What Is a Firewall and How Does a Firewall Work?

Computer lock representing a firewall
Photo: PhotoAlto / Gabriel Sanchez / Getty

As you begin to learn the essentials of computer and network security you will encounter many new terms: encryption, port, Trojan and more. Firewall will be a term that will appear again and again. So, what is a firewall?

A firewall is basically the first line of defense for your network. The basic purpose of a firewall is to keep uninvited guests from browsing your network. A firewall can be a hardware device or a software application and generally is placed at the perimeter of the network to act as the gatekeeper for all incoming and outgoing traffic.

A firewall allows you to establish certain rules to determine what traffic should be allowed in or out of your private network. Depending on the type of firewall implemented you could restrict access to only certain IP addresses or domain names, or you can block certain types of traffic by blocking the TCP/IP ports they use.

There are basically four mechanisms used by firewalls to restrict traffic. One device or application may use more than one of these in conjunction with each other to provide more in-depth protection. The four mechanisms are packet-filtering, circuit-level gateway, proxy server and application gateway.

A packet filter intercepts all traffic to and from the network and evaluates it against the rules you provide. Typically the packet filter can assess the source IP address, source port, destination IP address and destination port. It is these criteria that you can filter on- allowing or disallowing traffic from certain IP addresses or on certain ports.

A circuit-level gateway blocks all incoming traffic to any host but itself.

Internally, the client machines run software to allow them to establish a connection with the circuit-level gateway machine. To the outside world, it appears that all communication from your internal network is actually originating from the circuit-level gateway.

A proxy server is generally put in place to boost performance of the network, but can act as a sort of firewall as well. Proxy servers also hide your internal addresses as well so that all communications appear to originate from the proxy server itself. A proxy server will cache pages that have been requested. If User A goes to Yahoo.com the proxy server actually sends the request to Yahoo.com and retrieves the web page. If User B then connects to Yahoo.com the proxy server just sends the information it already retrieved for User A so it is returned much faster than having to get it from Yahoo.com again. You can configure a proxy server to block access to certain web sites and filter certain port traffic to protect your internal network.

An application gateway is essentially another sort of proxy server. The internal client first establishes a connection with the application gateway. The application gateway determines if the connection should be allowed or not and then establishes a connection with the destination computer. All communications go through two connections- client to application gateway and application gateway to destination.

The application gateway monitors all traffic against its rules before deciding whether or not to forward it. As with the other proxy server types, the application gateway is the only address seen by the outside world so the internal network is protected.

A packet filter intercepts all traffic to and from the network and evaluates it against the rules you provide. Typically the packet filter can assess the source IP address, source port, destination IP address and destination port. It is these criteria that you can filter on- allowing or disallowing traffic from certain IP addresses or on certain ports.

A circuit-level gateway blocks all incoming traffic to any host but itself.

Internally, the client machines run software to allow them to establish a connection with the circuit-level gateway machine. To the outside world, it appears that all communication from your internal network is actually originating from the circuit-level gateway.

A proxy server is generally put in place to boost performance of the network, but can act as a sort of firewall as well. Proxy servers also hide your internal addresses as well so that all communications appear to originate from the proxy server itself. A proxy server will cache pages that have been requested. If User A goes to Yahoo.com the proxy server actually sends the request to Yahoo.com and retrieves the web page. If User B then connects to Yahoo.com the proxy server just sends the information it already retrieved for User A so it is returned much faster than having to get it from Yahoo.com again. You can configure a proxy server to block access to certain web sites and filter certain port traffic to protect your internal network.

An application gateway is essentially another sort of proxy server. The internal client first establishes a connection with the application gateway. The application gateway determines if the connection should be allowed or not and then establishes a connection with the destination computer. All communications go through two connections- client to application gateway and application gateway to destination.

The application gateway monitors all traffic against its rules before deciding whether or not to forward it. As with the other proxy server types, the application gateway is the only address seen by the outside world so the internal network is protected.

Editors Note: This legacy article was edited by Andy O'Donnell