A firewall protects the local network or local devices from unauthorised connections from the public Internet. It can consist of just software or a combination of software and hardware. The firewall function is able to monitor both incoming and outgoing data traffic and block or allow it as necessary. It captures data between an external (public) and internal (local) network or connection. In a private environment firewall functions are often implemented in the internet access router. However, downstream dedicated devices may also be used.

The difference between personal firewall and external firewall

We generally distinguish between a personal firewall and an external firewall. The personal firewall is running on the actual device being secured. For example, Windows computers have a software-based firewall function which monitors the computer's traffic. An external firewall is not installed on the actual device being secured, but on separate hardware installed between two network segments. It can restrict access between the two networks and is separate from the connected devices.

Basic functions of a firewall

To ensure effective protection, the firewall function is able to analyse data traffic based on destination and originator addresses, ports and protocols. Defined rules only allow certain network packets to pass through the firewall. Important components are a packet filter including port and protocol filter, functions related to network address translation (NAT) and the ability to match packets with different connection statuses (stateful inspection). Logging blocked packets is essential to later analyse these.

Different firewall strategies

Two essential strategies can be used for configuration. One strategy is to first block all traffic and only allow desired connection with rules defined at a later time. The contrary strategy allows all traffic and blocks only undesired connections based on rules.
The firewall is often also used as a central endpoint for virtual private networks (VPN connections). These allow devices to establish secured connections to the internal network over the internet.