What is the GFW?

What is the GFW?

February 28, 2025
Related Knowledge
GFW, Great Firewall, Global Firewall, Content Review

Introduction #

In today’s fast-paced era of informatization, the network has become a critical infrastructure for societal operations, with cybersecurity serving as the core element to ensure the stable operation of this infrastructure. As a firewall product occupying a significant position in the field of cybersecurity, “Great Wall Firewall” leverages its robust technical capabilities and innovative solutions to implement internet regulation as an essential tool for safeguarding national information security. This article will delve into the functional design, core technology, and security strategies of the Great Wall Firewall from a technical perspective, showcasing the professionalism and reliability of this cybersecurity product.

The mechanisms for reviewing online content vary across the globe, with each country and region adopting distinct legal frameworks, cultural backgrounds, and technical approaches to address issues related to information dissemination on the internet. GFW is not unique to any specific nation or region; instead, every country implements its own intensity and methods in regulating online content, reflecting its unique culture, laws, and societal values.

Historical Overview #

As internet users grew rapidly and internet technology advanced, governments worldwide began to recognize the need for stronger management of information dissemination to maintain social order. Initially, this regulation was mainly focused on blocking harmful content, such as pornography and gambling. However, by the late 20th century and into the 21st century, with the dramatic increase in netizens and the growing openness of internet markets, GFW’s functions gradually shifted from simple content filtering to comprehensive technical control.

The formation and evolution of GFW is a dynamic process. Initially, the government implemented various technical measures to monitor and restrict the spread of harmful information from overseas through domestic networks. As online applications developed, particularly with the emergence of interactive platforms like blogs and forums, governments intensified their scrutiny of internet content and controlled access by blocking IP addresses and domains. Subsequently, GFW expanded into multiple fields and technical aspects, including but not limited to search engine blocking mechanisms and social media information filtering.

In general, GFW has become one of the key tools for governments worldwide in implementing internet regulation. While it serves to protect national cyber security and social stability, its implementation has sparked widespread discussions on freedom of speech and internet openness. Although its original intention was to safeguard national security and social order, its execution has faced numerous controversies and criticisms, making it one of the most complex and extensive online censorship systems globally.

Current Situation #

In 2006, a non-governmental organization dedicated to promoting press freedom, Reporters Without Borders, published a list of what it referred to as “Internet Enemies.” The organization identified a country or region as an “Internet Enemy” not only for its practice of “censoring online news and information,” but also for its systematic oppression of internet users. Below is the list they released regarding countries/regions that monitor the internet:

  1. Current Internet Enemies:

    • Bahrain: 2012–present
    • Belarus: 2006–2008, 2012–present
    • People’s Republic of China: 2008–present
    • Cuba: 2006–present
    • Ethiopia: 2014–present
    • India: 2014–present
    • Iran: 2006–present
    • North Korea: 2006–present
    • Pakistan: 2014–present (In November 2020, the Prime Minister of Pakistan granted authority to the Pakistan Telecom Authority to delete and block content that is detrimental to the government.)
    • Russia: 2014–present
    • Saudi Arabia: 2006–present
    • Sudan: 2014–present
    • Syria: 2006–present
    • Turkmenistan: 2006–present
    • United Arab Emirates: 2014–present
    • United Kingdom: 2014–present
    • United States: 2014–present
    • Uzbekistan: 2006–present
    • Vietnam: 2006–present

  2. Past Internet Enemies:

    • Egypt: 2006–2010 (Now placed on the list of countries/regions monitoring the internet.)
    • Myanmar: 2006–2013
    • Tunisia: 2006–2010 (Now placed on the list of countries/regions monitoring the internet.)

  3. Countries/Regions Currently Monitoring the Internet:

    • Australia: 2009–present
    • Egypt: 2011–present
    • Eritrea: 2008–2009, 2011–present
    • France: 2011–present
    • Kazakhstan: 2008–present
    • Malaysia: 2008–2009, 2011–present
    • South Korea: 2009–present
    • Sri Lanka: 2008–2009, 2011–present
    • Thailand: 2008–present
    • Tunisia: 2011–present
    • Turkey: 2010–present
    • Norway: 2020–present (Only metadata crossing the Norwegian border is monitored.)

  4. Countries/regions that have monitored the internet in the past:

    • Bahrain: 2008-2009, 2011 (Current Internet Enemies)
    • Belarus: 2009-2011 (Current Internet Enemies)
    • India: 2008-2013 (Current Internet Enemies)
    • Jordan: 2008
    • Libya: 2008, 2011
    • Russia: 2010-2013 (Current Internet Enemies)
    • Tajikistan: 2008
    • UAE: 2008-2013 (Current Internet Enemies)
    • Venezuela: 2011
    • Yemen: 2008-2009

The original “Internet Enemies” list in early 2006 included 13 countries/regions. During 2006-2012, it decreased to 10 and then increased to 12. No updates were made in 2013. The 2014 list began considering both internet surveillance and censorship together, increasing the count to 19. After 2014, no further updates were made.

The original “Countries/regions monitoring the Internet” list in early 2008 included 10 countries/regions. During 2006-2012, it increased to 16 and then decreased to 11. In 2020, Norway was added to the list, bringing the total to 12.

On March 12, 2013, Reporters Without Borders released its “Special report on Internet Surveillance,” which included two new lists:

  • “Internet Enemies Countries”: listed countries where governments actively and invasively monitor journalists, leading to serious infringements of freedom of information and human rights.
  • “Internet Company Enemies”: Companies that sell their products to governments, enabling them to violate human rights and freedom of information.

It also listed five “Internet Enemies Companies”: Bull SAS (France), Stratus Technologies, FinSpy (UK/DE), Hacking Team (Italy), and Trovicor (Germany).

Technical Analysis #

Function Design of the Great Wall Firewall #

1. Network Boundary Protection #

One of the core functions of the Great Wall firewall is to serve as a “guardian” for the network, establishing a barrier between internal and external networks. By configuring access control lists (ACLs) and stateful inspection technologies (SPI), the Great Wall firewall can effectively block unauthorized external access while allowing legitimate traffic to pass through.

  • Bidirectional Traffic Monitoring: The Great Wall firewall not only monitors inbound traffic but also strictly inspects outbound traffic, preventing data leaks and internal attacks.
  • NAT Support: In enterprise networks, the Great Wall firewall is often used for private IP address to public IP address translation to ensure the security and privacy of the internal network.

2. Deep Packet Inspection (DPI) #

The Great Wall firewall employs advanced deep packet inspection technologies that can analyze network traffic from multiple dimensions. By examining the payload content of data packets, the Great Wall firewall can identify malicious activities hidden within legitimate traffic, such as virus spread, trojan attacks, and data theft.

  • Protocol Decoding: Supports deep decoding of common protocols (HTTP, HTTPS, FTP, SMTP, etc.), allowing detection of attack behaviors based on these protocols.
  • Anomaly Traffic Detection: Through statistical analysis and behavioral modeling, the Great Wall firewall can identify network activities that do not match normal business models and promptly issue alerts.

3. Application Layer Protection #

The Great Wall firewall does not only focus on security at the transport layer but also provides deep protection for application layers. For common scenarios such as web applications and email servers, the Great Wall firewall offers specific protection mechanisms.

  • Webpage Tamper Prevention: By checking HTTP response content, it prevents malicious modifications or code injection into web pages.
  • DDoS Defense: Utilizing traffic cleaning and behavioral analysis technologies to identify and filter large-scale attack traffic from external sources.

4. Logging and Auditing #

As an important component of network security, the Great Wall Firewall features comprehensive logging functionality. All traffic passing through the firewall is meticulously recorded for subsequent analysis by security administrators.

  • Log Categorization: Logs are categorized based on the severity of events (e.g., warnings, errors, information), enabling administrators to quickly identify and address issues.
  • Report Generation: Supports automated generation of statistical reports to help users understand the network’s security status and traffic trends.

Technical Architecture of the Great Wall Firewall #

The construction of the Great Firewall (GFW) does not rely on a single technological approach but employs multi-layered, multi-dimensional technical strategies to effectively control internet content. Its core components can be categorized as follows:

1. Domain Name System Filtering #

This is one of the most fundamental and critical aspects of GFW. By operating at the root server level, specific domains are blocked or redirected, preventing users from accessing content on certain websites. This method not only effectively blocks the spread of illegal and harmful information from abroad but also indirectly controls discussions on domestic sensitive topics.

2. IP Address Filtering #

GFW regularly updates its blacklist of IP addresses and incorporates these into network routing to intercept or deny service access. This approach can not only block content provided by specific servers but also redirect routes to prevent users from accessing certain websites.

3. Proxy Server Detection and Restriction #

In response to methods that bypass direct blocking, GFW inspects and blocks proxy services on the internet. Once a proxy node is detected being used to circumvent regulations, it is added to the blacklist, and related traffic is intercepted or filtered. Additionally, through multi-layered protection systems, encrypted communication protocols (e.g., HTTPS) applications and services are monitored and restricted.

4. Content Identification and Monitoring #

Using advanced technologies such as natural language processing and machine learning, GFW is capable of identifying and filtering content that contains sensitive words or specific themes. This technology can monitor information in real-time across various formats, including webpages, forum posts, social media updates, etc., and respond promptly to prevent the spread of such content. This extends beyond text analysis to include review of images, videos, and other multimedia content.

5. VPN and Anonymous Access Control #

In response to increasingly complex network environments and user demands, GFW employs multiple measures to identify and block attempts to use tools like VPNs, Tor, etc., for anonymous access. By monitoring user internet behavior in real-time, once suspicious activity indicative of these techniques is detected, immediate blocking or limiting actions are taken.

6. Multi-Layer Defense System Combining Hardware and Software #

In addition to the technical aspects mentioned above, GFW implements strict physical security measures at network infrastructure level. For example, monitoring devices are installed at internet access points to perform deep packet inspection (DPI), ensuring all data flows remain within controlled parameters. Furthermore, through collaboration with telecommunications operators, a robust firewall system is established to defend against external attacks.

7. Stateful Packet Inspection (SPI) #

Stateful packet inspection is a key characteristic that distinguishes modern firewalls from traditional packet-filtering firewalls. By tracking connection state information, the Great Wall Firewall can more accurately determine the legitimacy of data packets.

  • Connection State Tracking: Records detailed information about each connection, including source IP, destination IP, port numbers, and session ID.
  • Dynamic Rule Generation: Adjusts access control policies in real-time based on actual traffic flow without manual intervention.

8. Intrusion Detection and Prevention (IDS/IPS) #

The Great Wall firewall integrates intrusion detection system (IDS) and intrusion prevention system (IPS) capabilities, enabling immediate action upon detecting abnormal behavior.

  • Attack Signature Database: Possesses a massive attack signature database capable of identifying thousands of known network attack methods.
  • Real-time Blocking: Once suspicious traffic is detected, the firewall immediately discards or limits the flow to prevent attack escalation.

9. Multi-Tenant Security Isolation #

Tailored for cloud computing environments, the Great Wall firewall supports multi-tenant security isolation technology. Each tenant’s network traffic is processed independently, ensuring no resource interference between users.

  • Virtualization Deployment: Utilizes virtual machine management technology to run multiple firewall instances on the same hardware.
  • Resource Quota Control: Allocates fixed bandwidth and computing resources for each tenant to prevent malicious users from over-consuming resources.

10. Machine Learning Algorithms #

The Great Wall firewall incorporates machine learning technology to enhance threat detection accuracy and efficiency. By analyzing massive traffic data, the system can automatically identify unknown attack patterns and continuously improve its protective strategies.

  • Behavioral Modeling: Establishes mathematical models based on normal user behavior; any deviation from these patterns is flagged as a potential threat.
  • Adaptive Defense: Dynamically adjusts security policies according to network environment changes, ensuring optimal protection capabilities at all times.

These technical means complement each other to form the powerful functions of GFW. While these measures have maintained the security and stability of the internet to some extent, they also trigger extensive debates regarding privacy protection and freedom of speech. Therefore, balancing the need for cybersecurity with public interests will be an important issue in future development processes.

Great Wall Firewall Security Policies and Management #

1. Flexible Rule Configuration #

Great Wall Firewall provides a wealth of rule configuration options, allowing users to customize security policies based on their specific needs. It supports filtering rules based on multiple dimensions such as IP, port, protocol, and allows setting time restrictions and traffic direction.

  • ACL (Access Control List): By defining specific access rules, fine-grained control over network resources can be achieved.
  • Service Object Management: Users can create custom service objects, including combinations of specific application protocols and port numbers.

2. Threat Intelligence Integration #

Great Wall Firewall collaborates closely with 360 Group’s global threat intelligence center to obtain the latest information on cyber security threats in real time. This intelligence is integrated into the firewall’s rulebase, ensuring that users can defend against both known and emerging attack threats.

  • Malicious IP Address Filtering: By comparing against the local rules database, connections from known malicious IPs are quickly identified and blocked.
  • Vulnerability Alerts: When a known vulnerability is detected in the network, the firewall automatically triggers corresponding protective mechanisms.

3. Zero Configuration Deployment #

To simplify the operation process for users, Great Wall Firewall supports zero-touch deployment mode. Administrators only need to connect the device to the network, and the system will automatically complete the initial configuration and optimize rules based on actual traffic conditions.

  • Quick Online: No complex installation steps are required, reducing deployment time.
  • Smart Optimization: Based on real-time traffic analysis,防护 strategies are dynamically adjusted to ensure optimal performance.

4. High Availability and Load Balancing #

Great Wall Firewall supports cluster deployment and load balancing technology, ensuring stable operation in high-concurrency scenarios. By working together through multiple devices, the overall system’s processing capacity and reliability are enhanced.

  • Heartbeat Detection: Real-time monitoring of cluster member status is performed, promptly identifying and replacing faulty nodes.
  • Traffic Sharing: Traffic is intelligently allocated based on the load conditions of each node, preventing single-point overload.

Application Scenarios for the Great Wall Firewall #

1. Enterprise Network Protection #

In an enterprise’s internal network, the Great Wall Firewall can serve as the first line of defense, protecting core assets from external threats. Whether it is a traditional office network or a modern cloud data center, the Great Wall Firewall offers efficient protection.

  • Data Security: Prevent sensitive information from leaking through the network.
  • Compliance Assurance: Meet the requirements of international standards such as ISO27001 for cybersecurity.

2. Government and Public Sector #

For critical information systems in government and public sector organizations, the Great Wall Firewall provides high-level security protection. Through strict access control and logging functions, it ensures the stability of network infrastructure.

  • Emergency Response: Quickly activate emergency defense mechanisms when facing significant cyber attacks.
  • Audit Compliance: Meet national regulations on cybersecurity.

3. Financial Industry #

The cybersecurity requirements in the financial industry are extremely high. The Great Wall Firewall, with its strong resistance to attacks and high availability, is the top choice for financial institutions.

  • Transaction Security: Protect the security of critical business such as online payments and securities trading.
  • Risk Control: Reduce the risk of network fraud through real-time monitoring and analysis.

4. Education and Research #

In educational institutions and research units, the Great Wall Firewall effectively manages student and researcher internet behaviors while providing reliable protection for research data.

  • Content Filtering: Block access to inappropriate websites and illegal information.
  • Intellectual Property Protection: Prevent important research outcomes from being accessed or stolen without authorization.

As cyber security threats become increasingly sophisticated, The Great Wall Firewall is continuously evolving to address new challenges. Below are the key directions for future development:

1. Artificial Intelligence and Automation #

Enhance the capabilities of machine learning algorithms to achieve proactive identification and defense against unknown threats. Implement automated response mechanisms to reduce the need for human intervention.

2. Edge Computing Protection #

With the growing adoption of edge computing technology, The Great Wall Firewall will optimize its security protection capabilities at edge nodes to ensure the safety of distributed systems.

3. Zero Trust Architecture #

Adopt a zero trust model (Zero Trust Architecture) to fundamentally change the traditional boundary-based cyber security paradigm. Whether within internal networks or external access points, all users and devices must undergo rigorous verification before being granted access to resources.

4. IPv6 Support #

Comprehensively optimize support for the IPv6 protocol to meet the demands of internet address space expansion while enhancing security protection capabilities under new protocols.

Social Impact and Controversies of the GFW #

The Global Firewall (GFW) as part of internet regulation has sparked extensive debate and response in society. On one hand, it is criticized for severely infringing on citizens’ freedom of speech and privacy protection; on the other hand, it is also seen as ensuring a certain degree of national information security and social stability.

First, regarding freedom of speech #

The existence of the GFW restricts access to large amounts of domestic and foreign information, leading to strict limitations or bans on the spread of many international viewpoints and ideas. This not only hinders the normal flow of knowledge and information but can also result in a narrow public perspective and limited thinking. Critics also point out that the review system lacks transparency, making it difficult for ordinary internet users to understand which content is considered sensitive and blocked, thereby increasing feelings of unfairness in society.

Second, in terms of personal privacy protection #

The GFW collects and processes substantial amounts of user data and behavioral information through various technical means. While officials claim these are primarily used for maintaining cybersecurity, there is a risk of abuse in practice. If such data leaks or is misused, it could significantly harm individual rights. In the current era of big data, the leakage of sensitive personal information can pose unforeseeable risks to individuals.

Finally, Misblocking Leading to Normal Communication Interruption #

Due to the ambiguity in review standards and uncertainties during their enforcement, there may be instances where websites and services unrelated to regulatory objectives are incorrectly blocked, thereby disrupting normal business operations and hindering international collaboration.

Final Conclusion #

Meanwhile, others argue that GFW has played a positive role in combating cybercrimes and safeguarding national security. Through its rigorous technical surveillance methods, potential threats can be identified and addressed promptly; it also encourages internet service providers to strengthen their own cybersecurity measures, thereby reducing the likelihood of security risks from the source. Additionally, implementing stricter controls during major sensitive periods helps maintain social stability.

In summary, while enhancing the country’s level of network information security, GFW has sparked widespread controversy. Striking a balance between regulatory needs and citizens’ rights has become an urgent issue to address. The future requires continuous optimization and improvement of relevant mechanisms to achieve a more harmonious internet ecosystem.

International Perspectives on GFW #

On a global scale, many international organizations, non-governmental organizations, and media have closely monitored and criticized the Great Firewall (GFW). The Office of the United Nations High Commissioner for Human Rights (OHCHR) has repeatedly pointed out that GFW violates fundamental rights such as freedom of speech and privacy. Meanwhile, the U.S. Department of State mentioned in its annual report that internet censorship poses a challenge to democratic values and called for more open and transparent measures to improve the situation.

Some well-known tech companies have also openly opposed such excessive restrictions. For instance, major international corporations like Google and Twitter have previously withdrawn from local markets or faced significant pressure due to dissatisfaction with strict content regulation policies in certain regions. This has further fueled negative perceptions of China’s online environment among the outside world. Additionally, human rights organizations such as Reporters Without Borders (RSF) and the Electronic Frontier Foundation (EFF) continue to call on governments worldwide to loosen control measures and promote global attention to issues surrounding internet freedom.

It is worth noting that while the Great Firewall (GFW) is often seen as one of the most influential cases, other countries and regions also implement varying degrees of internet censorship. For example, Russia operates its own “Federal Internet Regulatory System,” which blocks domain names and restricts access to specific websites for content filtering purposes. Meanwhile, the European Union protects user privacy rights through laws like GDPR (General Data Protection Regulation) and advocates for digital freedom principles. These practices across different nations provide a broader perspective for examining the complex and diverse global approaches to internet governance that GFW represents.

Conclusion #

In conclusion, the Great Wall firewall has established itself as a significant player in cybersecurity due to its powerful features, flexible configuration, and outstanding performance. As cyber threats continue to evolve, the Great Wall firewall will persist in innovation, offering users more comprehensive and intelligent protection solutions to safeguard peace and security in the digital world.

While the GFW has played a crucial role in maintaining national security and social stability, it is also accompanied by numerous controversies and challenges. In an increasingly open and interconnected world, how to better respect and protect individual rights while ensuring information security becomes an important issue that needs serious consideration in future development.