What is a firewall?

A firewall is your network’s first line of defense against the cybersecurity threats of the public internet. Whether hardware or software, firewalls are designed to restrict access to your organization’s sensitive data while helping you monitor your network for suspicious activity. Think of firewalls as the gatekeepers to the public internet for your network users, filtering out threats and enabling them to connect safely to the sites and applications they need to do their work.

Read on to learn more about how firewalls work, the risks of not using them, and the difference between hardware and software-based, next-gen firewalls.

About Firewalls

A firewall is a network security system designed to monitor, filter, and control incoming and outgoing traffic based on predetermined security rules. A firewall is a barrier between a trusted internal network and the public internet. A firewall establishes a security perimeter to prevent unauthorized access to or from private networks.

Firewalls are hardware devices or software applications. A network can contain one or the other or a combination of both. They operate at various layers of the OSI (Open Systems Interconnection) model, including the network layer and the application layer.

Here are some of the most common types of firewalls:

  • Packet Filtering Firewalls: This type of firewall is designed to examine packets of data and make decisions based on security rules defined by an organization. The primary decisions made by firewalls are to allow or block access based on the predefined security rules set by security professionals. Packet filtering is typically done at the network layer of the OSI model.
  • Stateful Inspection Firewalls: These keep track of the security status of active connections and make decisions based on the context of the traffic. State inspection allows the firewall to understand the state of a connection and make better-informed decisions about whether to allow or block specific packets.
  • Proxy Firewalls: These act as intermediaries between clients and servers, handling communication on behalf of the devices behind the firewall. They can provide additional security by hiding the internal network structure and performing deep packet inspection.
  • Application Layer Firewalls: These firewalls operate at the application layer of the OSI model. They have the ability to inspect traffic at a higher level, making decisions based on the specific applications or services being used.
  • SD-WAN Firewall: Short for Software-Defined Wide Area Network. An SD-WAN firewall is a software-based technology that enhances security by monitoring and managing inbound and outbound network traffic within a Software-defined Wide Area Network (SD-WAN). SD-WAN firewalls allow you to connect branch offices and remote workers more securely, effectively, and cost-efficiently. SD-WAN firewalls are a common defense system that can stop threats, prevent intrusion, and enforce remote access policies to stop threats from getting in.

Why Are Firewalls Important?

Firewalls are important because they are the first line of defense against unauthorized access to your private network. They are one of the most effective and commonly used building blocks of network security. By controlling the flow of data in and out, firewalls serve a crucial role in a multilayered cybersecurity strategy.

Today’s next-gen firewalls are usually equipped with intrusion detection and prevention features to identify and block malicious activities, such as hacking attempts, malware, and other cyber threats. Firewalls are an essential component of maintaining the privacy and confidentiality of your organization’s sensitive data. This is especially important for organizations that handle sensitive customer or business data, such as banking, financial, healthcare, and education.

Firewalls often support VPNs, enabling secure remote access to the network. This is crucial for organizations with remote employees or branch offices, ensuring that data transmitted over the internet is encrypted and secure.

Finally, firewalls can keep logs of network activities, which are valuable records for security compliance audits and incident response forensic analysis. Monitoring firewall activity logs allows administrators to identify and respond to potential security incidents.

How Do Firewalls Work?

Firewalls operate at the network level, examining and controlling network traffic based on predetermined security rules.

Here's how firewalls work:

  • Packet Filtering: Firewalls inspect individual data packets based on predetermined rules. Each packet contains information about its source, destination, protocol, and other attributes. The firewall compares this information against its rule set to determine whether to allow or block the packet.
  • Stateful Inspection (Dynamic Packet Filtering): Unlike basic packet filtering, stateful inspection keeps track of the state of active connections. The firewall maintains a state table that tracks the state of established connections. It allows or blocks packets based not only on individual packet characteristics but also on the context of the entire communication session.
  • Proxy Services: Firewalls can act as intermediaries (proxies) between internal and external systems. When a user inside the network requests a service, the firewall can forward the request on behalf of the user. The proxy can filter and modify the content of the communication, providing an additional layer of security.
  • Network Address Translation (NAT): Firewalls often use NAT to map private IP addresses to a single public IP address. This helps conceal the internal network structure and provides an additional layer of security by preventing direct access to internal devices.
  • Application Layer Filtering: Firewalls can analyze data at the application layer (Layer 7 of the OSI model). This allows them to block or allow traffic based on specific applications or protocols, providing granular control over network activities.
  • Logging and Monitoring: Firewalls often include logging capabilities to record information about network traffic. System administrators can review these logs to identify and respond to security incidents or policy violations.
  • Security Policies: Administrators define security policies that dictate how the firewall should handle various types of traffic. These policies may include rules for allowing or blocking specific ports, protocols, IP addresses, or applications.
  • Intrusion Detection and Prevention: Some advanced firewalls incorporate intrusion detection and prevention features to identify and block malicious activities in real time.

Firewalls help organizations establish a secure perimeter and control the flow of traffic in and out of their networks, contributing to overall network security.

How Are Hardware Firewalls and Software Firewalls Different?

Hardware and software firewalls are both important components of network security, but they differ in terms of their form, implementation, and functions. Here's a breakdown of their differences:

A hardware firewall is a dedicated physical device installed between your internal network and the external network (usually the internet). It often comes in the form of a standalone appliance or is integrated into networking devices like routers. Most hardware-based firewalls operate at Layer 3 of the network or the network layer and filter traffic based on IP addresses, ports, and protocols. Hardware firewalls can be more effective in protecting an entire network because they filter traffic before it reaches individual user devices. Hardware firewalls are typically configured and managed through a web-based interface or a command-line interface. This provides a centralized point for managing and configuring security settings for an entire network. Hardware firewalls are meant to provide a physical barrier between the internal network and external networks. They bring an additional layer of protection, especially for larger networks.

Software firewalls are applications. A software firewall, in essence, is a program or application that runs on individual computers or servers. It can be part of the operating system or installed separately as a standalone application. Software-based firewalls operate at the application layer (Layer 7) or transport layer (Layer 4) of the OSI model. Usually, these firewalls are used to monitor and control incoming and outgoing network traffic specific to an individual device, such as a server, desktop, laptop, or smartphone. Software firewalls are generally configured and managed through a user interface on the device they are protecting. This allows users to define rules and settings for their specific devices.

Software firewalls serve as a virtual barrier on each device, protecting it individually. They are suited for securing traffic to personal devices and smaller networks.

In most enterprise networks, hardware firewalls protect entire networks and are typically used in larger environments, while software firewalls operate on individual devices, providing more granular control and flexibility. A comprehensive security strategy may involve using both types of firewalls to address different aspects of network security.

Sophos Firewall

Today’s modern firewalls, whether hardware or software, must be robust enough to support remote and hybrid workers who need to access the internet and their connected systems safely from anywhere.

Sophos Firewalls are the heart of the world's best network security platform. Sophos firewalls help you consolidate and simplify your network security via a centralized cloud management console and agent.

Sophos Firewall includes more than any other firewall:

  • Full next-gen firewall capability with the best protection and performance optimized for the modern encrypted internet
  • Integration with Sophos MDR and Sophos XDR to provide Automated Threat Response and Synchronized Security to stop threats before they can cause serious problems
  • Comprehensive SD-WAN capabilities to orchestrate and interconnect your various offices and locations easily and securely.
  • Support for our SSE and SASE portfolio of cloud-delivered network security solutions, including ZTNA, SWG DNS Protection, and more
  • Built-in ZTNA to enable secure and easy remote worker access
  • Cloud management and reporting from Sophos Central enable you to manage your firewalls together with your wireless networks, switches, ZTNA, endpoints, mobile devices, servers, email protection, and much more.

Contact a Sophos Firewall expert today.

Get in touch 

Related security topic: What is endpoint security for remote workers?