We generally distinguish between a personal firewall and an external firewall. The personal firewall is running on the actual device being secured. For example, Windows computers have a software-based firewall function which monitors the computer's traffic. An external firewall is not installed on the actual device being secured, but on separate hardware installed between two network segments. It can restrict access between the two networks and is separate from the connected devices.
To ensure effective protection, the firewall function is able to analyse data traffic based on destination and originator addresses, ports and protocols. Defined rules only allow certain network packets to pass through the firewall. Important components are a packet filter including port and protocol filter, functions related to network address translation (NAT) and the ability to match packets with different connection statuses (stateful inspection). Logging blocked packets is essential to later analyse these.
Two essential strategies can be used for configuration. One strategy is to first block all traffic and only allow desired connection with rules defined at a later time. The contrary strategy allows all traffic and blocks only undesired connections based on rules.
The firewall is often also used as a central endpoint for virtual private networks (VPN connections). These allow devices to establish secured connections to the internal network over the internet.