What Is a Firewall and How Does It Work?

Nick Morpus

Updated

Disclosure: Our content is reader-supported, which means we earn commissions from links on Digital. Commissions do not affect our editorial evaluations or opinions.

The internet is a marvel. People around the globe can share information instantly. And while that connectivity has made the world seem smaller, it’s also brought the potential for malicious actors to view, hijack, and harm people and businesses.

Firewalls are one of many network security tools to prevent these attackers from intruding into networks. Learn how a firewall works, how to use one, and what you can expect from a firewall.

Key takeaways: 

  • Firewalls protect your network from attacks by hackers and malicious software.
  • The three main types of firewalls (packet-filtering, stateful inspection and proxy) offer progressively more advanced protection levels.
  • Firewalls are evolving from “perimeter” protection to remote servers that offer security for hosting, processing, and transmitting data anywhere in the world.

What Is a Firewall?

A firewall “filters” — aka permits or denies — traffic based on a preset list of criteria a user or security team arranges. It also provides inspection capabilities, follows established traffic types, and other validity checks.

Firewalls protect networks from intrusions, prevent malware from entering, and allow and prevent internet protocol (IP) addresses from sending or receiving data.

These rules are set for both inbound and outbound traffic to control who and what’s allowed. These firewalls exist as physical devices installed on a network or as software programs on a computer, server, switch, or router.

Types of Firewalls

There are three types of firewalls on the market, each more advanced with additional security capabilities:

Packet-filtering firewall

This is the oldest and most recognizable firewall. Packet-filtering firewalls are a part of what is known as “perimeter-based security,” which protects network traffic by allowing packets from trusted IP sources. It filters out those that are unknown or untrusted through an access control list (ACL).

Packet filtering firewall diagram.
This is the basic layout of a perimeter-based security architecture with a packet filtering firewall. Source: Created in Canva

Packet filtering firewalls are “stateless firewalls” since they employ only access control lists to control inbound and outbound traffic. This makes them simple and cost-effective, but without learning capabilities to remember to repeat inbound and outbound connections or deep packet inspection, they aren’t useful against more advanced threats, such as malicious packets originating from trusted IP sources.

Stateful inspection firewalls

The next step up from the basic capabilities of a packet-filtering firewall is the stateful inspection firewall.

Unlike stateful inspection firewalls, packet-filtering firewalls are stateless. They rely on information technology (IT) security personnel to manually create access control lists to approve or deny network traffic from specific IP addresses.

In contrast, stateful inspection firewalls are capable of using ACLs, but also inspect the packet traffic, log the packet data, then validate by using those logs to compare to future traffic arriving from the same source.

Stateful inspection firewalls diagram.
The stateful inspection firewall allows traffic based on the previously approved packet types from specific IP addresses.

Stateful inspection firewalls operate under the concept of “this traffic was safe before, so if it’s the same, it is safe now.”

While this is more secure than relying on a static ACL, stateful inspection firewalls are process-intensive and tend to bottleneck traffic, making them potential targets for distributed denial-of-service (DDOS) attacks.

Proxy firewalls

A proxy firewall is the most secure type. Instead of allowing traffic to directly contact your network perimeter, all traffic is filtered through a proxy server — its own IP address — as the gateway, and the firewall is set up within this server.

Proxy firewall diagram.
The added layer of separation from the proxy server creates insulation that affects the gateway before it reaches the main network perimeter.

This firewall type uses capabilities like:

  • Deep-packet inspection (DPI): This feature inspects packets for signs of incoming malware and outgoing sensitive data and monitoring for restricted content like inappropriate websites.
  • Sandboxing: Proxy firewall servers typically work with threat protection capabilities like sandboxing to capture suspicious programs and play them out in a safe environment to prevent malware from reaching the network.
  • Traffic validation: Similar to a stateful inspection firewall, a proxy firewall will also compare old traffic to current traffic from recognized IP addresses.

Once traffic has passed through the proxy firewall, it’s logged and used to measure against future traffic sent through the server and into the network.

What Are the Components of a Firewall?

The concept of a firewall is built upon a specific set of components that make up its architecture, whether you’re talking about hardware or software-based firewall.

There are four main components of a firewall:

  • Network policies
  • Packet filtering
  • Application gateway
  • Authenticated access

Network policies

Network policies govern how traffic in and out of a network is handled. These policies include:

  • Which types of traffic are allowed to pass through or restricted
  • Which IP addresses can be trusted when passing through the firewall
  • How the firewall server will be used (For example, restrictions on using it as a web server, aka “dedicated functionality.”)
  • Allowable changes to the network
  • Security audit intervals

When managing a firewall, it’s important to regularly review policies to spot any alterations that might create gaps in your security.

Packet filtering

Packet filtering is one of the primary components of a firewall. It was the first firewall security measure created to prevent malicious connections from reaching a network, but it has evolved into a content-filtering capability extending beyond blocking and allowing IP addresses.

Today, packet filters can filter out:

  • Suspicious payloads
  • Web traffic from restricted sites
  • Packets from IP addresses
  • Unusually large traffic loads

They also control traffic through different transmission control protocol/user datagram protocol (TCP/UDP) sources and destination ports.

Application gateway

Application gateways are a newer component for modern firewalls. These gateways operate via proxy servers and create a go-between for users and the data they’re trying to interact with outside the network.

For example, if someone wants to view a web page, rather than sending the traffic directly from the internet to the internal network perimeter, it sets up a proxy to inspect the packets as they’re passed to users.

Authenticated access

It’s not enough to rely on passwords to protect your firewalls. Hackers can guess, steal, and crack passwords, especially when people use the same ones for multiple services.

Whether you’re securing physical servers or virtual firewalls, the best setups employ several protection methods on top of passwords, such as:

  • Multifactor authentication
  • Biometrics
  • Radio-frequency identification (RFID) devices
  • Smart cards

What Is the Future of Firewalls in the Cloud-Computing Era?

These days, the traditional network perimeter is dissolving to make way for a more cloud-based experience. Data and applications are rarely stored and run locally. Instead, they rely on remote servers to host, process, and transmit data to users wherever they are. This means that traditional network firewalls are becoming irrelevant.

Companies are moving toward perimeterless architecture, known as secure access service edge (SASE), a term coined by Gartner. SASE relies on security functions that operate in the cloud — firewalls included.

Next-generation firewalls are a part of this transition. Many proxy firewall functions are being brought into the cloud and offered as a subscription service known as “firewall as a service” (FWaaS). These firewalls will work with other remote security tools, such as:

  • Secure web gateways (SWG)
  • Zero-trust network access (ZTNA)
  • Cloud access security brokers (CASB)
  • Network as a service (NaaS)
SASE architecture.
This is the essential list of tools that make up a SASE architecture, including Firewall as a Service.

These tools, including FWaaS, will converge to create a new security and network architecture. So, is it worth investing in older network firewalls when creating your digital security plan or beginning your transition into the cloud?

Frequently Asked Questions About Firewalls

Do I need a firewall?

While almost every computer today has basic built-in protections, your business is vulnerable without the advanced features of a dedicated firewall that covers your network.

What are the risks of not using a firewall?

If you don’t install a firewall, you’re opening up your network, data, and devices to unnecessary risk. You have no way of knowing who’s connected to your servers. Someone could take remote control of them and steal vital data.

What are some of the major firewall brands?

Sophos, Check Point, pfSense, FortiGate, Plato Alto, Azure, SonicWall, Cisco, and Huawei are among the best-known firewall makers.

Nick Morpus Avatar
Nick Morpus
Nick Morpus is an analytical cybersecurity specialist with an NCSA/NCSP from NextGenT. He has experience in cyber threat hunting with Wireshark, NMAP, Kali Linux, and many other tools. He is also well-versed in cloud and perimeter security concepts including SASE architecture, Zero Trust, VPNs, firewalls, and SD-WAN.
Scroll to Top