If you’re wondering what the difference is between a network firewall and a web application firewall, also known as WAF, you’re not alone. Watch this short educational video to learn more.
Fortra Managed WAF provides comprehensive features to protect your web applications and APIs.
If you’re wondering what the difference is between a network firewall and a web application firewall – also known as WAF – you’re not alone. It’s a question we get asked all the time.
Let’s start with traditional network firewalls — they are a perimeter around your entire network, essentially gating everything. They look at things much more simply than a WAF does — examining just the size, origin, and destination of requests. This is known as layer 3 inspection.
To better understand layer 3 protection, imagine that you’ve just received a letter in the mail. You pick up the envelope and you can see your address as well as the return to sender’s address but you have no idea what’s actually inside. This is similar to how a traditional network firewall works – assessments can only be made based only on size, origin, and destination of requests cause that’s all they can see.
Then there’s Next Gen Network Firewalls which inspect down to layer 7, evaluating the request in its entirety and making value-based judgements on everything — origin, destination, and what’s contained within the request. Using the envelope analogy, when you’re holding an envelope in your hand, it would be as if you could see everything inside of it without having to open it.
Both Next Gen Firewalls and WAFs have this level of visibility, allowing them to evaluate the entire request and make more informed decisions on whether it should be passed on or dropped.
But a WAF provides superior protection for your web apps over Next Gen Firewalls. As a WAF sits in front of each unique application, using a list of specialized and targeted rules, built to suit the unique features of each app.
Both types of network firewalls protect large segments of a network, with rulesets that are much broader than a WAF, as they need to work for every single device within the network rather than just a single application.
Picture the security in a hotel. Traditional and Next-Gen Network Firewalls work like a security gate around the entire hotel, while a WAF is a security guard, standing in front of a specific room within the hotel.
Network firewalls and WAFs complement each other. But as web apps serve business critical functions, they warrant the extra protections that can only be provided through a web application firewall.