What Is a Firewall and How Do They Work?

A firewall is a network security device that acts as a barrier between your internal network and external sources. It does so by scanning network traffic for threats coming from unknown or suspicious sources, because these sources could be sending viruses or other malicious software.

How do firewalls work?

Network firewalls are the first line of defense for your network. They work by blocking or allowing data packets based on preset security rules set by an administrator.

Internet traffic reaches a computer's entry point (called a port). Next, the port scans it. If the port deems it a trusted source, it allows the Internet traffic through.

Think of the system as a security guard at a house party. The house is the main destination IP address, and rooms within the house are ports. The security guard only allows trusted people (source IP addresses) into the house at all.

Once inside, partygoers are only allowed into certain rooms based on their access levels (owner or guest). The owner has permission to go into any room, or any port. On the other hand, guests only have access into certain rooms, or certain ports.

Firewall Protection

Types of firewalls

Firewalls can be hardware, software, or both. Software firewalls are installed onto individual computers on a network and regulate traffic through port numbers.  On the other hand, hardware firewalls are physical devices installed between the network and a gateway.


The most basic and common type of firewall is a packet-filtering firewall. They work by scanning packets and blocking them if they don't match a set of predetermined rules.

The issue is that packet filtering alone cannot determine the contents of a request. Therefore, a trusted source gets through even with a malicious request.


Proxy firewalls are another early type of firewall. Unlike packet-filtering, proxies serve as a gateway between networks, preventing direct connections from outside the internal network.

Additionally, proxy firewalls use deep packet inspection (DPI). DPI examines the data within the request itself rather than just examining the source. The proxy evaluates requests and allows the ones deemed trustworthy to pass through.

Network Address Translation (NAT)

Similar to proxies, network address translators act as an intermediary between computers on a network and external traffic. They work by allowing multiple devices on a network to use a single IP address. Thus, this keeps each individual device's IP address hidden. Malicious actors can't scan a network's IP addresses to steal information.

Stateful inspection

Stateful inspection firewalls are what many think of when they think of traditional firewalls. They block or allow traffic based on state, port, and protocol. Furthermore, decisions are made based on rules set by the administrator and the context of the request.

Unified Threat Management (UTM)

A UTM device essentially combines the functionality of stateful inspection with antivirus software. Ultimately, the idea is to provide multiple services in one easy-to-use bundle.

Next-Generation Firewall (NGFW)

NGFWs go beyond simple packet-filtering and stateful inspection. However, they provide protection against complex malware and application-layer attacks.

Here are some additional functionalities of NGFWs:

  • Intrusion prevention
  • Ability to block risky applications
  • Use of data analysis and AI to address changing security threats

As security threats continue to evolve, NGFWs will play a larger role as fundamental pieces of every organization's security framework.

Why use a firewall?

For the average Internet user, a dedicated third-party firewall is likely not necessary. Most routers provide a firewall function, and that in addition to a strong antivirus program offers users a suitable level of protection.

However, for those who want greater protection, or for businesses and organizations that deal with high amounts of diverse Internet traffic, using a firewall provides several benefits. Furthermore, they prevent remote access, which keeps an unauthorized third party from taking over your private network. It protects ports, blocks malicious traffic, and overall improves network safety.