Skip to Content
Network and Access

What is a firewall?

A firewall is the barrier that sits between a company's network and the internet and decides, moment by moment, which traffic is allowed through and which is blocked, following defined security rules. It is the network's front door: it inspects the data coming in and going out and stops unauthorized connections before they reach internal systems. It is the first layer of perimeter defense, not the only one.

Zamak TechnologiesUpdated on July 11, 2026

How a firewall works

A firewall does not read everything all the time; it applies a set of rules to each connection and decides, in milliseconds, whether to allow, block, or log it. The simplest models look only at the 'envelope' of the traffic; modern ones (next-generation) also read the contents, so they can recognize an attack disguised as legitimate traffic.

1

Examines each packet

It checks the source, destination, port, and protocol of each block of data against the rules. Anything that matches no allow rule is blocked by default.

2

Tracks the whole connection

Stateful inspection remembers the connections in progress, so it can tell a legitimate reply apart from a stray packet that shows up out of nowhere trying to pose as one.

3

Reads the contents, not just the envelope

In next-generation firewalls, deep packet inspection opens the traffic and recognizes the application and the malware inside it, not just the port it uses.

4

Applies the policy and logs it

It allows, blocks, or raises an alert according to the rule, and keeps a record of everything, which is what later lets you investigate what got through and what was stopped.

Source: N-able Cyber Encyclopedia (definition, stateful inspection, deep packet inspection, and the five firewall types).

Why having a firewall is not the same as being protected

  • A firewall is only as good as its rules. One rule that is too broad or forgotten opens a gap no one notices, and that is where most failures come from, not from a hardware defect.
  • 'Install and forget' is the enemy: years-old firmware and a configuration no one reviews. The firewall itself has become an attack target, and most stay behind on patching.
  • It filters the door but does not see what is already inside. A stolen credential or an insider threat, acting like a legitimate user, sets off no obvious alarm at the perimeter.
  • It is a single layer. The phishing that arrives by email and the malware that runs on a computer inside the network are not the firewall's territory; they call for other defenses working together.

The types of firewall

  • Packet filtering The most basic: it decides by source, destination, and port, with no memory of the connection. Fast, but blind to more elaborate attacks.
  • Stateful inspection It tracks the context of each connection in progress and tells legitimate reply traffic apart from a suspicious packet. It has been the market standard for years.
  • Proxy It sits in the middle of the conversation, at the application level: it receives the request, evaluates it, and passes it on, never letting the client talk directly to the server. More control, at the cost of performance.
  • Next-generation (NGFW) It adds deep content inspection, application awareness, and threat intelligence to stateful inspection. It is the modern standard.
  • Virtual or cloud Delivered as software or a service, it scales along with cloud workloads, where there is no physical box at the edge to install.

Why the firewall becomes the weak point

99%
of firewall breaches come from misconfiguration, not a product defect (Gartner estimate)
8x
was the rise in exploitation of edge and VPN devices, from 3% to 22% of vulnerability-based breaches (Verizon DBIR 2025)
54%
of those edge flaws were fully remediated within the year, a median of 32 days to patch (Verizon DBIR 2025)

A firewall rarely fails because of a hardware defect. It fails because no one operates it. Gartner estimated that about 99% of firewall breaches come from misconfiguration, not from a flaw in the product: a rule left too open, outdated firmware, a temporary exception that became permanent. And the problem has worsened: exploitation of edge devices and VPN gateways jumped from 3% to 22% of vulnerability-based breaches in a single year, roughly an eightfold rise (Verizon DBIR 2025). The device built to protect the network has become the preferred way in, and most of those flaws went without a full fix during the year (only about 54% were fully remediated, with a median of 32 days to patch). That is why a well-chosen but poorly maintained firewall gives a false sense of security, while a data breach still costs, on average, $ 4.44 million (IBM 2025).

How to keep a firewall actually protecting

A firewall is not a box you switch on and forget. What separates real protection from a false sense of security is continuous operation:

  1. Keep the firmware currentThe firewall has become a target. An edge device that is behind on patches is now one of the most exploited ways in, so patching is not optional.
  2. Clean up and document the rulesReview the rule base, remove the orphaned ones, and apply least privilege at the edge: only what needs to pass, passes. This is the root cause behind the 99% problem.
  3. Segment the networkDivide the network into zones so an infected device cannot reach everything. Segmentation turns a broad incident into a contained one.
  4. Protect remote accessThe firewall is often also the remote team's VPN gateway. Keeping it configured, with strong authentication and no needless exposure, is part of the same job.
  5. Add monitoring and responseThe firewall filters the door but does not watch who is already inside. A layer of detection and response over what gets through is what closes the loop; the firewall alone is not enough.

In practice

If someone reviewed your firewall rules today, could they say why each one exists? When the answer is 'no one knows,' the network's door has locks nobody checks.

How Zamak handles the perimeter

Zamak Technologies operates your network's perimeter as part of the routine: current firmware, rule hygiene, segmentation, and secure remote access, with availability monitored, alongside your team and not in its place. A good starting point is the cybersecurity assessment, which shows where the perimeter is still exposed. Operating the perimeter is part of IT Operations in the Zamak Method, and the active watch over what passes through the door is the Cybersecurity layer.

Frequently asked questions about firewalls

Are a firewall and an antivirus the same thing?
No. The firewall sits at the network's door and controls the traffic in and out; the antivirus and EDR sit inside each device and watch what happens on it. They are different, complementary layers: the firewall stops the suspicious connection, the EDR catches what already ran on the machine.
What is a next-generation firewall (NGFW)?
It is a firewall that, beyond looking at source, destination, and port, reads the traffic's contents, recognizes the application, and uses threat intelligence to identify an attack disguised as normal traffic. It is the modern standard, against threats that older firewalls cannot see.
Does a firewall protect against ransomware and phishing?
It helps, but not on its own. The firewall can block known malicious connections, but phishing arrives by email and ransomware often gets in through a stolen credential or an attachment. Stopping those paths also takes email defense, endpoint defense, and monitoring, in layers.
Hardware or software firewall, which is better?
It depends on where the network lives. A physical firewall protects an office's edge; a virtual or cloud one protects workloads running in the cloud, where there is no box at the door. Many companies use both, each in its place.
Does a small business need a firewall?
Yes. Any network connected to the internet needs a controlled door, and attacks hit companies of every size. What changes with size is not the need, it is the format: for most, it makes sense to have the firewall operated as a service, without an in-house network team.
Is installing the firewall enough, or do I need to manage it?
Installing is the start. Since nearly all failures come from misconfiguration and outdated firmware, the value is in continuous operation: reviewing rules, applying patches, and monitoring. A forgotten firewall protects far less than it seems.

Related terms

Network and Access
ZTNAFirewallVPNSASE
Securing the Use of AI
Shadow AIAI governancePrompt injectionOWASP LLM Top 10Deepfake
Vulnerabilities and Security Testing
Vulnerability ManagementPenetration Testing (pentest)Vulnerability ScanningBrute-Force AttackSQL InjectionCross-Site Scripting (XSS)SAST and DAST