A variety of classification methods are used to categorize firewalls, but the most commonly used classification scheme breaks them down into the following categories:
Packet filtering firewalls
Circuit layer firewalls
Application layer firewalls
Some firewalls support only one of these features. Most advanced firewall products, such as Microsoft ISA Server or Check Point's Firewall-1 product, support all of these features. Firewalls become more complex to configure, and cost more, as the number of features increase.
The simplest type of firewall is the packet-filtering device. Packet filters inspect only the IP header and make allow and deny determinations—based on the source and destination IP address included ...