Catalog
concept#Security#Architecture#Integration#Platform

Firewall

Network security component that filters traffic by defined rules to protect systems and networks from unauthorized access.

A firewall is a network security component that protects a system or network segments from unauthorized access by filtering inbound and outbound traffic according to defined rules.
Established
Medium

Classification

  • Medium
  • Technical
  • Architectural
  • Intermediate

Technical context

SIEM solution for centralized log analysisIdentity provider for contextual access controlOrchestration tools for automated rule distribution

Principles & goals

Principle of least privilege: allow only necessary connections.Clear zone separation and trust boundaries.Transparent logging and regular review of rules.
Run
Enterprise, Domain, Team

Use cases & scenarios

Compromises

  • Faulty rules may block legitimate business operations.
  • Rule or configuration drift without controls.
  • Overreliance on perimeter firewalls instead of defense in depth.
  • Apply 'deny by default' for rules.
  • Version and peer-review rule changes.
  • Combine monitoring and alerts with proactive testing.

I/O & resources

  • Network and zone architecture
  • Security and access policies
  • Monitoring and logging infrastructure
  • Rule sets and configuration backups
  • Alerts, logs and audit reports
  • Segmentation and access controls

Description

A firewall is a network security component that protects a system or network segments from unauthorized access by filtering inbound and outbound traffic according to defined rules. It can operate at packet, stateful, or application layer levels and is key for perimeter, host, and cloud security architectures.

  • Reduces attack surface by filtering traffic.
  • Enables segmentation and enforcement of security zones.
  • Supports compliance via auditable rules.

  • Not a complete protection against compromised legitimate connections.
  • Complex rules can lead to misconfigurations.
  • Performance bottlenecks possible with deep packet inspection.

  • Number of blocked connections

    Counts connection attempts denied by firewall rules to indicate trends and potential attacks.

  • False positive rate

    Percentage of legitimate connections erroneously blocked to assess rule quality.

  • Average latency introduced by firewall

    Additional latency introduced by inspection and processing, measured in milliseconds.

Cisco ASA at enterprise gateway

Use of a hardware firewall to secure the internet gateway of large sites.

pfSense for branch offices

Open-source appliance for flexible rule management and VPN integration in branches.

Cloud-native managed firewall

Use of provider firewall services for segmentation and as part of cloud security architecture.

1

Plan: define assets, zones and policies.

2

Design: draft rule sets and evaluate impacts.

3

Deploy: roll out rules incrementally and test.

4

Operate: set up monitoring, maintenance and periodic reviews.

⚠️ Technical debt & bottlenecks

  • Old redundant rules without owners or documentation.
  • On-prem hardware with outdated firmware and lacking support.
  • Missing automation for rule lifecycle and testing.
Throughput limits with DPIRule management complexityState tracking and memory usage
  • Opening all ports for a service upgrade instead of targeted exceptions.
  • Static rules that ignore dynamic cloud IPs.
  • Disabling logging for perceived performance gains.
  • Placing rules in wrong order causing priority errors.
  • Defining trusted networks too generously.
  • Applying untested rule changes to production.
Network fundamentals (TCP/IP, ports, routing)Knowledge of firewall rule design and testingAbility to analyze logs and perform incident response
Protect critical assets from external and internal threats.Requirements for auditability and compliance.Need for network segmentation and access control.
  • Hardware resources and bandwidth limits.
  • Compatibility with existing network topologies.
  • Compliance with legal and sector-specific requirements.