A firewall is the gatekeeper of your network. It monitors incoming and outgoing traffic and decides — based on a defined set of security rules — whether to allow or block specific packets. Every enterprise network, cloud deployment, and even your home router relies on some form of firewall technology.
Think of it this way: A firewall is like the security guard at a building entrance. It checks every person (packet) against a list (rules) and only lets through those who are authorized.
Types of Firewalls
| Type | How It Works | Best For |
|---|---|---|
| Packet Filtering | Inspects headers (IP, port, protocol) of each packet | Basic network perimeter security |
| Stateful Inspection | Tracks active connections and makes decisions based on state | Enterprise LAN/WAN boundaries |
| Proxy Firewall | Acts as intermediary; makes requests on behalf of clients | Web traffic filtering and caching |
| Next-Gen Firewall (NGFW) | Deep packet inspection + IPS + application awareness | Modern enterprise security |
| WAF (Web Application) | Protects web apps from HTTP-layer attacks (SQLi, XSS) | E-commerce, SaaS platforms |
Writing Your First Firewall Rule
Let's say you want to allow HTTP traffic (port 80) from your internal network (192.168.1.0/24) to the internet, but block everything else. Here's what that looks like conceptually:
- Rule 1: ALLOW | Source: 192.168.1.0/24 | Dest: ANY | Port: 80 | Protocol: TCP
- Rule 2: ALLOW | Source: 192.168.1.0/24 | Dest: ANY | Port: 443 | Protocol: TCP
- Rule 3: ALLOW | Source: ANY | Dest: 192.168.1.0/24 | State: ESTABLISHED | Protocol: TCP
- Rule 4 (Default): DENY | Source: ANY | Dest: ANY | Port: ANY | Protocol: ANY
Common Firewall Mistakes
- Leaving default 'allow all' rules active — always start with deny-all and whitelist
- Not logging denied traffic — logs are critical for incident response and forensics
- Ignoring outbound rules — exfiltration happens through outbound connections
- Not updating firmware — firewall vendors patch vulnerabilities regularly
- Over-permissive rules like 'allow any any' for convenience — a single lazy rule can negate all others
At CCN, students configure real Cisco ASA firewalls, pfSense appliances, and cloud-native security groups (AWS, Azure) as part of the networking curriculum. Understanding firewalls isn't optional — it's foundational.
Published by
Ashish Kumar Saini