A network firewall is usually placed at the boundary between the internal trusted network and the external untrusted internet. This placement allows it to filter incoming and outgoing traffic to protect the internal network.
Packet filtering firewalls check packet headers such as source and destination IP addresses and ports but do not inspect the data payload inside the packets.
Placing a firewall only at the network perimeter protects against external threats but does not stop attacks or unauthorized access from inside the network, such as from compromised devices or malicious insiders.
A proxy firewall acts as a middleman, receiving requests from users and forwarding them to the internet, then returning the responses. This hides user details and can filter content more deeply.
Combining perimeter firewalls with internal segmentation firewalls helps protect against external threats and limits access to sensitive data inside the network, providing layered security.