A firewall is a network security device or software that monitors incoming and outgoing traffic and blocks unauthorised connections based on predefined rules. It sits between your trusted internal network and untrusted external networks, inspecting every data packet and deciding whether to allow or deny it based on source, destination, port, and protocol.
How a Firewall Works: Packet Filtering, Stateful Inspection, and Deep Packet Analysis
Every piece of data travelling across a network is broken into packets containing header information: source IP, destination IP, port number, and protocol type. A firewall reads this header and compares it against its ruleset before the packet reaches your network.
Packet filtering firewalls check each packet independently against a static rule list and either drop or pass it. The limitation is that packet filtering treats every packet in isolation, with no awareness of whether it belongs to a legitimate ongoing connection.
Stateful inspection firewalls track active connections. When you request a web page, the firewall records that outbound session. Returning packets matching an established connection pass through automatically, while unsolicited inbound packets get blocked. This stops most scanning attacks and port probes before they reach your devices.
Next-generation firewalls (NGFWs) add deep packet inspection and intrusion prevention. Instead of reading only the header, an NGFW examines the actual payload, identifies specific applications, detects malware within encrypted traffic using TLS inspection, and blocks known exploit patterns in real time.
Types of Firewalls and Where They Fit
Hardware firewalls are standalone appliances that sit between your modem and internal network, protecting every connected device without software on individual machines. For small businesses, the best router with firewall capabilities combines routing and firewall functions in a single device, reducing cost and complexity.
Software firewalls run on individual devices. Windows Firewall and macOS Application Firewall are built-in examples. Running both hardware and software firewalls gives you layered defence: the hardware unit filters network-level threats while the software catches anything originating within your network.
Cloud firewalls (firewall-as-a-service) protect cloud workloads and remote users. Providers like Zscaler and Cloudflare route traffic through their security infrastructure before it reaches your network, covering distributed teams that perimeter firewalls cannot protect.
Firewall Configuration Best Practices for Small Business
Start with a default-deny policy. Block all inbound traffic by default and create explicit allow rules only for services you actually need. The 2025 Verizon Data Breach Investigations Report found that 43% of small business breaches exploited misconfigured network services that should never have been publicly accessible.
Segment your network using firewall zones. Place guest WiFi, IoT devices, and business systems on separate segments with rules controlling traffic between them. If an attacker compromises a smart device, segmentation prevents lateral movement to your file server. Learn more in our guide on how to secure home WiFi.
Enable logging and review firewall logs weekly. Logs reveal blocked connection attempts, repeated scanning from specific IPs, and unusual outbound traffic indicating a compromised device. Pair your firewall with strong antivirus protection to catch threats that bypass network-level filtering. Keep firmware updated and review our home network security guide for a complete assessment of your network posture.
Frequently Asked Questions
Can a firewall stop all cyberattacks?
No. A firewall blocks unauthorised network traffic, but it cannot stop phishing emails you voluntarily open, malware downloaded through legitimate HTTPS connections, or social engineering attacks. You need a firewall combined with antivirus software and security awareness training for complete protection.
Do I need a firewall if I have antivirus software?
Yes. Antivirus scans files and processes on your device for known malware. A firewall controls which network connections are allowed in and out. Running both gives you layered protection covering network-level and device-level threats simultaneously.
What is the best firewall for small business use?
For businesses with fewer than 50 employees, unified threat management appliances from Fortinet (FortiGate 40F), SonicWall (TZ270), or Ubiquiti (Dream Machine Pro) offer the best balance of protection and affordability, combining firewall, VPN, and intrusion prevention in one device priced between 300 and 800 pounds.
Read the complete guide: Zero Trust Security: The Complete Architecture Guide for UK Organisations