What are some different high-level deployment models for firewalls?
A brief comparison and contrast between some popular firewall terms.
Hi there, friends! I'm back. Did you miss me? 😄 It's been awhile since my last post, so I thought it would be helpful to review some foundational concepts. Today, let's go over functional deployment modes and high-level architecture models for firewalls.
A long time ago, in a galaxy far far away, a "firewall" was a simple device with a simple purpose: it was essentially a perimeter gatekeeper for a network. On one side of it, there was the big, bad, scary public internet. On the other side, there was the serene bliss of the internal network. Since then, times have changed and networks have evolved. The idea of a "firewall" has expanded to a lot of different concepts. Now, the term can refer to a TON of different things including architectural models, feature sets, and implementations. I'll just highlight a few examples:
- Distributed enterprise firewall - This is an architecture where firewall capabilities are broken apart and enforced across multiple points within the enterprise infrastructure (e.g. individual hosts, virtual machines, network segments, etc).
- Internal Segmentation Firewalls (ISFW) - This is a firewall deployed within an internal network to divide it into smaller, isolated segments or zones. The ISFW typically controls traffic between internal segments.
- Data-Center Firewalls - This is a broad term referring to firewalls specifically designed and deployed to secure a data center environment.
- Next-Generation Firewalls (NGFW) - This is a modern firewall that goes beyond traditional packet filtering and stateful inspection. It integrates a broader set of security capabilities into a single platform.
Confused yet? Yeah, I get it. All of these concepts seem to overlap. If it helps, think of it this way:
- NGFWs are a technology that can be deployed in various locations.
- Distributed Enterprise Firewalls, Internal Segmentation Firewalls (ISFWs) and Data-Center Firewalls describe where and how firewalls are deployed within an enterprise and what their primary function is in that context.
For more info, consider checking out the following resources:



