Minerva Studio - Fotolia

Get started Bring yourself up to speed with our introductory content.

Inbound vs. outbound firewall rules: Comparing the differences

Enterprise network security expert Kevin Beaver compares and contrasts the roles of an inbound firewall and an outbound firewall. Find out what the differences are.

Please compare and contrast the role of an inbound firewall vs. an outbound firewall. In what ways does the role of each type of device affect how it should be configured?

Simply put, an inbound firewall protects the network against incoming traffic from the internet or other network segments, namely disallowed connections, malware and denial-of-service attacks. An outbound firewall protects against outgoing traffic originating inside an enterprise network. Often, a single firewall can serve both functions.

The configuration of such firewalls is business, network and risk-specific, so the configuration for, say, a manufacturing business's firewall will likely be a lot different than that of a cloud service provider's firewall. Traditional, customizable firewall rules allow specific ports, services and IP addresses to connect in or out.

Inbound-outbound firewall

Sometimes, a dedicated firewall appliance is used for outbound traffic because of the specialized filtering technologies needed. Such systems often perform specialized functions, like content filtering for email or web browsing. They tie into the business's directory service (e.g., Active Directory and Lightweight Directory Access Protocol) so they can provide access, filtering and reporting based on each user's network account. Other firewall systems look for outbound malware and security-related threats.

Using outbound firewalls

It's actually rare to see an outbound firewall used because of the complexities that it introduces into the network. Oftentimes, outbound firewalls interrupt application traffic, disrupt business workflows and get users upset unless close attention has been paid to configuring the firewall in just such a way to enable everything to work.

However, in certain cases, businesses might need to filter outbound traffic. For example, an outbound firewall can be beneficial in very locked down environments that control network behavior down to the host level. Alternately, certain data loss prevention technologies may need an outbound firewall to protect specific information on the host.

Analyzing and controlling outbound traffic has become more important today as security teams look to prevent the exfiltration of sensitive data by intruders or malicious activity from insider threats.

Be it an inbound or outbound firewall, you have to not only focus on the system configuration, but also make sure you're monitoring for system anomalies. Even the most secure firewalls can only do so much.

Next Steps

Learn about the importance of network monitoring for cybersecurity readiness

Find out how invalid certificates can jeopardize enterprise security

Read more on the benefits of static source code analysis

This was last published in August 2017

Dig Deeper on Network device security: Appliances, firewalls and switches

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

What rules does your organization have for inbound and outbound firewalls?
This is a little misleading, though inadvertently, I'm sure. Most firewalls do, in fact, protect against inbound traffic and threats that could be picked up via outbound connections. On the inbound side, even the most basic packet filters (20+ year old tech) are generally configured to deny all incoming connections except for those that have to be allowed (to mail servers, web servers, etc). For those types of inbound connections, modern firewalls have various layers of security to check the inbound connections to see if they contain dangerous traffic.
On the outbound side, the firewall is still often protecting against threats that are on the "outside," such as inadvertent downloads of malware, inappropriate content, etc. Sometimes it is indeed important to flat-out block certain streams trying to exit the network. Finally (and this point confused me when I first got into this business) most outbound connections have an inbound reply, but the firewall rules that apply are still "outbound" rules--they are based on where the connection originated, even though it's bidirectional.
My point here is that the majority of firewall products (UTM, NGFW, etc) have a battery of defenses for both inbound and outbound connections.
Protection protects you from threats that originate outside of your Mac and try to get in. Outbound protection alerts you to attempts to connect out from your machine
The concept of having two different devices for firewalling inbound vs outbound traffic can certainly seem odd, especially since "ordinary" (good old fashioned) firewalls have always had to monitor inbound and outbound connections -- as DNSrulz notes.

Given that firewalls are based on having perimeters, and perimeters are becoming less possible to maintain with so much integration of BYODs, third parties and mobile workforces, I wonder how long firewalls will remain relevant at all?