Network firewalls are built to keep the bad guys out of your network while allowing your users to maintain high availability to the Internet resources they wish to use. Setting up a corporate firewall takes time and some planning. Your first objective should be to know what to allow to come into your network from the outside world. I begin with a drawing like the one above. When you allow traffic from the outside world you should only allow a direct connection from the company or service you wish to use. Next we begin to write up any static routes we might need. These items might be a mail server or maybe your web server. Also remember after you setup the static routes you then open the correct ports to that internal IP address. Remember to allow any internal traffic to go out of your network. One tip to keep in your back pocket is if you ever get a rouge machine on your network spamming emails. If you use off site email services simply deny port 25 SMTP traffic from going out of your network. Planning is everything so that you don’t run into issues using the Internet. The last word of advice is to revisit your firewall configuration at least once ever six months. Also buy a firewall large enough to pass the bandwidth that you have, you don’t want it to become a bottle neck for your Internet traffic.