What Is a Firewall?

A firewall is a network security device or software that monitors and controls incoming and outgoing network traffic based on predetermined security rules. It sits between trusted internal networks and untrusted external networks like the Internet, deciding in real-time which traffic passes and which gets blocked.

The name comes from construction, where a firewall is a physical barrier designed to contain fire. A network firewall contains threats the same way—by refusing to let them spread.

The Question Every Firewall Answers

At its core, a firewall answers a single question millions of times per second: Should this traffic be allowed?

The answer depends entirely on rules you've defined. Without a firewall, your network is a house with every door standing open, hoping no one walks in with bad intentions. Every service running on every server is directly accessible from the Internet. Every open port is an invitation.

A firewall closes those doors and posts a guard. Traffic that matches your rules passes through. Everything else gets turned away.

How Firewalls Make Decisions

Firewalls examine specific characteristics of each network packet and compare them against rules. The sophistication varies by firewall type, but common factors include:

Source and destination IP addresses tell the firewall where traffic originates and where it's headed. You might block all traffic from known malicious IP ranges, or restrict access to sensitive servers to specific trusted addresses.

Port numbers indicate which service is being accessed. Port 80 typically means web traffic. Port 22 means SSH remote access. A firewall might allow port 80 to your web server while blocking port 22 from the Internet entirely.

Protocols identify the type of communication—TCP, UDP, ICMP. Different protocols behave differently and carry different risks. Firewalls often apply different rules to each.

Connection state tracks whether traffic belongs to an existing conversation or represents something new. Modern firewalls remember which connections they've approved and automatically permit the responses, making legitimate communication seamless while blocking unsolicited attempts.

Advanced firewalls go deeper, examining actual packet contents, identifying specific applications, and detecting patterns that suggest malicious activity.

Where Firewalls Live

Firewalls sit at boundaries—the points where your trusted network meets networks you don't control. The most common position is between your internal network and the Internet.

But organizations often deploy multiple firewalls to create zones of different trust levels. A corporate network might have one firewall facing the Internet, another isolating web servers in a DMZ (demilitarized zone), and additional firewalls protecting databases containing customer information.

This layered approach follows a simple principle: if an attacker bypasses one barrier, another stands in the way. Security through depth, not a single wall.

The Evolution from Simple to Sophisticated

Early firewalls were blunt instruments. They examined IP addresses and port numbers—nothing more. "Is this from an allowed address? Is it going to an open port?" Yes or no. Pass or block.

Modern firewalls are far more intelligent. They inspect packet contents, identify applications regardless of port, detect intrusion attempts, recognize malicious patterns, and can even decrypt encrypted traffic for inspection.

This evolution mirrors the arms race between attackers and defenders. Simple packet filtering couldn't stop sophisticated attacks, so firewalls learned to look deeper.

What Firewalls Cannot Do

Firewalls are powerful, but they're not omniscient shields.

They can't stop threats that don't cross the network boundary—an infected USB drive bypasses the firewall entirely. They can't prevent attacks that use legitimate channels—malware delivered through an allowed email attachment passes through because email was permitted.

Firewalls can't protect against insider threats. Someone with legitimate access is already past the gate.

And critically, firewalls can't fix weak configurations elsewhere. If you allow SSH through your firewall to a server with a password of "password123," the firewall did its job perfectly. The server didn't.

The Philosophical Core

The firewall's question isn't really technical—it's philosophical: Who do you trust?

Every rule you write is an answer to that question. Allow port 443 from anywhere: you trust the Internet to connect to your web server. Block port 22 except from your office IP: you trust only your office network to manage servers remotely. Deny all traffic from a specific country: you've decided the risk outweighs the benefit.

The rules you write are your trust policy, expressed in configuration and enforced at network speed.

Firewalls in the Larger Picture

Firewalls are essential but not sufficient. They're one layer in a security architecture that includes intrusion detection, antivirus software, authentication systems, encryption, monitoring, and regular updates.

Think of the firewall as the outer wall. It stops obvious attacks and controls access at the perimeter. But you still need locks on interior doors, guards watching for suspicious behavior, and protocols for when something goes wrong.

For monitoring systems like Connected, firewalls provide crucial visibility. Knowing which ports are accessible, how rules are configured, and whether unexpected traffic is being blocked helps maintain security posture and quickly identify when something has changed.