There are three common types of firewalls, the packet-filtering router, the Application- Level Gateway, and the Circuit-Level Gateway.

A packet-filtering router examines the packets and decides whether they could flow through. An application level gateway works as a proxy server and examines the traffic at the application layer.

A circuit level gateway simply establish two different connections, one with the server, and one with the client outside the network, and forward TCP packets.

1. Packet-filtering Router:

A packet filter Firewall blocks or forwards packets based on the transport and network layer addresses and protocols. It is typically set up as a list of rules based on matches of fields in the IP or TCP header.

A packet-filtering router has a set of rules. It checks each packet against these rules and decides whether they can go through.

The rules could be based on the following parameters:

• Source IP address.
• Destination IP address.
• Source and destination transport-level address.
• IP protocol field.
• Interface.

Thus, for instance, such a firewall may have a rule that only the packets having a specific destination address will go through. When it checks that a packet does not have the destination address, it will reject the packet.

There is certainly the possibility that a packet does not match any of the rules. In this case there could be two approaches: the firewall will either by default accept the packet or reject the packets.

Packet-filtering is an intuitive concept for a firewall. Such a router is relatively simple.

Advantages:

1) The biggest advantage of Packet filtering firewalls is cost and lower resource usage and best suited for smaller networks.

2) Packet-filtering firewalls provide a reasonable amount of protection for a network with minimum complications. Packet-filtering rules can be extremely intuitive and thus easy to set up.

3) Packet-filtering firewalls also tend to have the least negative effect on the throughput rate at the gateway compared with other types of firewalls.

4) They also tend to be the most transparent to legitimate users. If the filtering rules are set up appropriately, users obtain their required access with little interference from the firewall.

Disadvantages:

1) Packet Filtering Firewalls can work only on the Network Layer and these Firewalls do not support Complex rule based models. And it’s also Vulnerable to Spoofing in some cases.

2) Packet filtering is not sufficiently fine-grained to block specific application commands. All the traffic intended for an application will be flowed through or blocked. We can allow certain interactions with an application and block others.

3) They may also lack remote administration facilities that can save considerable time and effort.

2. Application-level Gateway:

Application level gateways firewalls work on the Application layer of the OSI model and provide protection for a specific Application Layer Protocols. Proxy server is the best example of Application Level Gateways Firewalls.

An Application Gateway blocks or forwards packets based on the information in the application layers.

Application level gateway, also called a Proxy Server acts as a relay of application level traffic.

Users contact gateways using an application and the request is successful after authentication. The application gateway is service specific such as FTP, TELNET, SMTP or HTTP.

Application level firewalls can also be configured as Caching Servers which in turn increase the network performance and makes it easier to log traffic.

Advantages:

1) Provides higher level of security than packet filters.

2) Can be used to protect vulnerable services to the protected system.

Disadvantages:

1) Slower performance

2) Need for proxies for each application.

3. Circuit Level Gateway:

Circuit level gateways firewalls are deployed at the Session layer of the OSI model and they monitor sessions like TCP three way handshake to see whether a requested connection is legitimate or not.

Circuit-level gateway can be a standalone or a specialized system. It does not allow end-to-end TCP connection; the gateway sets up two TCP connections.

Once the TCP connections are established, the gateway relays TCP segments from one connection to the other without examining the contents.

The security function determines which connections will be allowed and which are to be disallowed.

Advantages:

Provide service for many different protocols.

Disadvantages:

1) Clients must be able to use them.

2) Can not inspect application layer.