It sounds like you’re getting a bit of misleading jargon. The technical definitions for these types of firewalls are:
- Layer 3 firewalls (i.e. packet filtering firewalls) filter traffic based solely on source/destination IP, port, and protocol.
- Layer 4 firewalls do the above, plus add the ability to track active network connections, and allow/deny traffic based on the state of those sessions (i.e. stateful packet inspection).
- Layer 7 firewalls (i.e. application gateways) can do all of the above, plus include the ability to intelligently inspect the contents of those network packets. For instance, a Layer 7 firewall could deny all HTTP POST requests from Chinese IP addresses. This level of granularity comes at a performance cost, though.
Since the proper definitions don’t line up with their pricing scheme, I think they’re using Layer 7 as a (technically incorrect) reference to a software firewall running on your VPS. Think along the lines of iptables or Windows Firewall. Should you pony up the extra fees, they’ll put your VPS behind a proper network firewall. Maybe.
If they can’t be bothered to use proper terminology when describing their VPS solution to potential customers, I’d question their competence in other areas as well.