Skip to content
NeoGuard

Firewall

A network security system that monitors and controls incoming and outgoing traffic based on predefined rules, acting as a barrier between trusted and untrusted networks.

A firewall sits between your network and the outside world, inspecting traffic and enforcing rules about what can enter and leave. It is one of the oldest and most fundamental security tools, but modern firewalls are far more sophisticated than simple packet filters.

Types of Firewalls

  • Network firewalls: Hardware or software that protects an entire network. Standard for any office setup.
  • Host-based firewalls: Built into operating systems (Windows Firewall, macOS firewall). Protects individual devices.
  • Next-generation firewalls (NGFW): Combine traditional firewall rules with deep packet inspection, intrusion prevention, and application awareness.
  • Cloud firewalls (FWaaS): Firewall-as-a-Service for organizations using cloud infrastructure.

What a Firewall Does (and Doesn’t Do)

A firewall controls network access. It can block unauthorized connections, prevent malware from communicating with command servers, and enforce segmentation between network zones.

A firewall does not:

  • Protect against phishing (which arrives via legitimate email channels)
  • Replace encryption (a firewall doesn’t protect data in transit over the internet)
  • Prevent attacks through a VPN tunnel if the VPN credentials are compromised
  • Detect zero-day exploits in application-layer traffic (unless it’s an NGFW with behavioral analysis)

Firewalls for Swiss SMEs

For small teams without a dedicated IT department, the priority is:

  1. Ensure your router’s built-in firewall is enabled and configured
  2. Enable host-based firewalls on all work devices
  3. If using cloud services, configure security groups and access rules
  4. For remote workers, combine a VPN with 2FA rather than opening firewall ports

Firewalls and Compliance

The nDSG expects “appropriate technical measures” for data protection. A properly configured firewall is considered a baseline expectation. For financial institutions, FINMA explicitly requires network segmentation and access controls.

Related Terms

VPN (Virtual Private Network)MalwareEncryption