The firewall is an extremely huge idea. Step by step, there are new enhancements accompanying better plan, new firmware, new programming updates, new elements, and so on. There is different design accessible in the firewall like screened have firewall engineering, bundle separating switches firewall design, double homed firewall engineering, screened subnet firewall design. According to the modern necessity, network plan, we want to pick reasonable firewall design.

The fundamental idea of a firewall is to shield the inner or hierarchical climate from any outer security assault. Also, three significant perspectives will characterize the design of the firewall, similar to the goal of the organization as far as the association perspective, the improvement capacity, and how we really want to execute it. While thinking of it as far as the equipment level, then we really want to consider the financial plan moreover.

Detail of Firewall Architecture:-

 1. Scanned host firewall architecture:-

We have a few enhancements in the parcel separating switches firewall design in the screened have firewall engineering. In this design, we are utilizing the parcel sifting switches firewall procedure with the committed or the different firewall. It is known as the application intermediary server. In the bundle sifting switch’s firewall design, we have an extremely large above to channel the organization traffic (when the entrance control list increments). Because of this, we are confronting loads of issues. Here, we have attempted to beat it, and we have added the devoted firewall. This procedure will permit the switch to the firewall. Because of this engineering, the switches will pre-screen the organization traffic or the bundles to limit the organization above. It will assist with circulating the heap also.
The different application intermediary server will chip away at layer 7 (on the TCP convention). It will channel the bundles on the application level. It is having the ability to sift through the parcels like HTTP, HTTPS, FTP, SFTP, and so on. All in all, the different application intermediary server is otherwise called the stronghold have too. It will be a high opportunity for an outer assault, and it will be less secure too. The activity have or the different application intermediary server is holding the stored duplicates of the web records. Yet, in this engineering, the outside assailant requirements to think twice about two distinct frameworks. Prior to doing any assault, it will get to the inside information moreover.
Work Flow: As per the above architecture, there is a separate host is available, i.e. the bastion host. It acts like a proxy server to balance the load on the firewall. The firewall is holding all the set of rules and access control. The bastion server will help to filter out the network traffic. If it is a valid packet, it will allow it via proxy access to the internal filter router, moving further in the internal network.

2. Packet filtering router firewall architecture:-

Large numbers of the association need the web availability. In the event that we empower web network, the association without a firewall will be presented to the outer world. To keep away from an outer security assault, we really want to introduce and design the firewall. In the parcel separating switches, we have the switch idea. Here, the switch interface goes about as the internet service to the association. The switch is going about as a moderate between the association and the internet service. On similar level, we are empowering the organization parcel separating process.
In the event that any undesirable parcels might come, so it will sift them through on a similar level. Consequently the bundles will drop or be dismissed. It won’t come in the association level organization. It is an extremely straightforward method for carrying out it. It will likewise assist with bringing down the gamble from outside security dangers. However, it has not many worries too. In the event that we go with the bundle separating switches, it will be less reviewing on the organization traffic. Additionally, we are likewise having the downside of the solid validation component too. Step by step, the entrance control rundown will develop. Thus, it will be an exceptionally enormous above to channel the approaching organization parcels. Because of which it will diminish the organization execution moreover. In couple of cases, we will confront the slack.
Work Flow: It is the basic technique to implement the firewall. Here, the ISP will provide an internet connection to the organization. Then, it is attached to the external filter router. First, on the firewall, we need to add the list of ACL’s and configurations. Then, with the help of the same configuration, the network traffic will filter and pass to the internal filter router. Further, the internal filter router will separate out the network traffic into the internal organization-level network.

3. Dual homed firewall architecture:-

Presently the structural intricacy is more expanding on the grounds that we really want elite execution and less organization slack. In the past firewall design, we are utilizing the single organization interphase card. However, when we are utilizing such kind of firewall engineering, the stronghold host will contain the two different organization interphase cards. In this engineering, the one organization interphase card will associate with the outside organization, and the other organization interphase card will associate with the inside organization. Here, all the organization traffic will genuinely go from the firewall, which in the middle between in inner and outside network interphase cards.

Work Flow: In this architecture, there is no separate proxy server. In this firewall architecture, there are two different NIC’s are available. In one NIC, the external ISP connection will connect. In the second NIC, the internal network will connect. Once the traffic comes, the firewall will filter the traffic and pass it to the internal network. If the traffic is not valid, the firewall will drop the packet and not flow it further.


We have seen the uncut concept of the “firewall architecture” with the proper explanation. There is a number of firewall architecture available; we need to choose it as per our own requirements and budget. The firewall will track the traffic on the application level also.