firewall

A firewall is a security device or software service that monitors and filters network traffic between different network zones based on predefined security rules. It is commonly placed at the boundary between a trusted internal network and an untrusted network, such as the public internet, and is a foundational control in most IT and OT cybersecurity architectures.

What a firewall does

At its core, a firewall inspects incoming and outgoing network packets and decides whether to allow, block, or log them according to configured policies. These policies can be based on attributes such as source and destination IP addresses, ports, protocols, and in more advanced cases, application type or content signatures.

In industrial and regulated manufacturing environments, firewalls are used to:

• Segment corporate IT networks from OT networks (for example, separating the MES or ERP network from PLCs and controllers)
• Control remote access into production environments, including VPN access for vendors or support
• Enforce “demilitarized zones” (DMZs) for systems that bridge IT and OT, such as data historians, OPC gateways, or reporting servers
• Limit which systems can communicate with critical assets, such as batch servers, quality systems, or validated databases

Firewall types commonly used in manufacturing

Firewalls can be implemented in different ways, often used together:

• Network firewalls: Hardware or virtual appliances deployed at network boundaries to control traffic based on IP, ports, and protocols. These are typical at plant perimeters, between plant and enterprise networks, or between OT zones.
• Next-generation firewalls (NGFW): Network firewalls with additional capabilities such as deep packet inspection, application awareness, intrusion prevention, and user identity integration.
• Host-based firewalls: Software firewalls running on individual servers or workstations (for example, on MES servers, historian servers, or lab systems) to control traffic to and from that host.
• Industrial / OT firewalls: Firewalls designed for control networks, often supporting industrial protocols and harsh environments, used between control cells, production lines, and safety systems.

Operational considerations in regulated environments

In regulated manufacturing, firewall configuration typically interacts with change control, validation, and documentation requirements. Common operational aspects include:

• Documenting firewall rules that affect validated systems, such as MES, quality management, or data capture systems
• Managing rule changes through formal change control processes, including impact assessment and approvals
• Maintaining audit trails and configuration backups for firewall policies
• Coordinating firewall maintenance windows to avoid unplanned downtime of production or quality-related systems

Common confusion

• Firewall vs. intrusion detection/prevention systems (IDS/IPS): A firewall primarily enforces traffic rules. IDS/IPS tools analyze traffic patterns for signs of malicious behavior. Many next-generation firewalls integrate IDS/IPS features, which can blur the distinction.
• Firewall vs. antivirus/endpoint security: A firewall controls network connectivity, while antivirus and endpoint security focus on detecting and blocking malware or suspicious activity on individual devices.
• Firewall vs. network segmentation: Network segmentation is the design concept of dividing a network into zones. Firewalls are one of the main technical controls used to enforce those segmentation boundaries.

Relation to basic security controls

When organizations in regulated manufacturing define a small set of core cybersecurity controls, a firewall or equivalent network boundary control is typically included. It works in combination with access control, logging and monitoring, vulnerability management, and secure configuration baselines to protect both IT and OT systems.