ZyXEL Communications 650 Series User Manual
Prestige 650 series User’s Guide
Firewalls
10-1
Chapter 10
Firewalls
This chapter gives some background information on firewalls and introduces the Prestige firewall.
This chapter applies to the Prestige 650H/HW and the Prestige 650H-E.
10.1 Firewall Overview
Originally, the term firewall referred to a construction technique designed to prevent the spread of fire from
one room to another. The networking term “firewall” is a system or group of systems that enforces an access-
control policy between two networks. It may also be defined as a mechanism used to protect a trusted
network from an untrusted network. Of course, firewalls cannot solve every security problem. A firewall is
one of the mechanisms used to establish a network security perimeter in support of a network security policy.
It should never be the only mechanism or method employed. For a firewall to guard effectively, you must
design and deploy it appropriately. This requires integrating the firewall into a broad information-security
policy. In addition, specific policies must be implemented within the firewall itself.
one room to another. The networking term “firewall” is a system or group of systems that enforces an access-
control policy between two networks. It may also be defined as a mechanism used to protect a trusted
network from an untrusted network. Of course, firewalls cannot solve every security problem. A firewall is
one of the mechanisms used to establish a network security perimeter in support of a network security policy.
It should never be the only mechanism or method employed. For a firewall to guard effectively, you must
design and deploy it appropriately. This requires integrating the firewall into a broad information-security
policy. In addition, specific policies must be implemented within the firewall itself.
10.2 Types of Firewalls
There are three main types of firewalls:
1. Packet Filtering Firewalls
2. Application-level
Firewalls
3. Stateful Inspection Firewalls
10.2.1 Packet Filtering Firewalls
Packet filtering firewalls restrict access based on the source/destination computer network address of a
packet and the type of application.
packet and the type of application.
10.2.2 Application-level Firewalls
Application-level firewalls restrict access by serving as proxies for external servers. Since they use programs
written for specific Internet services, such as HTTP, FTP and telnet, they can evaluate network packets for
valid application-specific data. Application-level gateways have a number of general advantages over the
default mode of permitting application traffic directly to internal hosts:
written for specific Internet services, such as HTTP, FTP and telnet, they can evaluate network packets for
valid application-specific data. Application-level gateways have a number of general advantages over the
default mode of permitting application traffic directly to internal hosts: