Multi-stage firewall
The BSI recommends that a good firewall system should consist of three firewalls: a packet filter, an application gateway and another packet filter. Note that the external router (mostly provided anyway) can be designed as a packet filter with appropriate rules. There are only a few multi-stage complete firewalls on the market (GeNUGate, Kryptowall). Occasionally, single-stage firewalls are extolled as packet filter and proxy, which at first glance looks like multi-stage capability. But all that’s really involved here is packet filters which for certain applications interpose proxies instead of the packet filter. Multi-stage firewalls require several computer systems entirely independent of each other.
