What Exactly is a Firewall?

Think of a firewall as a security guard for your business network. Just as a security guard checks who enters and leaves a building, a firewall inspects all network traffic flowing in and out of your business and decides what to allow and what to block.

Every time a device on your network tries to access the internet — or something on the internet tries to reach your network — the firewall checks the traffic against a set of rules. Legitimate traffic passes through. Suspicious or unauthorised traffic gets blocked.

Without a firewall, your business network is directly exposed to the internet. Every device, every server, every printer is potentially accessible to anyone in the world. That's not a theoretical risk — businesses across Belfast and Northern Ireland are targeted by automated attacks thousands of times per day.

Types of Firewalls

Firewalls come in several forms, each suited to different situations:

Hardware Firewalls

A hardware firewall is a dedicated physical device that sits between your internet connection (router/modem) and your internal network. All traffic must pass through it.

• Pros: Dedicated processing power, protects your entire network, doesn't slow down individual computers, harder to bypass
• Cons: Higher upfront cost, requires configuration, needs occasional firmware updates
• Examples: Cisco Meraki MX, Fortinet FortiGate, SonicWall TZ series, Ubiquiti UniFi Security Gateway and Dream Machine

For most businesses, a hardware firewall is the foundation of network security. It's the single most important security investment you can make.

Software Firewalls

A software firewall runs on individual computers and devices. Windows Firewall and macOS's built-in firewall are examples.

• Pros: Already included with your operating system, protects individual devices even outside the office
• Cons: Only protects the device it's installed on, uses that device's processing power, can be disabled by users or malware

Software firewalls are a useful second layer of defence but should never be your only protection. They complement a hardware firewall — they don't replace one.

Cloud Firewalls (Firewall-as-a-Service)

Cloud firewalls operate in the cloud and filter traffic before it reaches your network. Services like Cloudflare, Zscaler, and Cisco Umbrella fall into this category.

• Pros: No hardware to maintain, scales automatically, protects remote workers, always up to date
• Cons: Ongoing subscription cost, depends on internet connectivity, less control over configuration

Cloud firewalls are increasingly popular for businesses with remote workers, but most SMEs still benefit from having a hardware firewall at their office as well.

What Modern Firewalls Actually Do

Today's business firewalls — often called Next-Generation Firewalls (NGFW) or Unified Threat Management (UTM) devices — do far more than simply blocking ports:

• Deep packet inspection: Examines the actual content of network traffic, not just the headers, to detect malware and threats
• Intrusion detection and prevention (IDS/IPS): Identifies and blocks known attack patterns in real time
• Web filtering: Blocks access to malicious, inappropriate, or time-wasting websites
• Application control: Identifies and controls specific applications (e.g., block BitTorrent, limit social media)
• VPN gateway: Provides secure remote access for staff working from home
• Anti-malware scanning: Scans downloads and email attachments for viruses and malware
• Geo-blocking: Block traffic from countries where you don't do business, reducing your attack surface

Why Every Business Needs a Firewall

Some small business owners assume they're too small to be targeted. The reality is the opposite — small businesses are the primary target because they typically have weaker security:

• Automated attacks don't discriminate: Bots scan every IP address on the internet looking for vulnerabilities. Your business is being probed right now, whether you know it or not
• Ransomware is devastating for SMEs: A single ransomware attack can encrypt all your files and demand thousands in payment. Many small businesses never recover
• Data protection regulations: GDPR requires businesses to implement appropriate technical measures to protect personal data. A firewall is considered a baseline requirement
• Client trust: If you handle client data (and almost every business does), a breach destroys trust and can end client relationships
• Insurance requirements: Many cyber insurance policies now require a business firewall as a condition of coverage

Firewalls and Your WiFi Network

Your firewall and WiFi network work together. The firewall protects the perimeter of your network, while your WiFi access points control who connects wirelessly. A properly configured firewall ensures that even if someone gains WiFi access, they can't reach sensitive resources or exfiltrate data.

Some devices combine both functions. The Ubiquiti Dream Machine Pro, for example, includes a firewall, router, and WiFi controller in a single device — making it popular with small businesses that want comprehensive protection without multiple boxes.

How Much Does a Business Firewall Cost?

• Entry level (Ubiquiti USG/Dream Machine): £150-350 one-time cost, no ongoing licence fees
• Mid-range (Fortinet FortiGate 40F/60F, SonicWall TZ270): £400-800 plus £200-400/year for security subscriptions
• Enterprise (Cisco Meraki MX67/MX68): £500-1,000 plus £300-600/year for cloud licensing

The annual subscription fees cover threat intelligence updates, new attack signatures, and web filtering databases. Without these updates, your firewall's effectiveness degrades over time.

For detailed product comparisons, see our guide to the best firewalls for small businesses.

Setting Up a Firewall Properly

A firewall is only as good as its configuration. Common mistakes include:

• Default passwords: Always change the admin password immediately
• Overly permissive rules: Start with a "deny all" policy and only allow what's needed
• No logging: Enable logging so you can investigate incidents
• Outdated firmware: Keep your firewall firmware current to patch vulnerabilities
• No monitoring: A firewall that nobody monitors is only partially effective

For a broader view of protecting your business, read our guide on cybersecurity essentials for small businesses.

How Drakos Systems Can Help

At Drakos Systems, we supply, install, and manage business firewalls for companies across Belfast and Northern Ireland. We'll assess your network, recommend the right firewall for your size and budget, configure it properly, and provide ongoing monitoring and management. Cybersecurity isn't optional in 2026 — it's a business essential, and a properly configured firewall is where it starts.