In a TCP/IP network, a port is a number that identifies the type of network traffic. If an incoming or outgoing port is "open," packets with that port number are allowed into or out of the local network (LAN). Ports are opened and closed in the firewall.
Consumer routers such as the wireless router commonly found in homes and small businesses have a built-in firewall. Fresh out of the box, all incoming ports are generally closed and all outgoing ports are open. Any requests initiated by the user that go out to the Internet automatically open the appropriate incoming port to receive the responses. See wireless router
Commercial Firewalls and Routers
In companies, firewalls, routers and most other network devices are separate units. Newly installed commercial firewalls generally have all ports closed, in and out, but some have outgoing ports open. In most cases, commercial firewalls work like consumer firewalls and automatically open incoming ports for requests initiated by the user.
Many companies host services such as a Web server or mail server on their LANs for access via the Internet, and network administrators must open incoming and outgoing ports in the firewall for those types of traffic. They must also configure their routers to forward incoming packets to the appropriate server. Another example is using the Internet and the local company network for telephone service, and callers "phone in." The ports for voice over IP (VoIP) traffic must be opened in the firewall and forwarded by the router to the telephone PBX (see port forwarding
). See TCP/IP port
Numbers or Physical Sockets
Commercial Stand-Alone Firewalls
TCP/IP ports are numbers in the headers of the network packets that identify email, Web and other services. The firewall inspects them as they enter and leave the network. LAN ports are physical jacks that Ethernet cables plug into. See well-known port
For services offered to users on the public Internet, ports are opened in the firewall, and packets are forwarded to the appropriate server (see port forwarding
). In the large enterprise, network devices are separate units, and there would be additional layers of security (see DMZ