100% Free Forever
AI-Powered Learning
Industry Expert Content
Certificates & Badges
Learn At Your Own Pace
Cybersecurity

Firewall

BeginnerTool5K learners

A firewall is a network security system that monitors and controls incoming and outgoing traffic based on predetermined rules, acting as a barrier between a trusted internal network and untrusted external networks such as the internet.

Definition

A firewall is a network security system that monitors and controls incoming and outgoing traffic based on predetermined rules, acting as a barrier between a trusted internal network and untrusted external networks such as the internet.

Overview

Firewalls are one of the oldest and most fundamental building blocks of network security. They inspect packets of data as they attempt to enter or leave a network and decide whether to allow or block them based on rules covering source and destination IP address, port, and protocol. Early firewalls were simple packet filters; modern firewalls perform much deeper inspection. Stateful firewalls track the state of active connections and only allow traffic that matches an established, legitimate session. Next-generation firewalls (NGFWs) go further, adding application-awareness, intrusion prevention, and integration with threat intelligence feeds — vendors like Palo Alto Networks and Fortinet are best known for this category. A Web Application Firewall (WAF) is a specialized variant that filters HTTP traffic to protect web applications from attacks like SQL Injection and Cross-Site Scripting (XSS). Firewalls can be implemented as dedicated hardware appliances, software running on a host, or cloud-native security groups in platforms like AWS and Azure. They remain a core layer in defense-in-depth strategies, though modern security architecture increasingly pairs them with Zero Trust Architecture principles rather than relying on perimeter defense alone.

Key Features

  • Rule-based filtering of traffic by IP address, port, and protocol
  • Stateful inspection that tracks legitimate connection sessions
  • Next-generation variants add application awareness and intrusion prevention
  • Available as hardware appliances, software, or cloud-native security groups
  • Can be deployed at network perimeter, between segments, or on individual hosts
  • Often integrated with threat intelligence and logging for visibility
  • Foundational component of layered, defense-in-depth security

Use Cases

Blocking unauthorized inbound traffic to internal servers
Segmenting internal networks to contain the spread of a breach
Enforcing outbound traffic policies to prevent data exfiltration
Protecting cloud workloads via security groups and network ACLs
Filtering malicious traffic at the perimeter of a corporate network
Supporting compliance requirements like PCI DSS that mandate network controls

Frequently Asked Questions