In this article, we’ll explain the key differences between firewalls and VPNs to help you decide which one is right for you—and whether you should use both at the same time.
Jump to…
Key differences between VPNs and firewalls
What is a firewall?
How does a firewall work?
How does a VPN work?
When to use a firewall vs. a VPN?
Should you use both a VPN and a firewall?
Can a VPN bypass a firewall?
Can a firewall block a VPN connection?
How do I bypass firewall blocking VPN?
Key differences between VPNs and firewalls
Both VPNs and firewalls offer digital security, but they work in different ways. We start off with a comparison table before getting into the details of each tool.
| Features | VPN | Firewall |
| Primary function | Encrypts internet activity and masks your real IP address with one belonging to the VPN company. | Monitors incoming and outgoing traffic, filtering out unauthorized activity from your network. |
| Type of protection | Secure and private data transmission. | Keeps out unwanted traffic from a network based on predefined rules. |
| Benefits | 1. Keep traffic hidden from third parties like internet service providers <r> 2. Break through censorship <r> 3. Stay secure via encryption when using unsecured networks like public Wi-Fi<r> 4. Access private networks remotely (with business VPNs) | 1. Block malicious traffic <r><r> 2. Prevent unauthorized access to devices and networks<r> <r> 3. Block traffic from specified applications, ports, or IP addresses<r> <r> 4. Monitor network activity for suspicious behavior |
| How to use | Typically a subscription-based service offering apps for your devices. | Software built into your operating system or bought separately as hardware or software. |
What is a firewall?
Firewalls monitor incoming and outgoing traffic, deciding what’s allowed to pass through and what’s blocked. They analyze data packets based on predefined rules, filtering out malicious content like malware and hack attempts. They can also be set to block traffic from certain locations, applications, or ports.
Most large companies use firewalls. They prevent unauthorized people from accessing the network without the right credentials. Companies often also block popular sites like social media platforms to keep their workers focused. But individuals can also benefit from firewalls by configuring them to block traffic that might be unsafe.
There are several types of firewalls, and they vary in sophistication. Here are a few prominent ones:
- Stateless packet-filtering firewalls. These are the most basic firewalls, and they simply inspect IP addresses and ports and reject those disallowed by administrators. This type of firewall is not widely used due to lack of functionality and flexibility in modern environments.
- Stateful firewalls. This type of firewall uses various information about a data packet to decide whether it should be allowed in. It does this by analyzing the state and context of active network connections.
- Proxy firewalls. These offer the most features and customization, serving as a gateway between devices on a local network and servers on the internet.
How does a firewall work?
Every piece of information seeking entry to or leaving your network, like emails, downloads, and website data, is a data packet. The firewall inspects each packet based on set rules: its origin, destination, type, IP address, port number, the way it’s sent, etc. Based on the set rules, the firewall determines whether it’s allowed entry or blocked. This constant vigilance helps keep your computer and network safe from online threats.
Although firewalls can control both incoming and outgoing traffic, they are sometimes not configured to block your outbound traffic. However, it can be helpful to block questionable outgoing traffic as well, to mitigate what an attacker can do on your network if they make it into your system.
Someone wanting to use a firewall has two broad options: a hardware firewall or a software firewall.
Software firewalls
A software firewall is a program installed on your device. While your computer might come with a software firewall, you could also buy software that’s more advanced.
Benefits of software firewalls
- Often free. Popular operating systems like macOS and Windows include firewall software.
- Easy to use. You can simply turn it on and set it up on your computer.
Hardware firewalls
A hardware firewall is a physical device that sits between your network and the internet. Instead of plugging your router cable into your computer, for instance, you can plug it into the firewall device first. The firewall analyzes each data packet based on predefined rules, checking for and blocking suspicious traffic like malware.
Benefits of hardware firewalls
While hardware firewalls are costlier (versus software firewalls, which are often free), there are reasons they could provide better security.
- Configure just one device for your network. With software, you would configure the firewall on every device, causing more work and more room for error.
- Offers protection even before reaching the device. With a software firewall, the traffic doesn’t get filtered until it’s already reached your device.
- Greater flexibility. Hardware firewalls let you set up complex rules to customize the filtering with granularity.
- Your devices don’t have to expend processing power. The work happens on the firewall device itself, so it won’t slow down your devices.
What is a VPN?
A VPN forms an encrypted tunnel for your internet traffic to keep it private. It creates a secure connection between your device and the internet, making your data transmissions unreadable to third parties like your internet service provider or your network admin. Even if someone were to steal your data as you transmit it, it would take them hundreds of years to decrypt it.
A VPN also replaces your real IP address with one belonging to the VPN company. This increases your anonymity as you browse while concealing your location, since IP addresses are an indicator of where you are. The change in IP address also allows you to access content that’s censored in your country or blocked by your school or office.
Ideally, a VPN does not at any point leak your real IP address. For strong security, a reputable VPN company like ExpressVPN also does not record your activity or your VPN connections. This is to keep your activity private even in the extreme case where they are legally compelled to turn over any records or actual servers to reveal information about user activity.
How does a VPN work?
A VPN usually comes in the form of an app on your phone or computer, although you can use a VPN on any internet-connected device. Just turn on the VPN in the app, and your data is encrypted, meaning it’s scrambled into a code that only the person or website you’re communicating with can decrypt. Any information you send or receive, whether browsing a website, sending an email, or streaming a video, is encrypted.
Once encrypted, your data travels through the secure tunnel to the VPN server. The server acts as your digital intermediary. Instead of showing your actual IP address, a VPN uses its own IP address, which masks your location and makes it harder for anyone to track your online activity.
When the data reaches its destination, the VPN server decrypts it. The decrypted data reaches its final destination as if it were sent directly from your device.
When to use a VPN vs. a firewall
Use a VPN if… secure data transmission and access to information are paramount.
For instance:
- You use public Wi-Fi frequently. Public Wi-Fi such as networks in airports and hotels could be unsecured or accessible by network admins, but a VPN keeps your data encrypted.
- You are an expat or travel a lot. A VPN can help you unblock content censored in your location and help you avoid government monitoring.
- You shop online. Keeping your connection secure gives you peace of mind as you enter sensitive information like credit card details and your phone number into websites.
- You want anonymity. A VPN’s ability to hide your real IP address increases your anonymity as you browse.
Use a firewall if… you want to ensure your home or office network is protected from unauthorized access. On your computer, you already have firewall protection, unless you’ve turned it off. It’s rare for someone to get a hardware firewall or enhanced software firewall for personal use. So getting a separate firewall is mostly a consideration for an organization.
For instance:
- You run a business. Corporate offices almost certainly use firewalls, but small businesses need to practice good cybersecurity, too, and using a firewall is one method to employ.
- You run an organization like a school or hospital. Schools often use firewalls to block inappropriate and distracting content. In all organizational contexts, a firewall can help to defend against attacks that would jeopardize the personal information of staff, customers, students, etc.
Should you use both a VPN and a firewall?
Yes. These security measures do different things to protect your online security. However, sometimes the two don’t work well together. A firewall might prevent you from accessing the internet with a VPN. This would require some adjustments to your firewall’s rules.
Can a VPN bypass a firewall?
Yes, it is possible for a VPN to bypass the rules set by a firewall. For instance, if your school Wi-Fi is set to block access to popular social media sites from within the network, turning on a VPN could allow you to regain access by hiding the fact that you are someone within the network.
However, this doesn’t always work, as many company firewalls block VPNs. They will detect the VPN and block your access. In such cases, a VPN won’t help bypass the firewall.
Can a firewall block a VPN connection?
Yes, a firewall can block a VPN connection. Firewalls can be configured to block specific ports and protocols commonly used by VPNs, such as OpenVPN’s UDP port 1194 or PPTP’s TCP port 1723. This essentially bars the VPN connection at the entry point. Some advanced firewalls employ deep packet inspection (DPI) technology to analyze the data packets flowing through the network. They can identify traffic patterns characteristic of VPNs and block them before they’re established.
How do I know if my firewall is blocking my VPN?
- Connection failure. The most obvious clue is if your VPN refuses to connect on a specific network but works fine on others. If you try establishing a connection and it constantly fails, your firewall could be the culprit.
- Slow internet speeds. While VPNs can sometimes affect speed, a significant drop in performance after attempting to connect through the VPN might indicate the firewall throttling or blocking some of the traffic.
- Error messages. Some firewalls display specific error messages related to blocking VPN connections. Check your firewall logs or notification area for any suspicious messages around the time you attempt to connect your VPN.
- Check firewall configuration. If you’re comfortable digging deeper, you can check your firewall settings directly. Look for rules blocking your VPN application or specific ports and protocols commonly used by VPNs.
How do I bypass firewall blocking VPN?
Bypassing a firewall blocking a VPN isn’t always recommended due to security concerns and potential violation of network usage policies. However, if you find yourself in a situation where you need your VPN to work, here are some methods you can try:
- Switch to data. If you are using your phone on company Wi-Fi, for instance, rather than trying to bypass the firewall, simply change to using your data plan on your phone. You won’t be hindered by the firewall.
- Change VPN protocols and ports. Most VPNs offer different protocols and ports for establishing connections. Try switching to different protocols like OpenVPN (TCP/UDP), IKEv2, or WireGuard, and different ports like 443 (HTTPS) or 80 (HTTP) commonly used by websites, which might be less likely to be blocked.
- Use obfuscation techniques. Some VPNs offer obfuscation features that disguise VPN traffic as regular internet traffic, making it harder for firewalls to detect and block. Explore your VPN’s settings for such options.
- Shadowsocks or SSH tunneling. Shadowsocks is a secure socks5 proxy protocol that can be used to tunnel your traffic through an intermediate server, potentially bypassing firewall restrictions. Additionally, setting up an SSH tunnel can also serve as a way to encrypt and route your traffic through another server.
