What is a Firewall? Everything You Need to Know to Protect Your Network

Firewalls are among the oldest and most widely used network security solutions. They monitor and filter traffic to and from a device, following predefined security rules to block suspicious traffic and protect devices from various cyberattacks.
Firewalls range from free or inexpensive software solutions for home use to high-powered, special-purpose hardware protecting sensitive enterprise assets.
To help you better understand firewalls, we'll cover some common questions. The answers can help you better understand this security tool—and choose the right one to protect your network.
1. What is a Firewall and How Does it Work?
A firewall is a network security device or software designed to monitor and control incoming and outgoing network traffic based on predetermined security rules. It acts as a barrier between a trusted internal network and untrusted external networks, such as the internet, to block malicious activity while allowing legitimate communication.
Firewalls examine data packets, which are small units of data transmitted over a network. They also let you set rules to decide whether to allow, block, or restrict these packets. For example, a firewall can be configured to block traffic from specific IP addresses, prevent unauthorized access to certain ports, or filter content based on keywords.
In addition to blocking threats like hackers and malware, firewalls can also help enforce organizational policies, such as limiting employee access to specific websites. Modern firewalls often include advanced features like intrusion detection and prevention systems (IDPS) and deep packet inspection for enhanced security.
2. Where Did the Term “Firewall” Come From?
The term firewall originally had a more literal meaning. As far back as the mid-1600s, it referred to special walls, made of noncombustible materials that were used to separate buildings or groups of buildings into sections. The walls would stop fires from spreading from one section to another.
Today, the term is used in other contexts, such as financial firewalls designed to prevent the spread of insider information. However, a firewall generally refers to hardware or software used to avoid the spread of malware or detect data leakage in computer networks.
3. How Do Firewalls Protect Data?
Firewalls protect data by filtering and monitoring network traffic to prevent unauthorized access, data breaches, and cyberattacks. They achieve this through several techniques:
Packet Filtering: This method analyzes individual data packets based on predefined rules, such as source and destination IP addresses, ports, or protocols. If a packet doesn’t meet the rules, it’s blocked, stopping harmful data from entering the network.
Stateful Inspection: Unlike simple packet filtering, stateful inspection tracks active connections and evaluates the context of packets within these sessions. This ensures that only packets belonging to valid, established connections are allowed, adding an extra layer of protection against spoofed or malicious traffic.
Proxy Service: Acting as an intermediary, a proxy firewall examines traffic at the application layer. It masks internal systems by processing requests on their behalf, preventing direct access to sensitive data. This adds another layer of security by filtering and inspecting content for potential threats.
By combining these methods, firewalls ensure only safe, authorized traffic reaches your network, protecting sensitive data from cyber threats while allowing legitimate communication to flow.
4. Where are Firewalls Typically Located?
Firewalls are strategically placed to maximize security. They often sit between the internal network and external internet, at the network perimeter. Ideally, firewalls are placed as close as possible to the asset they are protecting.
Perimeter firewalls protect an entire network from untrusted traffic. Internal firewalls may be used to protect particularly sensitive or critical network segments or to limit the damage of any attacks that bypass the perimeter defenses. Once an attack gains a foothold, it attempts to move laterally to penetrate as many systems as possible. Internal firewalls can also prevent malicious or unwitting insiders from accessing prohibited systems.
5. What Can a Firewall Protect Against?
Firewall capabilities vary from basic home firewalls to advanced NextGen firewalls designed to protect critical enterprise systems. All firewalls can detect certain kinds of known malicious traffic.
They can block traffic from IP addresses associated with malware and phishing attacks — or block traffic to ports that are not used by legitimate traffic. More advanced firewalls can also inspect the contents of data packets and detect known malware signatures.
6. What Can't a Firewall Protect Against?
No security solution is perfect, including firewalls. Firewalls are only as good as the security rules they are programmed to follow. Basic firewalls can block traffic to and from known malicious IP addresses and unused ports and protocols; if they are properly configured, this will prevent many easy attacks. However, it will not stop a malicious or compromised insider from exporting sensitive data or blocking attacks from apparently legitimate IP addresses.
Similarly, more advanced firewalls can inspect the content of data traffic and check for known attack indicators but cannot prevent new attacks. Hackers know how firewalls work and actively seek ways to evade them. Consequently, firewall users need to ensure that their firewalls are configured properly and updated frequently to adapt to new threats.
7. What are the Different Types of Firewalls?
Firewalls come in various forms, each designed for specific functions in protecting networks. There are also hardware and software firewalls, which we'll cover in the next section. The most common types of firewalls include:
Network Layer Firewalls (Packet Filtering): These analyze individual packets based on criteria like IP addresses, ports, and protocols, allowing or blocking them based on rules. They are efficient but offer limited insight into traffic context.
Application Layer Firewalls (Proxy Firewalls): These operate at the application layer, inspecting data for specific applications like HTTP or FTP. By acting as intermediaries, they prevent direct access to internal systems and provide detailed filtering.
Next-Generation Firewalls (NGFW): NGFWs combine traditional firewall features with advanced capabilities like deep packet inspection, intrusion prevention, and application awareness. They offer robust protection against sophisticated threats.
Unified Threat Management (UTM) Firewalls: UTMs integrate multiple security functions, such as antivirus, VPN, and content filtering, into one solution, making them ideal for small to medium-sized businesses.
8. What's the Difference Between Hardware and Software Firewalls?
Hardware firewalls are physical devices that operate independently, using a proprietary operating system to manage and secure network traffic. Since they are dedicated devices, they can handle large volumes of traffic without slowing down the servers or end-user devices they protect. These firewalls are ideal for securing large networks with heavy traffic but come with higher costs and are more complex to configure.
Software firewalls are applications installed on individual devices or servers. They monitor and control traffic directly on the host system, providing protection tailored to that specific device. Software firewalls are typically easier to configure and more cost-effective than hardware firewalls, making them a popular choice for individuals or small businesses. However, they can consume system resources, which may impact device performance, especially under heavy traffic loads.
9. What is the Best Firewall for Home Use?
As with any security solution, it depends. What do you need to protect, what solutions do you already have in place, what threats do you need to defend against, and how much are you willing to spend? Many home users just want to block viruses, malware, and spyware. Installing a commercial off-the-shelf software firewall is sufficient.
For homes with many connected devices, hardware perimeter firewalls may be useful, as they will protect all the connected devices, including IoT devices. Some include controls that let parents limit their kids' internet usage.
Need help choosing a firewall? Our guide Choosing the Right Firewall for Your Organization offers more details.
10. How Much Does Firewall Software Cost?
Firewall software varies depending on the sophistication and level of protection provided by the software. There are free options, including Windows Defender, which is included by default on new Windows installations. So, there isn’t a set range, as subscriptions to commercial firewall software vary wildly and usually depends on device number and security features.
11. How Does Firewall Inspection Work?
Firewalls are configured with a list of predetermined rules that instruct a firewall on how to treat incoming or outgoing network traffic. These rules can be defined by conditions such as the IP address or port number from which a data packet originates and generally include flags that are commonly used for malicious reasons.
A firewall can be set to allow a packet through or ignore it for each condition. When a packet arrives at a firewall, the firewall inspects it and checks it against its predefined security rules. If a packet fails to meet any of the security rule conditions, it is dropped.
12. What is Deep Packet Inspection?
Basic firewalls only inspect packet headers for IP addresses and port and protocol numbers. More advanced firewalls perform deep packet inspection, examining the content of the data packet in addition to the header. These firewalls can block packets containing viruses or spyware, even if the packet header passes inspection. This allows the firewall to block malicious software even if it comes from a previously trusted source.
13. Will IPSec Make Firewalls Obsolete?
No, IPSec will not make firewalls obsolete. IPSec is a suite of protocols, standards, and algorithms used to secure traffic over an untrusted network. It is commonly used to set up virtual private networks (VPNs) over the internet. It provides a secure, authenticated channel with end-to-end encryption.
It does not, however, filter any other traffic coming into your device. IPSec can provide privacy and protect information; it is not, in and of itself, capable of filtering untrusted or malicious network traffic. In order to do that, it is still necessary to have a firewall in place to protect a device or network.
14. If I Have a Firewall, Do I Have a DMZ?
Maybe. If you have a DMZ (demilitarized zone), you almost certainly have at least two firewalls, but you can have a firewall without having a DMZ. In networking, a demilitarized zone (DMZ) is used to create a segregated space to isolate Internet-facing devices, like e-mail, websites, and DNS servers, from an organization's internal networks and devices. Internet-facing devices are the most vulnerable to attack.
DMZs are designed to prevent attacks from spreading from those vulnerable devices to the rest of the organization. The DMZ will be protected by perimeter defenses, including perimeter firewalls, to prevent attacks coming from the internet. The rest of the organization's IT infrastructure will be protected by internal defenses, including firewalls, placed between the internal network and the DMZ to prevent any successful attacks from spreading beyond the DMZ.
15. What is the Strongest Firewall?
With technology in general and security in particular, this is a difficult question to answer. A better question is, "What is the best firewall for my needs right now?" The answer to that will vary based on the assets you want to protect, the threats you face, the solutions you already have in place, and your security budget. The threat environment changes rapidly as hackers develop new attacks and vendors develop defenses.
In general, the best firewall is one designed by a reputable, experienced vendor like Palo Alto, with the capabilities you need, that works with your existing network and devices, is updated frequently, and is available at a price you can afford.
Wrapping Up
Firewalls aren't an end-all-be-all solution. However, if appropriately configured and updated frequently, they can be a powerful tool for keeping networks safer from cyberattacks. The key is to understand their strengths and limitations. By doing so, you can complement firewalls with other security tools and measures.
Learn more about firewalls in our Network+ Certification Online Training.
delivered to your inbox.
By submitting this form you agree to receive marketing emails from CBT Nuggets and that you have read, understood and are able to consent to our privacy policy.