Packet Filters - Packet filters, usually implemented on routers, filter traffic based on packet content, such as IP addresses. They examine a packet at the network layer and are application independent, which allows them to deliver good performance and scalability. However, they are the least secure type of firewall. The reason is that they cannot understand the context of a given communication, making them easier for hackers to break.

Application-Layer Gateways - Application gateways use agents, called application proxies, to improve on security by bringing context information into the decision process. However, every application requires a new proxy, making scalability and support for new applications an issue. As a result, ALGs tend to focus on providing either single application (e.g., web server) attack protection, or application access control without dedicated attack protection. ALGs also tend to have very limited capabilities at the network level

Stateful Inspection - Stateful Inspection, a technology developed and patented by Check Point, has become the de facto standard for firewalls. Stateful Inspection extracts the state-related information required for security decisions and maintains this information in dynamic state tables for evaluating subsequent connection attempts. This provides a solution that is highly secure and offers maximum performance, scalability, and extensibility.