Firewalls are typically managed through a proprietary application or a web browser using HTTP. Management ports for firewalls and other organizational services should be separated from regular user access, ideally connecting management services to the organization’s user directory, such as Active Directory in Windows environments.
Firewalls can divide traffic between hosts and systems into segments, often referred to as zones. Each segment contains services that are permitted to communicate with one another.
Connections to and from a segment should be strictly managed by the firewall to prevent unauthorized access. Smaller segments provide better segregation but require more management. In a flat network, without segmentation, users and systems can communicate directly, bypassing firewall enforcement.