1 00:00:00,00 --> 00:00:03,04 - [Instructor] Network firewalls protect entire networks; 2 00:00:03,04 --> 00:00:07,08 therefore, their scope of protection is much broader 3 00:00:07,08 --> 00:00:10,01 than that of host firewalls. 4 00:00:10,01 --> 00:00:15,08 Network firewalls sometimes come in the form of appliances. 5 00:00:15,08 --> 00:00:19,04 These are devices dedicated to controlling 6 00:00:19,04 --> 00:00:21,01 the flow of network traffic 7 00:00:21,01 --> 00:00:25,06 between internal and external networks. 8 00:00:25,06 --> 00:00:30,00 Although the network firewalls themselves are firewalls, 9 00:00:30,00 --> 00:00:33,05 they still need to be protected by host firewalls; 10 00:00:33,05 --> 00:00:37,03 therefore, network firewalls have a dual mission. 11 00:00:37,03 --> 00:00:40,02 The first one is as a host firewall 12 00:00:40,02 --> 00:00:43,02 whose goal is host protection. 13 00:00:43,02 --> 00:00:47,04 The second mission is to protect the network it belongs to, 14 00:00:47,04 --> 00:00:50,04 which has a much wider scope. 15 00:00:50,04 --> 00:00:54,01 One of the core functionalities of a network firewall 16 00:00:54,01 --> 00:00:55,07 is packet forwarding. 17 00:00:55,07 --> 00:00:58,07 In this case, they receive packets 18 00:00:58,07 --> 00:01:01,07 and send them to their destinations 19 00:01:01,07 --> 00:01:04,05 through different network interfaces. 20 00:01:04,05 --> 00:01:08,09 This functionality is very similar to that of routers. 21 00:01:08,09 --> 00:01:13,00 It's challenging to distinguish firewalls from routers 22 00:01:13,00 --> 00:01:14,06 most of the time, 23 00:01:14,06 --> 00:01:18,09 but the difference is that firewalls drop packets. 24 00:01:18,09 --> 00:01:21,06 Making a port forwarding decision 25 00:01:21,06 --> 00:01:25,00 is a pure firewall feature. 26 00:01:25,00 --> 00:01:29,00 In this example, the firewall intercepts a packet 27 00:01:29,00 --> 00:01:31,02 arriving at a host 28 00:01:31,02 --> 00:01:35,06 with its destination port set to 22222, 29 00:01:35,06 --> 00:01:39,06 and then decides to forward or drop the packet, 30 00:01:39,06 --> 00:01:42,07 based on predefined rules. 31 00:01:42,07 --> 00:01:45,09 The network firewall decides to forward 32 00:01:45,09 --> 00:01:48,03 the secure shell packet 33 00:01:48,03 --> 00:01:53,09 to a host whose IP is 10.0.0.2, 34 00:01:53,09 --> 00:01:56,08 behind a network firewall. 35 00:01:56,08 --> 00:02:02,00 Secure Shell allows a remote client to access a host. 36 00:02:02,00 --> 00:02:05,03 Once the packet arrives at the internal host 37 00:02:05,03 --> 00:02:09,05 and the host has an open port, that is 22, 38 00:02:09,05 --> 00:02:12,07 the packet gets to its destination. 39 00:02:12,07 --> 00:02:17,06 A Secure Shell server is running on the internal host. 40 00:02:17,06 --> 00:02:22,09 As you saw here, the packet arrived at port 22222 41 00:02:22,09 --> 00:02:24,08 of the network firewall, 42 00:02:24,08 --> 00:02:27,01 and then the packet got forwarded 43 00:02:27,01 --> 00:02:31,08 to the open port of an internal host, which was 22. 44 00:02:31,08 --> 00:02:34,08 Your home router should have a built-in 45 00:02:34,08 --> 00:02:36,09 network firewall capability. 46 00:02:36,09 --> 00:02:40,07 Often, it comes with the port forwarding feature; 47 00:02:40,07 --> 00:02:43,07 therefore, many of you may already have 48 00:02:43,07 --> 00:02:46,02 set up port forwarding. 49 00:02:46,02 --> 00:02:49,03 Did you know you can set up any computer 50 00:02:49,03 --> 00:02:51,02 as a network firewall? 51 00:02:51,02 --> 00:02:55,00 We'll try this together later in this course.