A firewall works as a barrier, or a shield, between your computer network and the internet

Your ISP provided device, called a Gateway/modem, functions as a Wi-Fi NAT Router - creating a Local Area Network [LAN] - this enables your devices to access the internet. Network Address Translation [NAT] is the process of modifying the IP information in IP packet headers so that the packets can be routed to the required destination. It is used in home routers [such as the typical Wi-Fi router] to allow a number of devices [such as desktop computers, laptops, gaming consoles, mobile phones, and internet enabled televisions], each with their own network address, to connect to the internet using the one external IP you are assigned by your Internet Service Provider.

Because IP packets that are not recognized are discarded, the NAT process acts like a simple but effective firewall, blocking incoming traffic unless it is in response to previously sent outgoing traffic i.e. blocking unsolicited traffic.

People who think NAT suffices as a firewall have a misunderstanding of these two functions

Here's the Analogy between NAT and a Firewall

Think of NAT as the old mailroom at a corporation. Inbound packages coming to the corporate address is reviewed and the mailroom adds the recipient's cube number for inside delivery. Packages arriving without a valid recipient are simply discarded. Outbound packages pass through the mailroom to the appropriate letter carrier or shipper. NAT performs the same function with inbound and outbound packets.

Now add a security element to the mailroom. Inbound packages get run through an x-ray machine and bomb detection process. Contents are examined to insure no harmful or prohibited items. The return address may be checked and if the packages from a particular address or location, it may be blocked. Having passed through security, the mailroom adds the recipient's cube number for inside delivery. Outbound packages are likewise run past security. Packages destined to certain addresses, or containing certain items, are blocked and returned to the inside sender. His manager receives a report as to what was blocked and why. This is the function a Firewall performs on packets inbound and outbound to the company.

The Objective: Proactive Protection at your Internet Gateway to specifically Regain CONTROL of your Local Network and to block malware, spyware, phishing, cryptomining, ransomware and hackers before they ever reach your network, your computers, all your smart devices.

The Problem: Your ISP is in control of your Local Network: The Gateway device your Internet Service Provider supplies you with to be able to access the Internet does not have any of the three [1,2,3] essential capabilities required for effective protection against the Bad Guys PLUS that gateway device has security implications that you may not be aware of - placing your privacy at risk - your ISP provided Internet Gateway enables your ISP's Technical Support personnel to remotely manage the Gateway device and have direct access to your Business or Home Network or any connected devices with or without your knowledge or explicit permission.

The 3 essential capabilities that are missing to proactively prevent the Bad Guys from breaching your internet connection and your local network are as follows:

1. a Firewall providing an effective method of access control.
2. a dynamic blacklist [MOAB] that identifies the Bad Guys via the IP addresses they use.
3. a Router that is extensibledesigned to allow the addition of new capabilities and functionality and has the hardware capability [cpu, memory and storage]
   to exploit the blacklist in conjunction with the Firewall.

The Solution: Our Firewall access control rules working in conjunction with MOABMother Of All Blacklists adds a highly efficient trap that silently and quickly prevent « any » of over 600 million perpetrators [the Bad Guys] access before they can breach your doorway into the Internet, penetrate your local network and cause damage to your computers and other network dependent smart devices. Guarding your network from the effects of malicious intrusion of unauthorized users and applications begins with solid perimeter and endpoint defenses, and an effective method of access control. The capable Router Firewall we recommend, install and configure provides that effective method of access control - now you are in control - your ISP can still manage their gateway device but they can no longer have access to your local network.

MOABMother Of All Blacklists enables our Firewall to proactively deny all unwanted inbound Traffic. By creating a special Firewall Blacklist that identifies unique IP addresses of known malicious or suspicious entities our Firewall in conjunction with MOABMother Of All Blacklists adds a highly efficient trap that silently and quickly denies « any » of over 600 million perpetrators access before they can breach your Internet door, penetrate your local network and cause damage to your computers and other network dependent smart devices. Because of the very dynamic nature of MOABMother Of All Blacklists we configure the Firewall to automatically update the blacklist 3 times each day so that we can include previously unknown sources [of the perpetrators] as they become known to us.

By restricting inbound traffic to the router, we can prevent the accidental opening up of services on the router. Because our Firewall configuration restricts all types of services except for the services you know about & need, we can prevent any services (that you may not be aware of) from being accessible remotely on the router.

-->