anavem.
Back to Glossary
F

Firewall

A firewall is a security system that monitors and controls incoming and outgoing network traffic based on predefined security rules.

What is a firewall?

A firewall is a network security control that acts as a gatekeeper between trusted and untrusted networks. It inspects traffic and allows or blocks connections according to a defined set of rules, helping protect systems from unauthorized access and attacks. Firewalls can be implemented as hardware appliances, software services, or cloud-native controls.

Why firewalls matter

Firewalls are fundamental because they:

  • Enforce network access policies
  • Reduce attack surface exposure
  • Control inbound and outbound traffic
  • Provide visibility into network activity
  • Serve as a first line of defense in layered security

Despite modern architectures, firewalls remain a core security control.

Types of firewalls

Firewalls can be classified by capability and deployment:

1) Packet-filtering firewalls

  • Inspect source/destination IP, ports, and protocols
  • Fast but limited context

2) Stateful firewalls

  • Track connection state
  • More secure than simple packet filtering

3) Application-layer firewalls (L7)

  • Inspect application protocols (HTTP, DNS, SMTP)
  • Enable deep packet inspection

4) Next-Generation Firewalls (NGFW)

  • Combine stateful inspection with IDS/IPS, malware detection, and application awareness

5) Cloud firewalls / security groups

  • Native controls in cloud platforms
  • Often identity- and tag-based

Firewalls and Zero Trust

In Zero Trust architectures:

  • Firewalls support microsegmentation
  • Policies are dynamic and context-aware
  • Identity and device signals complement network rules

Firewalls are no longer the sole perimeter but remain an important enforcement point.

Common firewall rules

Typical firewall rules are based on:

  • Source and destination IP addresses
  • Ports and protocols
  • Application identifiers
  • Zones or network segments
  • Time or geo-based conditions

Poorly designed rulesets are a common source of security gaps.

Firewall limitations

Firewalls alone cannot:

  • Stop phishing or social engineering
  • Detect malicious traffic hidden in encrypted channels without inspection
  • Prevent insider misuse
  • Replace endpoint or identity security

They must be combined with other controls for effective protection.

Firewall misconfigurations

Common issues include:

  • Overly permissive "allow any" rules
  • Forgotten temporary rules
  • Unrestricted outbound traffic
  • Lack of logging or monitoring
  • Inconsistent policies across environments

Misconfigured firewalls are a frequent cause of data breaches.

Firewalls in enterprise and cloud environments

In organizations, firewalls protect:

  • Internet gateways
  • Data centers and internal segments
  • Cloud workloads and APIs
  • VPN and remote access

Hybrid environments often combine on-premises and cloud-native firewalls.

Common misconceptions

  • "Firewalls block all attacks"
  • "Cloud environments don't need firewalls"
  • "Once configured, firewalls don't need review"
  • "Firewalls are obsolete in Zero Trust"