Firewall
Definition
Security software that blocks unauthorized access to your computer or network. Like a security guard for your digital data.
Use Cases
- Netflix: Protecting cloud workloads by restricting inbound and outbound network traffic to only approved services and ports — Uses AWS security controls including network segmentation (VPCs/subnets) and security filtering (security groups/NACLs and firewalling patterns) to limit exposure and reduce attack surface for services running in AWS (Reduced risk of unauthorized access by enforcing least-privilege network connectivity and limiting externally reachable endpoints)
- Etsy: Reducing exposure of internal services and controlling access to production systems — Applies network access controls and firewalling practices to restrict administrative access paths and segment environments, limiting which systems can talk to each other (Improved security posture by minimizing lateral movement opportunities and tightening access to sensitive systems)
Provider Equivalents
- AWS: AWS Network Firewall
- Azure: Azure Firewall
- GCP: Google Cloud Firewall Rules
- OCI: OCI Network Firewall
Frequently Asked Questions
- What's the difference between a firewall and a security group?
- A firewall is a broader traffic-filtering control that can inspect and block network connections based on rules (and, in some managed services, advanced features like threat signatures). A security group is a cloud-specific, instance-level virtual firewall that typically allows/denies traffic based on IP, port, and protocol for a specific resource. In practice, security groups are often used for simple allow-listing close to workloads, while managed firewalls can provide centralized policies and deeper inspection for entire networks.
- When should I use a firewall in the cloud?
- Use a firewall when you need to control which traffic is allowed into or out of your network or workloads. Common cases include: exposing an application to the internet safely (allow only required ports), restricting admin access (only from trusted IPs/VPN), segmenting environments (prod vs. dev), controlling outbound traffic to reduce data exfiltration risk, and meeting compliance requirements that require centralized network security controls.
- How much does a firewall cost?
- Cost depends on the type of firewall. Basic cloud firewall rules (like GCP VPC Firewall Rules) are often included as part of the networking service, while managed firewall products (like AWS Network Firewall, Azure Firewall, and OCI Network Firewall) typically charge based on deployment time (per hour) plus traffic processed (per GB) and sometimes additional features (threat intelligence, logging, or premium tiers). Your main cost drivers are throughput, number of protected networks/endpoints, and how much logging/inspection you enable.
Category: security
Difficulty: intermediate
See Also