How to configure a firewall properly

Understanding Firewalls: The Foundation of Network Security

A firewall is a critical security system designed to protect an organisation’s computers, servers, and sensitive digital assets from a wide range of cyber threats. It acts as a controlled barrier between trusted internal networks and untrusted external networks, such as the internet.

A firewall may exist as a single dedicated device or as a combination of hardware and software systems working together. Its primary function is to monitor and control the flow of network traffic between different segments of a system based on defined security rules.

At its core, a firewall supervises incoming and outgoing data traffic, ensuring that only authorised communication is allowed while blocking malicious or suspicious activity. This protection applies not only to external threats but also to potential internal risks within the organisation.

What a Firewall Protects Against

Modern firewalls are designed to defend against a wide range of cyber threats, including:

Viruses and worms
Trojans and spyware
Malware and ransomware
Unauthorised access attempts
Data exfiltration and leakage
Suspicious or malicious network activity

In addition, firewalls help enforce organisational policies by preventing unauthorised data transfer between systems and networks.

Typically, a firewall sits between a private internal network (LAN) and the public internet, filtering all packets entering and leaving the environment.

How Firewalls Work in Modern Networks

A firewall operates as a security checkpoint that evaluates network traffic based on predefined rules. It can allow, block, or restrict traffic depending on factors such as IP addresses, ports, protocols, and application behaviour.

Modern Next-Generation Firewalls (NGFWs) go far beyond simple packet filtering. They provide advanced capabilities such as:

Deep packet inspection
Application-level filtering
User authentication
Network Address Translation (NAT)
Intrusion prevention systems (IPS)
Content and web filtering

These capabilities make NGFWs essential for protecting complex enterprise environments.

Firewall Deployment: Small vs Large Networks

In smaller environments, software-based firewalls such as Windows Firewall or third-party tools like Comodo Firewall can be installed on individual devices. These can effectively control inbound and outbound traffic on each machine.

However, in large-scale networks, managing firewalls on every device becomes impractical. Instead, organisations implement centralised firewall systems, typically placed at the network perimeter, such as on routers or dedicated security appliances.

Enterprise firewalls allow organisations to enforce consistent security policies across the entire network, making them more efficient and scalable.

Why Firewall Configuration is Critical

A firewall is only as effective as its configuration. Poorly configured firewalls are one of the leading causes of security breaches.

Industry research has shown that the vast majority of firewall-related security incidents result from misconfiguration rather than flaws in the firewall technology itself.

Default settings are rarely sufficient to protect against modern threats. Proper configuration is essential to ensure maximum protection.

Firewall policies are typically defined using:

IP addresses and subnets
Domain names
Security rules and policies
Application-level controls
Port and protocol restrictions
How to Configure a Firewall Securely
1. Secure the Firewall Itself

Before configuring rules, the firewall device must be secured:

Keep firmware updated
Remove or disable default accounts
Use strong, unique passwords
Avoid shared administrative accounts
Apply role-based access control
Restrict management access to trusted networks only
Disable unnecessary services such as SNMP if not required
Log and audit all configuration changes

Security of the firewall itself is the first and most important step.

2. Create Network Zones

A well-designed firewall strategy begins with segmentation.

Networks should be divided into zones based on function and risk level, such as:

Internet (untrusted zone)
DMZ (semi-trusted zone for public-facing services)
Internal network (trusted zone)
Sensitive systems (high-security zones)

Typical DMZ systems include web servers, email gateways, VPN servers, and DNS services.

Internal zones contain critical systems such as databases, workstations, and operational tools.

Each zone is assigned a security level, with strict control over how traffic moves between them.

A general rule in firewall design is:

High-to-low traffic is typically allowed
Low-to-high traffic is restricted
Equal-level zone communication is tightly controlled or blocked
3. Configure Access Control Lists (ACLs)

Access Control Lists define exactly what traffic is permitted or denied.

Best practices include:

Defining specific source and destination IPs
Restricting traffic by port and protocol
Applying both inbound and outbound rules
Ending every rule set with a “deny all” policy
Limiting administrative access to secure networks
Blocking unnecessary or unknown services

ACLs ensure that only explicitly approved traffic is allowed through the firewall.

4. Enable Advanced Firewall Features and Logging

Modern firewalls offer advanced security features that should be properly configured, including:

Web filtering and category-based blocking
Intrusion Prevention Systems (IPS)
File inspection and malware scanning
DHCP and NTP services (if required)

Unnecessary services should be disabled to reduce attack surface.

Logging is also essential. Without proper logging, organisations cannot meet compliance standards such as PCI-DSS Requirement 10 or effectively investigate security incidents.

5. Test the Firewall Configuration

Before deployment, firewall configurations must be tested thoroughly.

Testing methods include:

Vulnerability scanning
Penetration testing
Traffic simulation and rule validation

This ensures that:

Unauthorised traffic is properly blocked
Legitimate traffic flows correctly
Rules behave as intended under real conditions

Once verified, configurations should be backed up securely for recovery purposes.

Key Firewall Design Principles
Use packet-filtering firewalls at network boundaries
Place public-facing servers in a DMZ
Use host-based firewalls on critical servers
Deploy multiple DMZs for complex systems
Use VPNs for secure remote access
Implement IDS/IPS for internal threat detection
Route email traffic through secured gateways
Apply antivirus and anti-spam filtering at entry points
Continuous Monitoring and Maintenance

Firewall security is not a one-time setup. It requires ongoing management.

Best practices include:

Regular firmware updates
Continuous log monitoring
Periodic rule reviews (at least every six months)
Vulnerability assessments
Proper documentation of all changes

Strong firewall management requires skilled administrators, as even small configuration errors can expose the entire network.

Final Thoughts

A firewall is not just a technical tool—it is the foundation of modern cybersecurity architecture. When properly configured and continuously maintained, it significantly reduces the risk of cyberattacks, data breaches, and unauthorised access.

However, its effectiveness depends entirely on correct design, strict configuration, and ongoing vigilance.