Since the primary function of a Firewall is to protect a network’s data and resources from outside threats, they are usually placed at the end point of a network.
A firewall can be a dedicated Hardware device, or Software running in a computer.
Firewalls can be configured with “rules”. Firewall rules can be used to allow/deny network traffic from/to the network. These rules can be based on Source/Destination network, Source/Destination IP Address, Source/Destination TCP/UDP port numbers, Protocols, Applications etc.
Following image shows a Cisco ASA 5520 firewall device