06 January 2025
If you've ever set up a broadband router, you've almost certainly encountered the word 'firewall', but what is a firewall, exactly, and what does it actually do? For many people, it sits somewhere in the background of their IT setup, quietly doing its job without much thought. For businesses, however, firewalls are a critical line of defence against cyber threats, and understanding how they work and what the different types can and can't do is essential for making informed decisions about your network security.
A firewall is a network security system that monitors and controls incoming and outgoing network traffic based on a set of predefined security rules. Think of it as a gatekeeper for your network: every piece of data trying to enter or leave passes through the firewall, which decides, based on those rules, whether to allow or block it.
Firewalls can be implemented as hardware devices, software applications, or a combination of both. In a business environment, you'll typically find firewalls sitting at the perimeter of the network (between your internal systems and the internet), though modern layered security approaches often include internal firewalls too.
At a basic level, a firewall inspects network traffic and applies rules to determine whether to permit or block specific packets of data. More advanced firewalls go significantly further, with capabilities including:
A firewall is not, however, a silver bullet. It works best as part of a layered security approach that includes endpoint protection, secure email filtering, staff awareness, and regular vulnerability assessments. We cover this broader picture in our guide to Managed Cyber Security Services.
Not all firewalls are the same. Understanding the different types helps you assess whether your current protection is appropriate for your needs , and what might be missing.
The simplest and oldest type of firewall. Packet filtering works by examining each data packet individually and comparing it against a set of rules based on IP addresses, ports, and protocols. If the packet matches an allowed rule, it passes through; if not, it's dropped.
Packet filtering is fast and low-overhead, but it has significant limitations: it has no memory of previous packets, making it vulnerable to more sophisticated attacks that exploit the context of connections rather than individual packets.
Stateful firewalls, also called 'stateful inspection' or 'dynamic packet filtering' firewalls, are considerably more intelligent. Rather than examining packets in isolation, they track the state of active network connections and make decisions based on context.
For example, if your computer initiates a connection to a website, a stateful firewall knows to allow the response traffic back in, because it understands that an outbound request was made. This makes stateful firewalls far more effective at distinguishing legitimate traffic from suspicious activity. Stateful inspection is the standard for most modern business firewalls.
A proxy firewall acts as an intermediary between users and the internet. Rather than allowing a direct connection between your network and external servers, all traffic passes through the proxy, which inspects it at the application layer before forwarding it on.
This deeper inspection can identify threats that packet and stateful firewalls would miss, but it comes with higher processing overhead and can introduce latency.
Next-generation firewalls incorporate the features of stateful inspection and proxy firewalls and layer on top additional capabilities such as intrusion prevention systems (IPS), application awareness and control, SSL/TLS inspection, and integration with real-time threat intelligence feeds.
NGFWs can identify and control traffic by application rather than simply by port, which is useful in modern environments where many applications use the same standard ports. For businesses handling sensitive data or operating in regulated sectors, next-generation firewalls are generally the recommended standard.
As more businesses move their infrastructure to the cloud and adopt hybrid or remote working models, traditional on-premise hardware firewalls face practical limitations. Cloud firewalls, sometimes called Firewall-as-a-Service (FWaaS) , are delivered over the internet, protecting cloud-hosted resources and remote users without requiring physical appliances at every location.
The table below summarises the key differences:
Firewall Type | How It Works | Best Suited For |
Packet Filtering | Inspects data packets against a set of rules (IP address, port, protocol). Passes or drops packets based on those rules. | Simple networks; basic perimeter defence |
Stateful Inspection | Tracks the state of active connections, making decisions based on context rather than individual packets. | Most business networks are more intelligent than packet filtering |
Proxy / Application-Layer | Acts as an intermediary between users and the internet, inspecting traffic at the application level. | Environments requiring deep content inspection |
Next-Generation Firewall (NGFW) | Combines stateful inspection with additional features: intrusion prevention, application awareness, and threat intelligence feeds. | Modern businesses: recommended for organisations handling sensitive data |
Cloud Firewall (FWaaS) | A firewall delivered as a cloud service protects cloud infrastructure and remote users without on-premise hardware. | Businesses using cloud platforms or with distributed/remote teams |
A firewall protects your network by acting as a controlled checkpoint between your internal systems and everything outside them. In practical terms, this means:
Yes. Small businesses are common targets for cyber attacks because attackers often assume their security is weaker than that of larger organisations. A firewall helps block unauthorised access, reduce security risks, and protect sensitive business data.
It’s also an important requirement for many compliance standards and cyber insurance policies. For example, Cyber Essentials certification requires organisations to have a properly configured firewall in place.
However, simply having a firewall isn’t enough. Poorly configured or outdated firewall settings can still leave your network vulnerable. Regular reviews and updates are essential to ensure your protection remains effective.
A firewall operates at the network level, controlling traffic between your internal network and the outside world. Endpoint security operates at the device level, protecting individual computers, laptops, and mobile devices from threats, including threats that may already be inside the network perimeter.
The distinction matters because a firewall alone cannot protect against all threats. Malware delivered via an email attachment, for example, doesn't need to bypass your firewall; it arrives as legitimate email traffic and executes on an endpoint. That's why effective cybersecurity requires both perimeter protection (the firewall) and endpoint protection (antivirus, EDR, and similar tools working together).
Understanding this distinction is part of working within recognised cybersecurity frameworks, which typically require a layered approach to protection rather than reliance on any single control.
Need Help Reviewing Your Firewall or Network Security?
A firewall is only as effective as its configuration, and many businesses are running outdated rules, default settings, or firewall hardware that's no longer fit for purpose. If you'd like an independent review of your network perimeter security, our team at Renaissance can help. We provide Managed Cyber Security Services for UK businesses of all sizes, including firewall review and management as part of a comprehensive, layered approach to protecting your organisation. Get in touch with our team to start the conversation.
A firewall protects against unauthorised access to your network, blocks traffic from known malicious sources, prevents unsolicited inbound connections, and can stop sensitive data from leaving your network via unauthorised channels. More advanced firewalls also detect and block active attack patterns.
Yes. Antivirus software and firewalls serve different functions. A firewall controls what traffic enters and leaves your network; antivirus software detects and removes malicious software on devices. Both are needed as part of a layered security approach, one does not replace the other.
Many consumer and small business routers include basic firewall functionality, typically packet filtering and NAT (Network Address Translation). However, a router's built-in firewall is generally far less capable than a dedicated firewall appliance or next-generation firewall, and default settings may not be adequately secure for business use.
Cyber threats are evolving, but small businesses are stepping up their defences. This guide explores why IT support for small…
READ MORE
Cybersecurity challenges have now become a daily concern. With phishing attacks on the rise, one particularly dangerous tactic, known as…
READ MORE
Sadly, we no longer live in a time when having simple virus software could help deal with most of the…
READ MORE
In today’s digital landscape, cyber security for small and medium enterprises (SMBs) has become just as critical as it is…
READ MORE
