What is a Firewall?
A firewall is a security guard for your network — it inspects the traffic trying to get in or out and blocks anything that breaks the rules, while letting legitimate traffic pass.
A gatekeeper between you and the internet
A firewall is a piece of software or hardware that sits between your computers and the wider internet and decides which network traffic is allowed through. Think of it as the security desk in a building lobby: every visitor has to check in, and only those who match the rules get a badge to come inside.
Every device on your network communicates by sending small packages of data called packets. A firewall reads the labels on those packets — where they came from, where they are going, and what kind of connection they are part of — and compares them against a set of rules you have defined. Traffic that matches an "allow" rule passes; everything else is blocked by default. That simple idea is the foundation of network security and a core piece of your overall attack surface reduction.
Rules, ports, and a default of "no"
A firewall enforces a list of rules. Each rule says something like "allow web traffic to our website server" or "block all incoming connections to the accounting computer." The strongest firewalls follow a simple principle: deny everything by default, then open only the specific doors you actually need. This is far safer than the reverse, where you try to block bad things one at a time and inevitably miss some.
Network connections use numbered "ports" — like apartment numbers at a single street address. Web browsing uses certain ports, email uses others, remote access uses others still. A well-configured firewall leaves closed every port that does not need to be open, dramatically shrinking the number of ways an attacker can reach in. Modern firewalls go further and inspect the actual contents of traffic, not just the labels, so they can spot malware or attack patterns hiding inside an otherwise-allowed connection.
Not all firewalls are the same
Host firewall
The firewall built into each computer — the one in Windows or macOS. It protects that single device, even on untrusted networks like a coffee-shop Wi-Fi. Leave it on.
Network firewall
A dedicated device (or your router's built-in firewall) that guards the boundary between your whole office network and the internet. It protects everything behind it at once.
Next-generation firewall (NGFW)
A smarter network firewall that also inspects traffic contents, blocks known threats, and ties into threat-intelligence feeds. This is what most businesses should deploy at the perimeter.
Web application firewall (WAF)
A specialized firewall that sits in front of a website or web app and blocks attacks aimed at the application itself, like attempts to break into a login form or database.
Cloud firewall
The firewall controls your cloud provider gives you — security groups and network rules. Same job, configured through a dashboard instead of a physical box. Part of solid cloud security.
Setting up a firewall the right way
Owning a firewall is not the same as being protected by one. A firewall left at its default settings, or riddled with "temporary" exceptions that never got removed, gives a false sense of safety. Here is how to do it properly.
Start with deny-by-default
Block everything inbound, then open only the specific ports and services your business genuinely needs. Every open door is a door an attacker can try.
Keep the host firewalls on
Do not disable the firewall on individual laptops just because you have one at the office. Devices travel, and the host firewall protects them everywhere.
Patch the firewall itself
Firewalls run software that has its own flaws. Several major breaches started with an unpatched firewall or VPN appliance. Keep its firmware current via good patch management.
Review the rules regularly
Audit your rule list a few times a year and remove anything you no longer need. Stale "allow" rules are a top source of accidental exposure.
Turn on and review the logs
A firewall records what it blocks and allows. Feed those logs into your monitoring (a SIEM, if you have one) so unusual traffic actually gets noticed.
Segment your network
Use firewall rules to wall off sensitive systems — like point-of-sale or accounting — from the general network, so a problem in one area cannot spread freely.
Not sure whether your current setup is configured well? Our free SMB Security Baseline Checklist walks you through firewall settings and the other essentials in plain language, no consultant required.
Firewall FAQ
Is the firewall built into Windows or my router enough?
For a home user, the built-in firewalls in your operating system and router are a solid baseline. For a business, they are a starting point, not the whole answer. A business benefits from a dedicated next-generation firewall that can inspect traffic for threats, plus the host firewalls left on for defense in depth.
What is the difference between a firewall and antivirus?
A firewall controls network traffic — what is allowed to come in and go out. Antivirus and EDR look for malicious files and behavior on the device itself. They protect different layers, so you want both, not one instead of the other.
Does a firewall stop all hacking and malware?
No. A firewall is one essential layer, but it cannot stop a user who clicks a phishing link, enters a password on a fake site, or downloads malware over an allowed connection. It works best alongside multi-factor authentication, endpoint protection, and staff training.
Do I still need a firewall if everything is in the cloud?
Yes, the concept just moves with you. Cloud providers offer their own firewall controls — security groups and web application firewalls — that you must configure correctly. The job of filtering traffic does not disappear in the cloud; it shifts to settings you are responsible for.
Get the free SMB Security Baseline Checklist
Your firewall is one of a dozen basics that block most attacks. Our free checklist covers them all in plain English, so you know exactly what to fix first.
Or get plain-English security tips by email: