What is a firewall? Explanation of basic knowledge of firewall

  What is a firewall ？ Explanation of basic knowledge of firewall - cloud + Community - Tencent cloud

What is a firewall

Firewall is also called protective wall , It is a network security system between internal network and external network , You can isolate the internal network from the external network . Usually , Firewall can protect the interior / Private LANs are protected from external attacks , And prevent the leakage of important data . Without a firewall , Routers will blindly transfer traffic between internal and external networks without filtering mechanism , The firewall can not only monitor traffic , It can also prevent unauthorized traffic .

In the network , So-called “ A firewall ”, It refers to an intranet and public access network （ Such as Internet） The way of separation , It's actually an isolation technology . Firewall is a kind of access control scale which is executed when two networks communicate , It allows you to “ agree! ” People and data into your network , At the same time will you “ Disagree ” Of people and data , Prevent hackers from accessing your network to the maximum extent . let me put it another way , If not through the firewall , People inside the company can't access it Internet,Internet People on the company can't communicate with people inside the company .

In addition to connecting the internal LAN with the external Internet Out of isolation , Firewall can also separate ordinary data and important data in LAN , So it can also avoid internal invasion .

                                                                          How Firewalls Work

There are two types of firewalls: Hardware firewalls and software firewalls , The hardware firewall allows you to pass the port's Transmission Control Protocol （TCP） Or user datagram protocol （UDP） To define blocking rules , For example, unnecessary ports and IP Address access . Software firewalls are like proxy servers that interconnect internal and external networks , It allows the internal network not to communicate directly with the external network , But many enterprises and data centers will combine these two types of firewalls , This is mainly because it can more effectively improve the security of the network .

                                                                           How to choose a hardware firewall

One 、 Network throughput

Because the firewall identifies whether it complies with the security policy by filtering the incoming and outgoing data , So when the flow is relatively high , The firewall is required to detect all data packets in time at the fastest speed . Otherwise, it may cause a long delay , Even crash . Therefore, the network throughput index is very important , It reflects the availability of the firewall , It also reflects the delay cost of enterprise users using firewall products . If the firewall causes a large delay to the network , Cause great losses to users .

When purchasing a firewall, the first indicator to look at is the throughput of the firewall . Of course , The larger the throughput, the better . Because the larger the throughput , The higher the price of firewall . According to the actual situation of the enterprise , Such as the bandwidth of Internet access now , To choose the right bandwidth .

Two 、 Priority of the agreement

Now video applications are more and more widely used in enterprises . Such as video conference system 、 Voice phones and so on are very popular in enterprises . These applications will occupy a relatively large bandwidth of the enterprise . If the enterprise bandwidth cannot keep up , The quality of these applications will be greatly affected , For example, the quality of calls may be intermittent . It's like the signal of mobile phone is poor . Although this situation can be improved by improving the speed of Internet access , But this is not the preferred solution . Because increasing bandwidth requires enterprises to spend a relatively large investment . Therefore, the most ideal solution is to manage the communication flow of the enterprise . Set the traffic of some key applications to a higher priority through the firewall . In network transmission , First of all, we should ensure that these communication flows can pass first . This can significantly improve the effect of video applications such as voice calls .

3、 ... and 、 It has certain expansibility

The network of enterprises cannot remain unchanged forever . With the expansion of enterprise scale , The internal network of the company will be constantly upgraded , To meet the growing needs of enterprises . So how to consider ？

First, for the needs of subsequent expansion , It's best to buy those modular firewalls . Such words , If you add other functions later , Just buy the module . Instead of replacing the entire hardware firewall . In other words, the hardware firewall system you choose is a modular solution that can be scaled at will , From the most basic packet filter to the one with encryption VPN Type bag filter , Finally, to an independent application gateway . Only so , Can easily face the upgrading of enterprise informatization application .

Second, consider the problem of network interface . Generally, the most basic configuration of firewall has two network interfaces ： Internal and external network interfaces . These interfaces correspond to the trust level of accessing the network . The external network interface is connected to an untrustworthy network , The internal network interface is connected to the trusted network . During intranet deployment , Interfaces connected to the outside may need to be connected to major parts of the company , At this time, the trust degree may be higher than that of the external network , But it is slightly lower than the trust of the internal network . But as companies' Internet business needs become more complex , Firewalls with only two interfaces have obvious limitations , May not be able to meet the needs of enterprise business . For example, the enterprise may need safety , The third interface is likely to be used in the future DMZ Interface . Therefore, for the consideration of future information application upgrading , When choosing firewall , We also need to pay attention to whether there are enough interfaces ; Or consider whether the available interfaces can be added in the form of modules in the future .