WP Engine Products

WordPress Hosting

Boost performance while managing less

WooCommerce Hosting

Build faster and sell more with WooCommerce

Headless WordPress

Build, deploy, and manage headless sites

View More Products

Solutions

Small Businesses

Enterprises

Agencies

eCommerce

View More Solutions

Website Tools

Smart Plugin Manager

Website Tester

Website Monitoring

WordPress Themes and Tools

Local WordPress Development

Featured Plugins

Advanced Custom Fields

Build rich, custom content editing experiences

WP Migrate

Migrate WordPress sites with confidence

WP Offload Media

Offload media assets & serve them lightning fast

WP Offload SES

Improve email send reliability with Amazon SES

View More Recommended Plugins

WordPress Resources

WP Engine Resources

Articles and videos for help with WordPress

WP Engine Help Docs

Guides for site setup & troubleshooting

Free Website Migration

Automated migration plugin & support

Find a WordPress Agency

Need help? Search our agency directory

Stay Connected

WP Engine Blog

Builder Community

Headless Developer Community

Torque Magazine

Velocitize Magazine

Thought Leadership

Velocitize Talks

Erik Posthuma of Aleph-labs on Web3, Cryptocurrency, & More

Podcast

Press This, the WordPress Community Podcast

Study

The World’s First Study of the WordPress Economy

Why WP Engine?

Our Platform Technology

Managed WordPress Hosting

Fast WordPress

Secure WordPress

24/7 WordPress Support

About Us

WP Engine Reviews

How You Win with WP Engine

Build faster, protect your brand, and grow your business with the #1 WordPress platform to power remarkable online experiences.

Learn More

Customer Spotlight

Peak Performance With Headless WordPress

Android Authority increases speed 6x by adopting a headless architecture with a WordPress back-end.

All Case Studies

Contact sales

Call Us

+1-512-273-3906 to talk to a sales expert

Request a Quote

Submit a request for a personalized plan recommendation

Let’s Chat

Customer Support

Support Articles

Billing Help

Password Help

Log In for Support
Easiest Migration Ever!

Need Help Choosing a Plan?

We offer solutions for businesses of all sizes. For questions about our plans and products, contact our team of experts. Get in touch

Resource Center
‹ Back to Resource Center
Man checking network security through firewall

What Is a Firewall: Definition, Uses, & Benefits

Posted in Security by WP Engine

Last updated on February 28th, 2024

If your computer network is your castle, the network firewall is the portcullis—the main gate responsible for regulating the flow of incoming and outgoing network traffic. It’s part barrier, part screening mechanism, separating your network from third-party networks and blocking unauthorized access.

To answer the question—what is a firewall?—in-depth, this guide covers the benefits of a firewall, how it works to strengthen your cyber defenses, and different types of firewalls you can use to monitor your network.

Table of Contents
1. What Is a Firewall?
2. Packets and Firewalls
3. Benefits of Firewalls
4. Firewall Policies and Rulesets
4.1. How do you create a robust policy and ruleset?
5. Types of Firewalls
6. WP Engine’s Proprietary Firewall

What Is a Firewall?

In the 19th century, a firewall was a physical barrier meant to prevent fire from spreading from structure to structure. Later, in automobiles, it was a metal barrier that separated the engine compartment from the passenger cabin.

The phrase was eventually co-opted by the computing industry to refer to a digital security system that places a barrier between a trusted network and an untrusted network like the internet.

Technologically speaking, a firewall is the outermost layer of a cybersecurity framework. It monitors network traffic inflows and outflows and determines whether data packets are allowed or restricted per a defined set of security rules.

As the first line of defense against malicious traffic, a firewall guards the network entry point (port), where data may be exchanged with foreign devices. Every single data file you request from an internet source will be logged and processed by the firewall.

Packets and Firewalls

The most basic form of firewall is a packet-filtering firewall. But to understand how it works, we first need to define packets.

To transmit data across the internet, data files must be broken down into smaller pieces, typically ranging from 500 bytes to 64KB, with an average size of 1500 bytes. These are referred to as data packets, which are the snippets of data sent over the Transmission Control Protocol/Internet Protocol (TCP/IP) network.

Before they can be assembled into their final form, the firewall must analyze each data packet and confirm that a device or system within your network actually requested it.

For this example, think of a firewall as a security guard at a concert. In order to enter the venue, they may ask you to funnel through a chokepoint, display tickets and proof of identification, and then request that you pass through a metal detector. A firewall functions similarly, scrutinizing each data packet to determine:

  • Where it’s going
  • Where it originated from
  • Whether it should be allowed in, denied, or dropped

If denied, the data packet is returned to the sender. But in the more likely scenario that the data packet is dropped, the data disappears altogether.

Benefits of Firewalls

Understanding the benefits of firewall security is how you can keep your network safe from bad actors and malicious activity. Firewalls may only serve as one facet of your cybersecurity defenses, but they play an essential role in helping you:

  • Monitor network traffic – Firewalls screen incoming and outgoing activity. They monitor network traffic using pre-set rules and filters to gauge the legitimacy of every piece of data. If the firewall notices suspicious activity, it will immediately prevent its entry.
  • Prevent and identify malicious activity – Malware and viruses are ever-present threats to your network security. Using these nefarious tools, a hacker can secretly monitor your activity, gather your private data, or gain control of the system. Firewalls can stop these types of attacks from gaining unauthorized access. Or, if they detect ongoing hacking activity, they will notify you to eliminate the threat. Front end development for firewall security has made it easier for users to navigate their own network security. If you’re not familiar with the career of a front end developer or the average front end developer salary, then you can rely on our resource center to help familiarize yourself with this line of work.
  • Restrict outgoing data – Firewalls can restrict the traffic going in and out of a network. That way, even if a hacker or malicious code successfully gains entry, the system can limit its impact by preventing the data from leaving the system without proper authorization.
  • Increase privacy – In the world of cybersecurity, data privacy is paramount. It’s especially important if you store sensitive private information like payment data or healthcare records. In such cases, having a firewall is just one of several compliance steps an organization must take to strengthen its security and uphold privacy.

Firewall Policies and Rulesets

Firewalls reference pre-established policies and rulesets to decide whether a packet should be accepted, denied, or dropped. To work as intended, the security policy must clearly define how the firewall should handle traffic relating to various factors like IP addresses, address ranges, applications, protocols, and content types. Per the National Institute of Standards and Technology’s (NIST) Guidelines on Firewalls and Firewall Policy:

“Examples of policy requirements include permitting only necessary Internet Protocol (IP) protocols to pass, appropriate source and destination IP addresses to be used, particular Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) ports to be accessed, and certain Internet Control Message Protocol (ICMP) types and codes to be used.”

For most rulesets, it’s better to restrict all traffic except that which is expressly permitted by the firewall policy. This decreases the likelihood of an attack occurring. It also reduces the network’s traffic volumes.

How do you create a robust policy and ruleset?

The NIST framework recommends three specific actions:

  1. Identify all requirements that need to be considered when determining which type of firewall to implement.
  2. Design rulesets that match the firewall policy without detracting from the firewall’s performance.
  3. Manage firewall architectures, policies, and software throughout their lifecycle, regularly updating, auditing, and patching firewalls so that they align with your organizational needs.

Types of Firewalls

A firewall will fall into one of two categories: software (host-based) or hardware (network-based).

Software firewalls are programs installed onto devices that regulate incoming traffic via port numbers and applications, whereas hardware firewalls are physical devices installed to separate your network and gateway. According to Boston University:

“Network-based firewalls may be installed at the perimeter, or edge, of a network to protect a corporation from hosts on the Internet, or internally to protect one segment of the community from another, such as separating corporate and residential systems, or research systems from marketing systems.”

There are also several subcategories of firewalls that have emerged over the years, including:

  • Stateful inspection firewall – When we first explained how a firewall works, this is what we referred to. A stateful inspection firewall restricts or permits traffic according to the state, port, and protocol. But to be considered “stateful,” simply having a ruleset isn’t good enough. It must also keep a historical record of the traffic. Equipped with that information, the firewall can make more complex, contextualized decisions about whether or not a packet passes.
  • Proxy firewalls – Sometimes referred to as a gateway firewall or application firewall, a proxy firewall acts as the intermediary between computers and internet servers. It secures incoming and outgoing traffic for core internet protocols by caching, filtering, logging, and controlling requests at the application level. This is considered to be one of the most secure forms of firewall since it keeps networks from automatically and directly contacting your systems.
  • Next-generation firewall (NGFW) – As the name implies, firewall technology has advanced over the decades, combining traditional tech—stateful inspection and packet filtering—with modern tools. NGFW will provide:
    • Encrypted traffic inspection
    • Intrusion prevention systems
    • Anti-virus
    • Deep packet inspection
    • Upgrade paths for future information feeds
  • Threat-focused NGFW – This type of firewall combines the capabilities of a GFW with advanced threat detection and remediation. These systems can help you identify at-risk assets, such as photos or videos, detect suspicious activity, and react to attacks. If you’re not aware of how to flag unauthorized use of your digital assets, you can do a Google Images reverse search to see if it’s been re-published on other sites.
  • Network address translation (NAT) firewalls – A NAT firewall enables multiple devices with independent addresses to connect to the internet using the same IP address without revealing their individual IP addresses. This creates an extra layer of anonymity and security.
  • Virtual firewall – Typically, a virtual firewall is deployed as a virtual appliance within a private or public cloud infrastructure, monitoring and securing traffic across both physical and virtual networks.

WP Engine’s Proprietary Firewall

A firewall is your company’s first line of cyber defense. It plays an essential role in protecting your network. By monitoring, screening, and restricting traffic, a firewall helps ensure that only authorized data can gain access.

At WP Engine, we seek to instill robust security measures to create a secure WordPress hosting environment without hampering website performance. Our team uses one of the best firewalls to prevent hackers that block more than 26 billion attacks each year. Armed with proactive threat detection and a host of plugin, core, and PHP updates, the system automatically detects and directs good, bad, and malicious traffic.

But the system isn’t just automated. We also provide a live security team that practices best-in-class standards to continuously monitor your risk and compliance landscape. If a security issue arises, we provide proactive alerts so that you can stop bad actors in their tracks.

Do you need an enterprise-grade solution? Our Global Edge Security provides:

  • Managed Web Application Firewall (WAF)
  • Advanced DDOS mitigation
  • Cloudflare CDN
  • SSL installation

With dedicated and advanced security, WP Engine provides the features you need for enterprise WordPress websites that are better, faster, and safer.

We’re trusted by 170,000+ customers worldwide. So, isn’t it time you migrate now?

Sources:

  • Tech Target. What Are Network Packets? And How Do They Work? https://www.techtarget.com/searchnetworking/definition/packet
  • NIST. Guidelines on Firewalls and Firewall Policy. https://www.govinfo.gov/content/pkg/GOVPUB-C13-f52fdee3827e2f5d903fa8b4b66d4855/pdf/GOVPUB-C13-f52fdee3827e2f5d903fa8b4b66d4855.pdf
  • Boston University. How Firewalls Work. https://www.bu.edu/tech/about/security-resources/host-based/intro/

Related articles.

Get started.

Build faster, protect your brand, and grow your business with a WordPress platform built to power remarkable online experiences.

Get started

Explore WordPress Hosting