Check out what is Firewall Service Chaining definition. Should it monitor traffic entering or leaving the organization?
Firewall Service Chaining Definition
Firewall Service Chaining is a process by which a firewall evaluates traffic for compliance. This is with both its own rules and the rules of another device. When packets are sent through a firewall, they are examined against the rules of that firewall.
Service Chaining refers to the process whereby a service policy is applied to the traffic based on both:
The destination address of the traffic
The destination port of the traffic
Service Chaining is sometimes referred to as ‘Layer 7’ filtering because it examines each packet based upon its Layer 7 – Application layer – characteristics. Also, the term ‘Service Chaining’ is used to describe a specific form of firewall filter that combines multiple services into one packet filter. This combines multiple services into one filter to reduce the number of individual filters required.
For example, by combining FTP and HTTP in one filter, only two filters will be required instead of four (one for each service). This method can be effective in reducing the number of filters required. But has several drawbacks, such as reducing performance and introducing more potential points of failure.
This form of Service Chaining is sometimes referred to as ‘Service Grouping.’
What Is Firewall Service Chaining Example?
What if an organization wants to block access to port 25 (SMTP) but allow SMTP connections from their corporate email server? Then a rule can be created on the firewall with the source IP address set to that server’s IP address. Also, port 25 is set as the destination port.
The rule will then allow all SMTP traffic from that source IP address (the corporate email server) destined for port 25. Also, this would allow SMTP connections from that server. But would block all other SMTP connections from outside of that server’s local network.
Another example might be setting up a web proxy service on a web server inside an organization. Then set up a rule on the firewall with the source IP address set to that web server’s local network address. So this includes the 10.10.10.0/24 as the destination network address.
It would allow connections from local network devices on 10.10.10.0/24 destined for port 80 (HTTP). Also, this would allow Internet devices connected to that web server to access it via HTTP. But would block all other HTTP connections from outside of that network or from inside of it when not accessing that web server directly via its local network address.
Application Control Firewall
An application Control Firewall is a type of firewall that can be used to block applications based on the application or protocol being used. It is different from a Packet Filtering Firewall, which only allows or denies traffic based on its packet characteristics. This is a source and destination IP address.
Application Control Firewall typically does not rely on packet filtering rules to determine whether an application should be blocked or allowed. Instead, the firewall inspects the application payload to determine if it matches certain rules. This allows the firewall to inspect HTTP traffic for URLs, XML traffic for XML content, and SMTP traffic for commands.