A hardware firewall is a physical device that connects a computer or network to the Internet, employing certain advanced techniques to protect it from unauthorized access. Wired routers, broadband gateways and wireless routers all incorporate hardware firewalls that protect every computer on a network. Hardware firewalls can be distinguished by the techniques that they utilize to protect a network of computers, and the different types are packet filtering, stateful packet inspection, network address translation and application level gateways.
The packet filtering firewall examines all of the data packets traveling to and from the system. It forwards the data based on a set of rules that are defined by the network administrator. This hardware firewall examines the header of the packet and filters packets based on the source address, destination and port information. If the packet doesn’t comply with the rules, or if it fits the blocked criteria, it isn’t allowed to pass through to the computer or network.
The stateful inspection firewall goes beyond packet filtering to track information about the state of the network connections to determine which data packets can be allowed to pass through. It’s also known as dynamic packet filtering or stateful packet inspection (SPI) This hardware firewall monitors where the packet came from to figure out what to do with it. It examines whether the data was sent in response to a request for more information or whether it simply appeared. Packets that don’t match a known connection state are rejected
A network address translation (NAT) firewall hides a computer or network of computers from the outside world by presenting one public Internet protocol (IP) address to the Internet. The IP address of the firewall is the only valid address in this scenario, and this is the only IP address presented for all the computers that exist on the network. Every computer on the inside of the network is assigned an IP address that is valid only within the private network. This hardware firewall is very effective because it presents only one public IP address to the Internet for any number of users on a network.
When a computer inside the network protected by a NAT firewall makes a request for information, the firewall observes the request, notes the internal IP number, forwards the request using it’s own IP address and send the information received to the specific computer within the network. An application level gateway effectively renders a computer behind it invisible to the Internet by acting as a proxy and carrying out all of the data transfers on behalf of the computer. It regulates traffic very closely, allowing only some commands to go through, limiting file access and sounding alarms under specific conditions. This hardware firewall is usually implemented on a separate computer on a network that has the sole function of acting as a proxy. It’s quite sophisticated and is considered to be one of the most secure types of hardware firewalls.