
All contents copyright (c) 2006 ZyXEL Communications Corporation.
ZyWALL 5 Support Notes
263