Firewall Types

Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Vista

The two main firewall types are network perimeter firewalls located at the network's perimeter and host-based firewalls located on individual hosts within the network.

Network perimeter firewalls

Network firewalls, located at the boundary between the internal network and external networks such as the Internet, typically provide a variety of services. Such products are either hardware-based, software-based, or a combination of both. Some also provide application proxy services, an example of which is Microsoft® Internet Security and Acceleration (ISA) Server.

Most of these types of network firewall products provide some or all of the following functionality:

  • Management and control of network traffic by performing stateful packet inspection, connection monitoring, and application-level filtering.

  • Stateful connection analysis by inspecting the state of all communications between hosts and storing connection data in state tables.

  • Virtual private network (VPN) gateway functionality by providing IPsec authentication and encryption together with Network Address Translation-Traversal (NAT-T), allowing permitted IPsec traffic to traverse the firewall with public to private IPv4 address translation.


A new method of NAT traversal transition for IPv6 called Teredo is also available in Windows Vista and later versions of Windows.

Host-based firewalls

Network perimeter firewalls cannot provide protection for traffic generated inside a trusted network. For this reason, host-based firewalls running on individual computers are needed. Host-based firewalls, of which Windows Firewall with Advanced Security is an example, protect a host from unauthorized access and attack.

In addition to blocking unwanted incoming traffic, you can configure Windows Firewall with Advanced Security to block specific types of outgoing traffic as well. Host-based firewalls provide an extra layer of security in a network and function as integral components in a complete defense strategy.

In Windows Firewall with Advanced Security, firewall filtering and IPsec are integrated. This integration greatly reduces the possibility of conflict between firewall rules and IPsec connection security settings.


IPsec provides a security framework for Layer 3 (Network layer) of the TCP/IP stack. IPsec is a suite of protocols that ensures data confidentiality, data integrity, and data authentication between peers.