| functional unit that mediates all traffic between two networks and protects one of them or some part thereof against unauthorized access
NOTE 1 – The protected network is generally a private network, internal to an organization.
NOTE 2 – A firewall may permit messages or files to be transferred to a high-security workstation within the internal network, without permitting such transfer in the opposite direction.
NOTE 3 – The firewall may have different types of implementation. Examples are dual-homed-host, screened subnet, screening router, or bastion host.
NOTE 4 – See Figure 3.