Log in

Firewall and OSI model – Fortinet

27 Jun, 2024

Understanding the Vital Role of a Firewall

You’ve likely heard about the significance of a firewall in safeguarding your network. But what exactly does it do, and how does it enhance network protection? Let’s delve into the specifics to grasp the value it offers, the benefits it delivers, and why it’s a must-have for those who prioritize security.

The Evolving Landscape of Firewall Providers

Today, the market is brimming with companies offering firewall solutions, intensifying competition in this domain. In this blog, we shine a spotlight on Fortinet, a leading producer of cybersecurity products. Fortinet’s name is well-known in Georgia, where it has made its mark in numerous public and private institutions.

Demystifying Firewall

At its core, a firewall is a hardware or software solution that manages and filters incoming and outgoing packets and network traffic. Its primary mission is to shield local networks or individual nodes from unauthorized and potentially hazardous access. The firewall meticulously selects packets to allow or block based on predefined rules and policies. This decision-making process ensures that the network aligns with your specific security requirements.

Protection at Its Core

Understanding what a firewall safeguards us from is pivotal when analyzing the paths taken by incoming and outgoing packets in network traffic. To appreciate the firewall’s role in this journey, we must acquaint ourselves with the concept of OSI Layers—the Open Systems Interconnection model.
OSI Layers: A Fundamental Framework:
The Open Systems Interconnection model, or OSI, delineates the seven layers that computer systems use for communication within a network. These seven layers serve as the gateways through which incoming and outgoing packets traverse, connecting us to the digital world. OSI is categorized into upper and lower layers, with each layer playing a unique role in facilitating seamless communication.
The application layer is used by end-user software such as web browsers and email clients. It provides protocols that allow the software to send and receive information and present meaningful data to users. A few examples of application layer protocols are the Hypertext Transfer Protocol (HTTP), File Transfer Protocol (FTP), Post Office Protocol (POP), Simple Mail Transfer Protocol (SMTP), and Domain Name System (DNS).
The presentation layer prepares data for the session layer. It is based on established protocol. Specifies how to encrypt and compress data. The presentation layer receives any data transmitted by the application layer and prepares it for transmission to the session layer.
The session layer creates communication channels between devices called sessions. It is the session layer that is needed to ensure that the communication channels are open and everything is functioning properly during the data transfer.
The transport layer processes information between devices that communicate with each other (end-to-end). Communication (information exchange) management involves taking data from the session layer and dividing it into parts called segments. At the receiving device, the transport layer reassembles segments that travel through the session layer to your screen. This layer uses protocols such as TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) to transmit data.
At the same level, TCP/UDP ports are defined (application layer protocols have predefined ports, for example, FTP – 25 ports, HTTP – 80 ports, etc.), through which the traditional firewall performs filtering. That is, we can open access to the network on 25 ports and close the rest through the firewall, which means that only requests coming to the 25th port will enter the network.
The network layer provides data transfer between devices. The network layer divides the segments that are transmitted from the transport layer. They are also referred to as packages. Also the network layer acts as an efficiency tool. It determines the optimal path required for the data to reach its destination. This function is called “routing”.
The data link layer establishes and terminates a connection between two physically-connected nodes on a network. It breaks up packets into frames and sends them from source to destination. This layer is composed of two parts—Logical Link Control (LLC), which identifies network protocols, performs error checking and synchronizes frames, and Media Access Control (MAC) which uses MAC addresses to connect devices and define permissions to transmit and receive data.
The physical layer includes the physical equipment that transmits data such as L1 switches and cables. In this layer, Data is converted into 1’s and 0’s. The physical layer handles the communication between the device (computer, server, network printer, and other network equipment) and the data transmission medium (optical or copper cable). The physical layer includes various components: cables, radio frequency used to transmit data, Wi-Fi, required voltages and types of ports.

Firewall and NGFR: Understanding Next-Generation Firewalls

Firewalls, often accompanied by Intrusion Prevention Systems (IPS), diligently scan network traffic to detect known threats and minimize cybersecurity risks. They can also identify unusual activities that may signal potential threats. In recent years, a more advanced version of the firewall has emerged, known as Next-Generation Firewall (NGFR), which holds key distinctions.
While traditional firewalls focused on managing three of the network layers, NGFR extends its capabilities by integrating IPS and controlling packet reception and transmission across all seven layers. This comprehensive approach ensures complete network protection.
In the evolving landscape of data networks, marked by the proliferation of data driven by factors like IoT and the Cloud, security tools must adapt without compromising network functionality. Implementing the Fortinet Firewall system requires a deep understanding of your network’s traffic scale, data volume, and other critical details essential for optimal security. Additional licenses, such as IPS, IDS, UTP, URL filtering, and web & email protection, are highly recommended but come at an extra cost. Cost-efficient packages are available, allowing you to bundle licenses to save on expenses.
A vital aspect of Fortinet Firewall is the requirement to subscribe to customer support. This subscription is essential to purchase the product and is available in various durations, ranging from one year to multi-year or permanent subscriptions.
Traditional Firewall vs. NGFR: A Comparative Look
Traditional Firewall:
  1. Provides partial control and visibility of incoming and outgoing network traffic.
  2. Operates within layers 2 to 4.
  3. Requires separate management of security tools, often incurring substantial costs.
  4. Lacks the capability to decrypt and inspect SSL (Secure Sockets Layer) traffic.
  5. IPS and IDS are separately located in traditional firewalls.
NGFR (Next-Generation Firewall):
  1. Offers complete control and visibility of incoming and outgoing network traffic.
  2. Operates across layers 2 to 7.
  3. Allows users to seamlessly install, configure, or integrate security tools, reducing administrative costs.
  4. Effectively encrypts and inspects SSL traffic.
  5. Integrates IPS and IDS for unified threat protection.

The Role of Firewall and Antivirus: Complementary Protection

While a firewall effectively safeguards your network by blocking unwanted data flows through port closure, certain open ports like those used by Google, Gmail, and browsers remain necessary for regular use. However, these open ports can also serve as entry points for viruses and malware. This highlights the importance of antivirus software. Contrary to the myth that a firewall can replace antivirus protection, both components are essential. Firewalls are pivotal for network security, while antivirus software provides vital protection against malware and viruses at the application level.
Facebook
Twitter
LinkedIn

Rate