A firewall is a security system that filters network traffic according to defined rules. Firewalls control which connections between networks (e.g., internet and internal network) are allowed or blocked.
Types include packet filters (inspect IP addresses and ports), stateful inspection firewalls (consider connection state), and next-generation firewalls (NGFW, which analyze application protocols and content). Web Application Firewalls (WAF) specifically protect web applications. In an ISMS, firewalls are one of the fundamental technical controls for network security (ISO 27001 Annex A, A.8.20–A.8.22). Regular review and cleanup of rulesets is critical — outdated rules are a common audit finding.