What is a firewall and how does it work
In this guide & where to go next
Part of the Small Business Cybersecurity series. Related: How To Create A Security Awareness ProgramWhat Is Endpoint Security
Want it handled? IT Cares — hands-on managed IT across Canada.
A firewall is a security barrier — hardware, software, or both — that monitors and filters traffic between your network and the internet, allowing legitimate communication while blocking unauthorized or malicious connections. It works by checking each data packet against a set of rules and permitting only what you've approved. A properly configured firewall is a foundational defence, controlling who can reach your systems and stopping many attacks before they begin.
How a firewall filters traffic
At its core, a firewall enforces rules about which traffic may pass between networks. Every connection is checked against criteria such as source and destination address, port, and protocol. Approved traffic passes; everything else is blocked.
Firewalls work in a few ways:
- Packet filtering inspects individual packets against simple rules.
- Stateful inspection tracks active connections, allowing return traffic only for sessions you started.
- Application-layer filtering understands specific protocols and can block malicious web or email traffic.
The default-deny principle — block everything, then permit only what's needed — is what makes a firewall effective. It shrinks your exposed surface to the minimum your business actually requires.
Types of firewalls
Firewalls come in several forms, often used together:
- Hardware firewalls sit at the network edge, protecting every device behind them — ideal for an office.
- Software firewalls run on individual computers, guarding each device wherever it goes.
- Next-generation firewalls (NGFW) add intrusion prevention, application awareness, and threat intelligence.
- Cloud firewalls protect cloud-hosted systems and remote workforces.
Most businesses benefit from layering them: a hardware firewall at the office edge, software firewalls on mobile laptops, and cloud firewalls for hosted services. Each covers a gap the others can't, providing protection wherever your data and people are.
What a firewall can and can't do
A firewall is essential but not a complete security solution. It excels at controlling network access — blocking unauthorized inbound connections, limiting outbound traffic to malicious destinations, and segmenting networks so a breach in one area can't easily spread.
However, a firewall cannot stop threats that arrive through allowed channels: a phishing email, a malicious file a user downloads, or a stolen password used to log in legitimately. It also can't protect against attacks that originate inside the network. That's why a firewall works alongside endpoint security, email filtering, MFA, and staff training — each addressing risks the firewall isn't designed to catch.
Firewall best practices for business
A firewall is only as good as its configuration and upkeep. Sound practices include:
- Default-deny rules: block all traffic, then open only what's required.
- Network segmentation: separate guest Wi-Fi, payment systems, and general staff networks.
- Regular rule reviews to remove outdated or overly broad permissions.
- Firmware and patch updates to fix known vulnerabilities in the firewall itself.
- Logging and monitoring so suspicious traffic is detected, not just blocked silently.
An unmanaged firewall drifts toward insecurity over time as rules pile up. Periodic professional review keeps it tight, current, and aligned with how your business actually operates.
FAQ
Does my business need a firewall if we use cloud services?
Yes. Even with cloud apps, your office network, on-premises devices, and internet connection still need protection from unauthorized access. Cloud platforms secure their side, but your local network and endpoints remain your responsibility. A firewall — often combined with cloud firewalls for hosted systems — controls traffic at every layer your business actually uses.
Is the firewall built into Windows enough?
The built-in software firewall is a useful layer for individual devices, but it isn't sufficient on its own for a business. A dedicated hardware or next-generation firewall protects the whole network, adds intrusion prevention and threat intelligence, and gives you central control and logging. Use the built-in firewall as one part of a layered setup, not the only defence.
Can a firewall stop ransomware?
A firewall helps by blocking malicious connections and limiting how ransomware spreads, but it can't stop everything. Ransomware often arrives via phishing email or stolen credentials — channels a firewall permits. Effective ransomware defence combines a firewall with email filtering, endpoint detection, MFA, and tested backups, so no single failure leads to an encryption event.