What is a router and what does it actually do
A router is a device that connects a company network to the Internet and directs traffic between them. Every company with Internet access has a router - it is the network entry point without which nothing works.
A basic router does one thing: it decides where each data packet goes. It knows where a packet came from and where it needs to go. It does not analyze the contents, assess whether traffic is safe, or block threats. It forwards what comes in and sends out what goes out - according to a routing table, not a security policy.
Most routers have a built-in basic firewall - packet filtering that blocks traffic based on IP addresses and ports. It is useful, but insufficient. Such a firewall does not understand what is happening inside the connection - it sees that a packet arrived on port 443, but it does not know whether it is a safe website or a server controlled by an attacker.
How does an active firewall differ
An active firewall - also referred to as a Next-Generation Firewall or NGFW - analyzes traffic at a much deeper level. Instead of looking only at packet headers, it examines their content, recognizes applications and protocols, checks the reputation of IP addresses and domains, and detects patterns characteristic of malware.
Key functions that distinguish an active firewall from a basic router:
- 1
SSL Inspection - Most internet traffic today is encrypted. A basic router sees an encrypted tunnel but has no visibility into its contents. An active firewall can open that tunnel, inspect the payload, and re-seal it - transparently to the user and without affecting application performance. This prevents malware from hiding inside encrypted traffic. It matters because attackers have long known that HTTPS encryption raises no suspicion - and they use it to conceal communication with command-and-control servers.
- 2
Content and Category Filtering - An active firewall works with databases of malicious domains, IP addresses, and website categories, updated in real time by the vendor. When an employee clicks a link in a phishing email, the firewall checks the destination domain before the browser has a chance to load it - and blocks the connection if the address appears on threat lists. A basic router has no such databases. It has no awareness of domain reputation - and passes traffic through without any verification.
- 3
Application Control - A firewall identifies specific applications within network traffic and can apply separate policies to each. A messaging app using port 443 to bypass restrictions will be identified as a messaging app - not as HTTPS traffic. The same applies to file transfer applications, torrents, or remote access tools that employees install without IT's knowledge - the firewall sees what is actually running on the network, regardless of how the application attempts to disguise itself.
- 4
Anomaly Detection - An active firewall learns what normal network traffic looks like and responds when behavior deviates from the pattern. A workstation that suddenly starts scanning other devices on the network or sending large volumes of data to an external server in the middle of the night will be flagged and blocked - before it can cause serious damage. In the case of a ransomware infection, where the malware often exfiltrates encryption keys to an external server before encrypting data, this kind of detection can stop the attack in its early stages.
Which option is for whom?
A standard router without active firewall functions works only in the simplest cases - a small home network, a single workstation, or an environment with no sensitive data and no security requirements. In a corporate environment where customer data, correspondence, and access to business systems flow through the network, a basic router is not enough.
A router with active firewall functions is a solution for the vast majority of companies - from a few to several dozen users. One device combines routing with full traffic inspection, content filtering, and threat detection. Easier to manage, cheaper to deploy, and sufficient for most environments.
A setup with a separate router and a separate firewall appears in more complex environments - large networks, multiple sites connected via VPN, high availability requirements, or industry regulations requiring detailed traffic auditing. Each device is optimized for its own task and can be updated or replaced independently.
What it looks like at Helpwise
Selecting and configuring edge devices is one of the first topics we discuss with a new client. We assess the size of the network, the number of users, traffic characteristics, and security requirements - and based on that we recommend a specific solution. Firewall configuration is not a one-time task - we make sure policies stay current, threat databases are updated, and infrastructure changes are reflected in the rules.