See all Security articles
See all Privacy articles
See all Performance articles
Select language
Select language
Avast Academy Security Other Threats What Is a Firewall and Why Do You Need One?

What Is a Firewall and Why Do You Need One?

A firewall screens and checks connections to and from your computer or network according to a predefined set of rules, just like a security guard. While every computer comes with basic firewall protections, there are still numerous points of entry. Read on to learn more about firewall security, and make sure your network stays safe with a top-tier cybersecurity tool.

Editors' choice
Editor's choice
Top Rated

What is a firewall?

A firewall is a digital security system that checks all incoming and outgoing traffic in your network. It keeps out all unauthorized traffic and lets in only those communications that are deemed safe. Firewalls ensure a safe connection when connecting to the internet.

Firewall safeguards come installed on every Mac, Windows PC, and router. Businesses include a software firewall on all employee computers as well as on their network as a whole, to protect company communications. This means that every data request has to go through at least two firewalls.

Hamburguer menu icon

This article contains:

    What does a firewall do?

    A firewall filters data entering your network. It analyzes that data by checking the sender’s address, the application the data is meant for, and its content. By combining these data points, a firewall can tell what’s harmful and what isn’t, and it opens or closes the network gate accordingly.

    The primary purpose of a firewall is to check if traffic or an incoming connection meets a predefined set of security standards — making firewalls an indispensable internet security measure. A good firewall tool can help you adjust the firewall to your liking.

    How does a firewall work?

    A firewall works according to a list of rules that determine whether traffic can enter or exit a network. These rules change based on what you tell an application to do and how you choose to define dangerous activity. Think of a firewall as a security guard who knows everything happening inside the building (network) they’re guarding.

    At some point in your life, you’ve probably had to click a window that says “Allow exception” when connecting to a website or opening a program. Firewall permissions are always changing, and different firewalls work at different levels. Some firewalls check the address of the sender, while others check the contents of the transmission.

    Firewalls filter incoming traffic to block threats from entering your computer or network.Firewalls filter incoming traffic to block threats to your computer or network.

    If your favorite website has become host to dangerous activity, you’ll want security software that can spot the danger. Avast One features an ironclad firewall that scans for telltale signs of malicious activity, and we’re always updating our threat-detection engine to stay on top of the latest threats.

    Avast flags unusual network activity to help prevent ransomware attacks on your network and keep malware from getting onto your computer. Try Avast One today.

    Different types of firewalls and examples

    Many different things happen when you connect through the internet to another device, such as a web server. And unfortunately data breaches can happen at any point during this process — from the code that determines how a page is displayed on a PC or an iPhone, all the way down to the protocol that allows the connection between two machines.

    Firewalls come in all shapes and sizes to accommodate these points of contact. Here are some firewall examples:

    • Packet-filtering firewalls

    • Next-generation firewalls (NGFW)

    • Proxy firewalls

    • Network address translation (NAT) firewalls

    • Stateful multilayer inspection (SMLI) firewalls

    You’re definitely using one of these if you’re browsing at home. If you’re connecting from within a company, every data request could be moving through three or more firewalls. No effort is too much when it comes to server security.

    Let’s look at each of these firewall types in greater depth.

    Packet-filtering firewalls

    The oldest type of firewall, packet-filtering firewalls filter traffic by packets, which are smaller bits of data making up the traffic you receive. Every packet has header information that helps your computer put the file back together like a jigsaw puzzle. Packet filtering works by looking at this header.

    Packet-filtering firewalls analyze information in data packets to determine their safety.Packet-filtering firewalls analyze information in data packets to determine their safety.

    The address the packet came from and the connection protocol are two crucial bits of information in the header. Is the IP address that of Facebook or a blacklisted host? And is the protocol standard TCP? Packet-filtering firewalls look at this most basic information.

    Packet-filtering firewalls come in two categories: stateful and stateless. The former analyzes packets within the context of a network connection, while the latter examines them in isolation as separate packets themselves.

    Next-generation firewalls (NGFW)

    Next-generation firewalls go deeper than the header information of a message. They are able to tell when a connection is dangerous based on the contents of a packet and the program designated to receive it — such as your browser or an online video game.

    Proxy firewalls

    Proxy firewalls act as intermediaries between two servers connecting to each other. A proxy server is an intermediary between two other devices online, such as your computer and web server. When setting up a proxy, you’ll outline what types of data to relay (and block) between the two connected devices.

    Traditional firewalls work at the TCP level, while proxy firewalls work at the application level, such as on HTTP. We use HTTP to browse the internet, and this type of firewall looks after traffic happening on this level. Some sites also use HTTPS, which simply adds encryption to HTTP as another line of defense.

    Network address translation (NAT) firewalls

    Network address translation, or NAT, happens because there aren’t enough IP addresses under our current system of IPv4 (soon to be replaced by IPv6). Many households and companies use just one IP address, and the NAT process redirects data to a specific device sharing that IP address.

    Though unwieldy, NAT has some security benefits. A firewall placed at the router level can stop malicious activity before the data is sent to your private IP address — the address that differentiates you from everyone else sharing the public IP address. You can think of this as a home network firewall.

    Router firewalls help make our private and public IP addresses more manageable and safe to use.

    Stateful multilayer inspection (SMLI) firewalls

    Stateful multilayer inspection firewalls use holistic data inspection to detect threats. Stateful inspection means a packet is analyzed within the context of every other packet transmitted over the network. Without this type of inspection, packets are examined only in isolation from one another.

    Standard internet communications use a seven-layered model called Open System Interconnection (OSI), and multilayer inspection examines a packet at every layer. This makes SMLI firewalls highly advanced and very secure, though they can slow things down a bit.

    Why do I need a firewall?

    You need a firewall because there are always new threats to cybersecurity, which concern both large companies and individuals like you. IT technicians and antivirus software developers work around the clock to keep hackers from gaining access to private data.

    For every new step in cybersecurity, cybercriminals take an additional ten steps. While IT technicians work to secure data in a company’s network and maintain a firewall’s network security, pirates armed with malware and other hacking tricks attempt to obtain that data and sell it for a hefty sum.

    A firewall keeps you from getting caught in the middle or from being targeted yourself. While you can always try to assess a website’s safety, a firewall casts a much wider security net.

    Get powerful firewall protection with Avast One

    Keep your information and data truly private with strong security software. Avast One features a built-in firewall along with robust malware protection, anti-phishing safeguards, and smart analytics that defend against the latest threats while identifying potential new dangers.

    When it comes to cybersecurity, you want as many players on your team as you can get. Download Avast One today.

    Get Avast One for Android to protect your Wi-Fi with a powerful firewall


    Get Avast One for iPhone to protect your Wi-Fi with a powerful firewall