In a TCP/IP network, a port is a number that identifies the type of network traffic. If an incoming or outgoing port is "open," packets with that port number are allowed into or out of the local network (LAN). Ports are opened and closed in the firewall.
Home Router/Firewalls
Consumer routers such as the wireless router commonly found in homes and small businesses have a built-in firewall. Fresh out of the box, all incoming ports are generally closed and all outgoing ports are open. Any requests initiated by the user that go out to the Internet automatically open the appropriate incoming port to receive the responses. See
wireless router.
Commercial Firewalls and Routers
In companies, firewalls, routers and most other network devices are separate units. Newly installed commercial firewalls generally have all ports closed, in and out, but some have outgoing ports open. In most cases, commercial firewalls work like consumer firewalls and automatically open incoming ports for requests initiated by the user.
Many companies host services such as a Web server or mail server on their LANs for access via the Internet, and network administrators must open incoming and outgoing ports in the firewall for those types of traffic. They must also configure their routers to forward incoming packets to the appropriate server. Another example is using the Internet and the local company network for telephone service, and callers "phone in." The ports for voice over IP (VoIP) traffic must be opened in the firewall and forwarded by the router to the telephone PBX (see
port forwarding). See
TCP/IP port and
firewall.
Numbers or Physical Sockets
TCP/IP ports are numbers in the headers of the network packets that identify email, Web and other services. The firewall inspects them as they enter and leave the network. LAN ports are physical jacks that Ethernet cables plug into. See
well-known port.
Commercial Stand-Alone Firewalls
For services offered to users on the public Internet, ports are opened in the firewall, and packets are forwarded to the appropriate server (see
port forwarding). In the large enterprise, network devices are separate units, and there would be additional layers of security (see
DMZ).