info_i_25x25.png Our ticketing platform provider has scheduled a maintenance window on May 20th, 2018. It will start at 1:00 am UTC on Sunday, May 20th and end at 1:00 pm UTC on Sunday, May 20th. During this time there might be an interruption in the chat service, but all our users will still be able to submit support tickets via the ticket submission form.

Intro to Networking - Network Firewall Security


Overview


This is an introductory article on the workings of stateful and stateless firewalls.

NOTES:
Find a complete introductory guide on Routing and Switching in our Ubiquiti Broadband Routing & Switching Specialist (UBRSS) guide, downloadable in our Training section.

Table of Contents


  1. Firewall Introduction
  2. Stateless vs. Stateful Firewalls
  3. Gateway Firewalls 
  4. Related Articles

Firewall Introduction


Back to Top

Firewalls are network security systems that monitor, track, and control network traffic. When configured on WAN boundaries, firewalls protect against malicious or undesirable traffic. Generally, firewalls apply to inbound, outbound, and local (i.e., destined for the firewall itself) traffic. While most host devices today feature consumer-grade firewall software, IT Admins are responsible for researching and implementing an effective firewall solution on the Enterprise/Broadband network.

With expanded scope, complexity, and importance, the evolution of network firewalls follows layers of the OSI Model in both design and implementation. In the absence of and prior to actually configuring a Network Firewall, a well-designed Network Topology at OSI Layers 1 and 2 reduces risks faced by the network, primarily through physical network access and implementation of VLANs.

topology_new.png

 

Dedicated Firewalls are critical to ensuring a safe, high-performing Network for all hosts. The UniFi Security Gateway sits on the WAN boundaries and by default, features basic firewall rules protecting the UniFi Site.


Stateless vs. Stateful Firewalls


Back to Top

Among the earliest firewalls were Stateless Firewalls, which filter individual packets based generally on information at OSI Layer 2, 3, and 4, such as Source & Destination Addresses.

With improvements in power and cost of Network Hardware, Stateful Firewalls emerged as connection-tracking filters, with consideration for information at OSI Layers 2, 3, 4, as well as Layer 7, for Application-based filtering.

Whether filtering based on simple packet criteria, or advanced tracking requirements, Stateless and Stateful Firewalls are both popularly used today and often overlap in when, where, and how they are deployed.


Gateway Firewalls 


Back to Top

Due to their design, function, and location on networks, Routers (Gateways) are well-suited to run firewalls. When configuring a Router Firewall, consider the following criteria: 

  • First, the Network Interface to Firewall.
    • For example, Firewall Rules would vary greatly between a trusted Corporate LAN, untrusted Guest VLAN, and the Risky WAN Door to the Internet.
  • Secondly, in which Traffic Direction to Firewall,
    • Whether ingress (inbound), egress (outbound), or Local (bound for the Firewall Device).
  • Thirdly, whether to Drop, Reject, or Accept the Traffic under scrutiny, and
  • Finally, the Rules defining the Firewall,
    • Including but not limited to Network Protocol, Source & Destination Address, Time, Connection State, and even Application.

Related Articles


Back to Top