There are many different firewall types. This can be a bit of a challenge for new organizations that are looking to optimize their cybersecurity protections without compromising network performance. So, some questions are only natural.
One of the bigger questions is: “How do firewalls work?” The answer depends on the type of firewall being discussed. For example, a circuit-level gateway works differently than a packet-filtering or stateful inspection firewall. This, in turn, leads to questions about specific firewall types, such as: “Which of the following are characteristics of a circuit-level gateway” or “What is a circuit-level gateway?”
Here’s a quick explanation of circuit-level gateways and their features:
Here’s a fairly useful definition of circuit-level gateways from Techopedia:
“A circuit-level gateway is a firewall that provides User Datagram Protocol (UDP) and Transmission Control Protocol (TCP) connection security, and works between an Open Systems Interconnection (OSI) network model’s transport and application layers such as the session layer. Unlike application gateways, circuit-level gateways monitor TCP data packet handshaking and session fulfillment of firewall rules and policies.”
Basically, a circuit-level gateway verifies TCP handshakes to check incoming traffic without consuming a lot of time and resources. This makes circuit-level gateways one of the more efficient firewall types—minimizing the performance impact on your network.
However, because these firewalls do not check the information packet or its contents, a packet that has the right TCP handshake, but also contained malware, could conceivably get through a circuit-level gateway.
To help you visualize the difference between a circuit-level gateway and other firewalls, here’s a small chart of different firewall types:
Feature |
Packet-Filtering Firewalls |
Circuit-Level Gateways |
Stateful Inspection Firewalls |
Application-Level Gateways (Proxy Firewall) |
Destination/IP Address Check |
Yes |
No |
Yes |
Yes |
TCP Handshake Check |
No |
Yes |
Yes |
Yes |
Deep-Layer Inspection |
No |
No |
No |
Yes |
Virtualized Connection |
No |
No |
No |
Yes |
Resource Impact |
Minimal |
Minimal |
Small |
Moderate |
You may also have noticed that “next-generation firewalls” weren’t on the list either. This is because it’s hard to generalize about their capabilities since there isn’t a general consensus on what makes a firewall “next-gen.”
It’s important to note that these characteristics are based on broad generalizations of each firewall solution. For example, while circuit-level gateways don’t typically use virtualization to create an extra layer of separation between your system and incoming traffic, a specific product may use that feature or you may be able to route all traffic through a virtualized connection regardless of which type of firewall you use.
It can be difficult to choose between different firewall types. Adding to the difficulty is the fact that many organizations need to use multiple firewalls to create strong network segmentation for a “defense in depth” strategy. Using firewalls with conflicting rules can cause legitimate traffic to be dropped, resulting in poor network performance and inefficiency.
Here, using a managed firewall service from a managed security service provider can help. Not only can an MSSP help you choose the right firewall products to meet your needs, they can:
Need help setting up your firewall solution? Whether it’s a circuit-level gateway or any other kind of firewall, we’re here to help! So, contact Compuquip today to get started.