What Does a Firewall Do?

A firewall is a network security system that monitors and controls incoming and outgoing network traffic based on a set of predefined rules. Firewalls allow or disallow specific types of traffic, and act as a gatekeeper for the internal network.

Get a Personal Firewall Demo Miercom NGFW Security Benchmark

How a Firewall Works

Firewalls inspect and filter incoming traffic and outgoing traffic using a set of rules defined by a network administrator.

Traffic Inspection

Firewalls use a process called deep packet inspection (DPI) to examine the packet headers and payload of data packets sent through the public network. DPI enables the analysis of packet data, including:

  • Protocols
  • Destination ports
  • Application-layer information

This helps them detect unauthorized or malicious access attempts, even when the traffic is encrypted. As part of traffic inspection, firewalls analyze various aspects of each packet, such as:

  •  Source and destination IP addresses
  •  Port numbers (e.g., 22 for SSH, 443 for HTTPS)
  •  Protocols (e.g., TCP, UDP, ICMP)
  •  Application-layer information (e.g., HTTP headers, FTP commands)

By analyzing these factors, the firewall distinguishes between normal user activity and traffic containing unauthorized or potential threats.

Traffic Filtering

Traffic is then either blocked or allowed based on pre-configured security rules.

Network administrators define the types of traffic appropriate for a given business use-case. Filtering criteria include:

  • IP addresses: Allow or deny traffic from or to specific IP addresses or IP ranges.
  • Port number: Enforce that only particular types of traffic are allowed on a given port (e.g., only allow HTTPS traffic on port 443).
  • Protocols: Block or allow traffic based on the protocol used (e.g., block all ICMP traffic).
  • Applications: Allow or deny access to applications or services (e.g., open port 5432 to enable network access to a database).
  • Other Criteria: User identity, geographical location, and time of day are all potential factors allowing for more granular control of traffic.

With careful configuration, a firewall lets users complete their work tasks while also protecting the network from unauthorized access and minimizing security risks.

Key Security Features of a Firewall

Here are the key security features that firewalls employ to ensure the security of the network.

Stateful Inspection

Stateful inspection is a feature of firewalls that allow them to keep track of the state of active connections, ensuring that only authorized communication happens between devices on the network.

For instance, the stateful firewall creates an entry in a state table every time a device initiates a connection to a server. The entry includes information like source and destination IP addresses, ports, and protocols used. The firewall monitors and updates this entry throughout the data exchange between devices, ensuring only authorized traffic is allowed.

Stateful inspection protects against common cyberattacks, improves detection of malicious traffic patterns, and reduces false positive reports, thereby enhancing the firewall’s traffic identification and blocking capability.

Application Awareness

Advanced firewalls have application (layer 7 of the OSI model) awareness capability, meaning they are able to recognize and control specific applications running on the network. This is achieved through DPI or protocol analysis.

Application awareness provides several benefits, such as:

  •  Ability to restrict access to sensitive applications or services.
  •  Prioritized traffic access for critical business applications.
  •  Improved visibility into network activity with detailed application usage reports.
  •  Enhanced ability to identify and block unwanted network traffic.
  •  Simplified and automated management of complex network environments.

Intrusion Detection and Prevention

Firewalls may detect and prevent unauthorized access by analyzing data packets sent over the network to identify patterns that indicate an attack or intrusion. Intrusion detection and prevention systems (IDPS) may exist as dedicated network appliances which closely integrate into firewalls.

Advanced firewalls can natively offer IDPS capabilities.

With these capabilities, firewalls can monitor network traffic for known attack signatures, and may reference third-party threat intelligence databases to identify potential security risks. They can then block the offending traffic and alert security staff about threats.

These key features enable strong firewalls to defend against cyber threats, ensuring only authorized user access occurs.

Additional Features

Next, we’ll look at other features firewalls offer to enhance their capabilities and provide additional layers of protection.

  • VPN Support: Firewalls can provide Virtual Private Network (VPN) access for remote users to connect to the network, ensuring all data transmitted to and from the user remains encrypted and thus protected from unauthorized access. Remote access VPN users are also further restricted to specific areas or applications based on fine-grain zero-trust security policies.
  • Content Filtering: Some firewalls are capable of blocking access to malicious websites, or enforce company policies which discourage non-work-related activities, such as engagement with social media or online gaming platforms.
  • Network Address Translation (NAT): NAT converts internal IP addresses into a single public IP address, thereby hiding the internal IPs from public visibility.
  • Bandwidth Management and Traffic Shaping: Ensures efficient use of company bandwidth by optimizing user access of internal and external resources, prioritizing critical applications over less important traffic.

Next we’ll see how common types of firewalls are deployed in a network.

Firewall Uses in Networking

Different types of firewalls play an important role in securing cloud-based infrastructure, complex corporate networks, small and medium business (SMBs), and even home networks.

  • Software Firewalls: Software firewalls are commonly installed on end user workstations and servers running business applications. They provide protection tailored to the specific machine, preventing unauthorized access to the device’s resources.
  • Proxy Firewalls: Proxy firewalls filter requests at the application layer, acting as an intermediary between users and the internet. They provide an additional layer of security by preventing direct connections and inspecting traffic for malicious content.
  • Network Firewalls: Network firewalls are positioned at the boundaries of a network, protecting internal resources from external threats. They safeguard enterprise and organizational infrastructure by filtering traffic based on a predefined set of security rules.
  • Next Generation Firewalls (NGFWs): NGFWs go beyond traditional stateful inspection firewalls and packet filtering, implementing advanced capabilities like threat intelligence feeds, intrusion prevention, application awareness, deep packet inspection, and securing HTTPS/TLS encrypted traffic where evasive threats can hide.  NGFWs are important for protecting against sophisticated cyber threats like phishing, ransomware, malware, DNS and IoT attacks, DDoS, and more.

Firewalls are additionally used to secure the network in these ways:

  • Regulation of traffic between workstations or virtual machines (VMs) and external networks.
  • Segmentation of the network into smaller networks, reducing both the attack surface and the potential for lateral movement within the network.
  • Enabling administrators real-time visibility into network activity so they may swiftly respond to security incidents.

Why Organizations Need a Firewall

Here is why organizations need a firewall.

  • Protection Against Cyber Threats: The ever-increasing number of attacks on networks and systems necessitate strong defenses. Firewalls provide a layer of protection against unauthorized access and malicious activities, preventing hackers from infiltrating the network.
  • Data Security: Firewalls implement rules which control incoming and outgoing network access. They enforce policies which restrict access to ports, protocols, and IP addresses, ensuring that authorized users and devices can access the network, ensuring legitimate access of sensitive resources.
  • Compliance Requirements: Industry regulations like PCI-DSS, HIPAA, and GDPR require organizations to implement security measures which rely on firewalls to protect sensitive data and prevent unauthorized access. Proper firewall implementation and configuration helps organizations to demonstrate compliance and reduce the risk of fines or penalties.

Quantum Force AI-Powered Firewalls and Security Gateways

We’ve seen how firewalls ensure reliable access to network resources while protecting both users and organizations alike from threats to security. Check Point’s Quantum Force next-generation firewall offers unprecedented AI-powered threat prevention and integrated threat intelligence capabilities, all while maintaining high performance and ease of use.

Learn more about Check Point’s industry-leading firewalls and how they can protect your organization against cyber threats. Schedule a demo of Quantum Force today or watch 1 min video about Quantum Force capabilities.

Get Started

Quantum R82

Top NGFW Compared

Quantum Force

Network Security Solutions

Related Topics

5 Firewall Features you Must-Have

Firewall Management

Proxy Firewall

Stateful Firewall

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK