← ALL POSTS
CYBERSECURITY EXPLAINER

What your firewall actually does (and what it can’t)

Somebody sold you a firewall at some point. Maybe it came bundled with your internet service, maybe an IT vendor installed a box with blinking lights in your network closet, and ever since then the assumption has been "we have a firewall, so we're protected." We hear that sentence a lot, usually right before we find something the firewall never had a chance of stopping. So let's talk about what that box actually does, and where its job ends.

The basic job: deciding what traffic gets through

At its core, a firewall is a bouncer for network traffic. Every connection on a network uses a port, which is just a numbered channel. Web traffic uses ports 80 and 443. Email servers listen on 25. Remote desktop uses 3389. A firewall looks at traffic trying to come in or go out and checks it against a list of rules: allow this port from this address, block everything else.

The single most valuable thing a firewall does is refuse inbound connections you never asked for. Out of the box, a decent firewall blocks all unsolicited inbound traffic. That alone stops the constant background noise of the internet: automated scanners probing every public IP address on earth, all day, every day, looking for an open port to poke at. If you've never looked at a firewall log, the volume of that scanning is genuinely surprising.

Modern firewalls do more than ports

The firewalls we install for businesses today (units from Fortinet, SonicWall, Ubiquiti, and similar) are usually called next-generation firewalls, and they inspect traffic more deeply than just checking port numbers. Depending on the model and licensing, that can include:

Those features often require an active subscription. We regularly find firewalls whose security licensing lapsed two years ago. The box still routes traffic fine, so nobody noticed, but the inspection features quietly stopped updating. If you own a business-grade firewall, checking that the subscription is current is a five-minute task worth doing this week.

What a firewall cannot do

Here is the part vendors underplay. Most of the ways businesses actually get compromised today walk right past the firewall, because they arrive over connections your own people initiated.

That last point deserves emphasis. The default posture of most installs is "block inbound, allow all outbound." Tightening outbound rules (blocking remote desktop out, restricting server traffic to only what those servers need) is real work, and it's where a firewall goes from a checkbox to an actual control.

Necessary, not sufficient

None of this means firewalls don't matter. They do. An unfirewalled network with an exposed remote desktop port will be compromised, not might be. But a firewall is one layer, and it covers a shrinking share of the risk. The layers that cover the rest look like this: multi-factor authentication on email and cloud accounts, endpoint protection on every computer, patched software, backups that actually restore, and people who know what a phishing email looks like.

How to know yours is doing its job

A few concrete checks, whether you do them or you ask your IT provider for the answers in writing:

If your current provider can't answer those questions quickly, that tells you something too. We do firewall reviews as part of nearly every network assessment, because the box with the blinking lights is usually fine. It's the rules and the licensing nobody has looked at since 2021 that need the attention.

Stuck on this, or want it done for you? That's the job.

Email us →
RELATED READING
Set up a pfSense firewall for a small office Step-By-Step Guide
Switches and routers: what each box actually does Explainer
Set up a WireGuard VPN between two offices Step-By-Step Guide
Dark web monitoring: useful signal or scare tactic? Explainer
Do you still need a VPN? Explainer
NO FORMS. JUST EMAIL.
mason@hurbs.io
or (832) 457-4317, LA and Houston