Firewalls are designed to control access to and from a system or network. Firewalls can be used to protect a particular system, a set of systems or a whole network. Depending upon the roles and deployment scope, design and functionality of firewalls can be different. Firewalls designed to protect a particular system are configured so that the system resources are protected while making sure that the system is accessible to the legitimate users and services from outside. Hence, the firewall is configured and programmed to protect unwanted and illegitimate access while allowing legitimate use. Services such as user authentication, port and traffic rate control, VPN access and rules to allow access from specific network/hosts to specific ports/services/applications in the
protected system are deployed in the firewall. The scale, complexity and size of the system protection firewall is based on the expected traffic volume to and from the system, nature of the system, criticality of the system and network exposure of the system. In overall principle of operation, a system protection firewall is like any other firewall but the specific functional details, rules and policies are specific to the particular system being protected. As in every kind of firewall, the system protection firewall also has role of controlling access, verifying users/networks trying to use system resources, restricting unwanted access, restricting access to unnecessary services / ports in the system. The firewall also has to alert/inform system administrators about any unwanted event or activity related to the system.