According to the firewall structure classification can be divided into a single host firewall, router integrated firewall and distributed firewall three kinds. A single host firewall is the most traditional firewall, which is independent of other network devices and is located on the network boundary.
The firewall is actually similar to a computer structure, including CPU, memory, hard disk and other basic components, of course, the motherboard is not less, and the motherboard also has south, North Bridge chip. The main difference between it and the general computer 敁 is that the general firewall is integrated with more than two Ethernet cards, because it needs to connect more than one internal and external network.
The hard disk is mainly w to store the basic program used by the firewall, such as packet filter program and proxy server program, and some firewalls also log records on this hard disk. However, we cannot say that it is just like our normal PC, because the nature of its work determines its high stability, practicality and system performance. Because of this, seemingly similar to the configuration of the PC, the price of the two is far from the difference.
With the development of the firewall technology and the improvement of the application demand, the firewall that used to be a single host has changed a lot now. Along the obvious change is now many high-end routers have integrated the firewall function, and some firewall is no longer an independent hardware entity, but by a number of hardware and software system. The original single host firewall because the price is very expensive, only a few large enterprises can afford, in order to reduce the enterprise m investment, now many high-end routers integrated firewall functions, such as Ciscoios Firewall series. But this kind of firewall is usually the lower packet filter advise.
In this way the enterprise will not have to buy routers and firewalls at the same time, greatly reducing the cost of network equipment purchase. The distributed firewall is not only in the network boundary, but penetrates each host of the network, and implements the protection to the host of the whole internal network. In the network server, usually installs the firewall system management software, installs the PCI firewall card which has the integrated network card function in the server and each host, such a firewall card simultaneously has the network card and the firewall dual function.
Such a firewall system can completely protect the internal network. Each host regards any communication connection sent by his host as "untrusted" and needs to be filtered strictly, rather than as a traditional border firewall, only requests for "distrust" of communications sent from the external network.