Computer ScienceNetworking & SystemsEasy

Firewall

Also known as:Network Security GatewayPacket FilterSecurity Appliance

A firewall is a network security system — implemented in hardware, software, or both — that monitors and controls incoming and outgoing network traffic based on predetermined security rules. It establishes a barrier between trusted internal networks and untrusted external networks (such as the internet), blocking or permitting traffic according to policies defined by an administrator. Modern firewalls have evolved from simple packet filters to stateful inspection firewalls and next-generation firewalls (NGFW) capable of deep packet inspection, application awareness, and intrusion prevention.

Types of Firewalls

TypeOperates AtInspection MethodStrengthLimitation
Packet FilterNetwork Layer (L3)Header fields onlyFast, low overheadNo state awareness
Stateful InspectionTransport Layer (L4)Connection state tableTracks sessionsNo app-layer visibility
Application GatewayApplication Layer (L7)Full payload inspectionDeep inspectionHigh latency
NGFWAll layersDPI + IPS + App IDComprehensiveExpensive
Cloud FirewallAll layersCloud-managed rulesScalableVendor dependency

Interactive Tools

Cisco Firewall Simulator

Simulate access control lists and firewall rules in Packet Tracer

Open Tool

pfSense Documentation

Open-source firewall platform with detailed configuration guides

Open Tool

Khan Academy — Cybersecurity

Introduction to network security, firewalls, and encryption

Open Tool
Firewall positioned between internal network and the internet

Wikimedia Commons, CC BY-SA

Related Terms

Computer Science

Encryption

Encryption is the process of converting plaintext (readable data) into ciphertext (scrambled data) using a cryptographic algorithm and a key, so that only authorised parties with the corresponding decryption key can read the original message. Symmetric encryption uses the same key for encryption and decryption (e.g., AES), while asymmetric encryption uses a public-private key pair (e.g., RSA). Encryption is fundamental to securing data in transit (HTTPS, VPN) and data at rest (encrypted hard drives, databases).

Computer Science

Network Routing

Network routing is the process by which routers select the optimal path for data packets to travel from a source to a destination across one or more networks. Routers maintain routing tables — databases of known network paths — and use routing protocols such as OSPF, BGP, and RIP to dynamically discover and share path information. Routing decisions are based on metrics including hop count, bandwidth, latency, and cost, ensuring efficient and reliable delivery of data across complex internetworks.

Computer Science

TLS/SSL

TLS (Transport Layer Security) and its predecessor SSL (Secure Sockets Layer) are cryptographic protocols designed to provide secure communication over a computer network, most commonly the internet. TLS establishes an encrypted channel between two parties through a handshake process that authenticates the server (and optionally the client) using digital certificates, negotiates encryption algorithms, and exchanges session keys via public key cryptography. It is the security layer behind HTTPS, securing web browsing, email, messaging, and VoIP communications.

The term "firewall" was borrowed from construction and firefighting, where a firewall is a fire-resistant barrier designed to prevent fire from spreading between compartments of a building. Its use in computing was popularised in the late 1980s and early 1990s as internet security became critical. The metaphor reflects the idea of containing dangerous traffic.

firewallsecuritynetworkingcybersecurityaccess-controlngfw