Firewall

A firewall is a network security system that monitors and filters inbound and outbound network traffic based on defined security rules. The firewall acts as a barrier between a trusted internal network and untrusted external networks such as the internet.

Back to Dictionary

What is a firewall?

A firewall is one of the most fundamental security measures in any network. It typically sits between your internal network and the internet, deciding which traffic may pass and which is blocked.

The firewall operates on rules (policies) that define permitted and blocked traffic. A simple rule might state: "Allow outbound web traffic on port 443, block all inbound traffic except to the web server." More advanced firewalls can inspect traffic content and make decisions based on application, user and threat data.

Firewalls are a central part of network segmentation, separating network zones with different security levels. Together with DNS security, web filtering and endpoint security, firewalls form part of the organisation’s defence in depth.

Firewall types

Firewalls have evolved significantly over time:

Packet-filter firewalls: The oldest type. Filters traffic based on source/destination IP, port and protocol. Fast but limited, as it does not understand traffic content.
Stateful inspection firewalls: Tracks active connections and only permits traffic that is part of an established session. More secure than simple packet filtering.
Application-layer firewalls (WAF): Inspects traffic at the application level. Web Application Firewalls (WAF) specifically protect web applications against attacks such as SQL injection and cross-site scripting. Closely linked to application security.
Next-Generation Firewalls (NGFW): Combines packet filtering, stateful inspection, application recognition, intrusion prevention (IPS), TLS inspection and integration with threat intelligence. The standard for modern network security.
Cloud firewalls (FWaaS): Firewall functionality delivered as a cloud service. Relevant for organisations with distributed environments and remote workers.

Configuration and maintenance

A firewall is only as good as its configuration. Misconfigured firewalls are one of the most common causes of security breaches.

Default deny: Start by blocking all traffic and permit only what is necessary. This is more secure than starting with everything open and attempting to block the dangerous.
Least privilege: Permit only the traffic required for business. Use specific ports and IP addresses instead of broad rules.
Rule review: Review firewall rules regularly. Outdated rules that permit traffic that is no longer required are a security risk.
Logging: Enable logging of all blocked traffic and critical permitted traffic. Send logs to the SIEM system for analysis.
Change management: Document all changes to firewall rules. Use configuration management to track changes over time.

Test the firewall’s effectiveness regularly with penetration tests and vulnerability scanning to ensure it actually blocks what it should.

Regulations and standards

NIS2 requires essential and important entities to implement network security measures. Firewalls are a fundamental part of this requirement.

ISO 27001 and Annex A include controls for network security (A.8.20–A.8.22) and web traffic filtering (A.8.23). An ISMS should define requirements for firewall configuration and maintenance.

CIS 18 addresses firewall administration in Control 4 (secure configuration) and Control 13 (network monitoring and defence). DORA requires financial institutions to have robust network defences.

Under GDPR, firewalls are a central technical measure for protecting personal data against unauthorised network access.

Frequently Asked Questions about Firewall

What is the difference between a firewall and an NGFW?

A traditional firewall filters traffic based on IP addresses, ports and protocols. A Next-Generation Firewall (NGFW) adds application recognition, intrusion prevention, TLS inspection and threat intelligence integration. NGFW understands what the traffic contains, not just where it comes from.

Do you need a firewall if you use the cloud?

Yes. Cloud providers offer basic firewalls (security groups, network ACLs), but you are still responsible for configuring them correctly. For hybrid environments, you need firewalls that cover both on-premise and cloud infrastructure.

How do you maintain firewall rules?

Review rules regularly and remove outdated rules. Document the purpose of each rule, use naming conventions, and test changes in a controlled environment first. Many organisations review firewall rules quarterly.

Can a firewall protect against all threats?

No. A firewall is an important component, but it does not protect against threats arriving via encrypted traffic it does not inspect, social engineering or insider threats. Firewalls should be combined with endpoint security, identity management and monitoring.