Why Your Firewall Shouldn’t Be Your Web Filter (Comparison)

If you want to control access to specific websites, you need a web filter – not a firewall. In this article I’ll compare web filtering software to firewalls so you can get the best internet filter for controlling employee internet access.

Why your firewall is NOT a replacement for a web filter

Screenshot of category filtering window from BrowseControl web filter. Porn and social media categories blocked.

They’re Not as Reliable: Traditional firewalls block websites based on IP addresses, protocols, domains, and port numbers, not URLs. If you try to block a website with a multiple or dynamic IP address, it may still be accessible.
They’re Too Strict: The closest that traditional firewalls can get to a web filter is by blocking based on the IP address of the domain. They lack granularity and cannot exempt specific URLs from their firewall rules (eg. YouTube.com/user/CurrentWare), forcing you to block the whole website from being accessed by your entire network.
They Can be Easily Bypassed: Firewall policies only apply to your network. Without a web filtering agent installed on the device your employees or students can still access blocked websites by connecting their devices to their own network or a mobile hotspot.
They Lack Granularity: A dedicated web filter lets you customize internet restriction based on users, computers, and workgroups. Traditional firewalls operate at the network level, applying internet restriction for everyone equally without the option to customize filtering policies.
Firewalls Are Finicky: A dedicated web filter makes blocking employees from accessing unproductive websites simple and efficient. Firewalls often require a high degree of technical proficiency and tedious IP lookups to block websites. With a web filter all you need to do is add the URL of the website to the blocked or allowed list.

That said, a web filter is not a direct replacement for a firewall. Each tool has its own unique use-cases. For the greatest security, a multi-layered approach that includes both solutions is ideal.

A web filter is best for…	A firewall is best for…
When you want to block internet access based on users, devices, or workgroups.	When you want to control inbound (ingress) and outbound (egress) traffic separately.
When you want to block websites based on their URL	When you want to prevent unauthorized traffic within your network
When you want to easily configure internet access permissions for several endpoints	When you want to block traffic that has been identified as being potentially malicious

Try using a web filter today

What’s the difference between a firewall and a web filter?

Fundamentally web filters and firewalls serve different purposes. A web filter blocks access to specific types of web content and a firewall prevents your network from exposing internal services and computers to external threats.

Traditional firewalls and web filters operate at different layers of the Open System Interconnection (OSI) model.

Packet filtering firewalls operate at layer 3 (the network layer). They inspect data packets to filter traffic based on IP address or network port.
Firewalls can also operate at layer 4 (the transport layer). They will filter network traffic based on protocols such as Transmission Control Protocol (TCP)
Web filters and web application firewalls operate at layer 7 (the application layer). This is the layer where specific websites can be uniquely identified by their URL or domain name.

While Web Application Firewalls (WAFs) can operate at layer 7 to block specific websites, these tools are designed to protect networks and web applications from application-based security flaws such as SQL injections. If you want to block websites to enforce internet use policies, a web filter is quicker and easier to manage.

Free Template

Employee Internet Usage Policy

Paper document that says "Internet Usage Policy"

Download this FREE acceptable use policy, customize it, and distribute it to your employees to set a precedent for the acceptable use of the internet in the workplace.

What does a web filter do?

BrowseControl is an easy-to-use web filter that helps organizations enforce policies, improve productivity, reduce bandwidth consumption, and meet compliance requirements – no matter where their users are located.

With BrowseControl you can ensure a safe and productive environment by blocking high-risk, distracting, or inappropriate websites, improve network performance by blocking bandwidth hogs, and prevent users from using unsanctioned applications and software-as-a-service providers

BrowseControl’s security policies are enforced by a software agent that is installed on your user’s computers. This allows the solution to continue blocking websites and applications even when computers are taken off-site.

BrowseControl’s central console allows you to configure your security policies from the convenience of a web browser.

With BrowseControl you can Block or allow websites based on URL, category, domain, or IP address, assign custom policies for each group of computers or users, prevent users from launching specific applications, and block network ports to reduce the attack surface of your network

There are three key methods for blocking websites with BrowseControl:

The Blocked List allows you to block specific websites based on URL, domain, or IP address

Category Filtering allows you to block millions of websites across over 100 content categories including pornography, social media, and virus-infected sites.

and finally, you can use the Allowed List to allow specific websites that would otherwise be blocked based on their category, or for the greatest security and control you can block all websites except for those that are on the Allowed List.

When your users try to visit a blocked website they can either be presented with a custom warning message or directed to another site, such as a page with a reminder of your organization’s internet use policy.

With BrowseControl’s App Blocker you can prevent your users from launching specific applications.

Simply select the group you would like to restrict, enter the Original Filename of the application to the Application List, and add it to the blocked applications list.

When the user tries to launch the blocked application they can be presented with a custom warning message that alerts them of the restriction.

BrowseControl is best used in tandem with our computer monitoring software BrowseReporter. Using both solutions provides the visibility and control you need to ensure that your organization’s computers are being used appropriately.

Don’t let internet abuse run rampant in your organization. Take back control over web browsing with a free trial of BrowseControl.

Get started today by visiting CurrentWare.com/Download

If you have any technical questions during your evaluation our support team is available to help you over a phone call, live chat, or email.

Thank you!

Get My Free Trial

Learn More

Web filters use URL filtering and domain filtering to block websites. BrowseControl restricts internet access by comparing the websites that employees are visiting to an established blacklist (blocked list) and whitelist (allowed list). Any URLs or domains (eg. Facebook.com) that are on the blacklist are blocked from being accessed.

A web filter gives you greater web access control than a firewall

Unless you are using a next generation firewall (NGFW) with an integrated web filter that allows you to block specific URLs, a dedicated web filter is going to give you far more granularity for controlling access to websites.

With a web filter you can:

Block an entire website while allowing exceptions for specific pages
Modify web access permissions for each user, device, and department
Schedule internet access permissions to give employees access to unproductive websites during their breaks

Firewalls with added DNS-based internet restriction capabilities can block websites as well, but they can only block the entire website – not specific URLs. When a user types in “YouTube.com”, their browser will make a DNS query to get the IP address of the website. Unfortunately, a firewall with a DNS filter cannot tell the difference between YouTube.com or https://www.youtube.com/user/Currentware/ as they both have the same IP address.

See how easy it is to block a website with BrowseControl

BrowseControl makes web filtering incredibly easy:

Block specific websites by adding URLs/Domains to your blocked list
Block millions of websites based on category (Porn, Social Media, etc) with the category filtering feature
Block entire websites except for specific pages by adding pages to the Allowed List
Restrict internet access to only specific websites and internal IP addresses using the Allowed List

Learn More: How to Block a Website

Block websites by URL

Click the user, computer, or department you want to manage
Click “URL Filter”
Add the website you would like to block to to the URL list
Transfer the website to BrowseControl’s Blocked List

Block websites by category

Click the user, computer, or department you want to manage
Click “Category Filtering”
Add the categories you would like to block (ex. “Social Media”) to the Blocked Category List

Only allow specific websites, block everything else

Click the user, computer, or department you want to manage
Set “Internet” to “Off” to instantly blacklist all websites that aren’t on the allowed list
Click “URL Filter”
Add the websites you would like to allow to to the URL list
Transfer the websites to BrowseControl’s Allowed List

Want to try it yourself? Click the button below to get a free trial of BrowseControl

Start Blocking Websites Today Learn More

Sai Kit Chu

Sai Kit Chu is a Product Manager with CurrentWare. He enjoys helping businesses improve their employee productivity & data loss prevention efforts through the deployment of the CurrentWare solutions.

Cookie	Duration	Description
__cfruid	session	Cloudflare sets this cookie to identify trusted web traffic.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
JSESSIONID	session	The JSESSIONID cookie is used by New Relic to store a session identifier so that New Relic can monitor session counts for an application.
LS_CSRF_TOKEN	session	Cloudflare sets this cookie to track users’ activities across multiple websites. It expires once the browser is closed.
OptanonConsent	1 year	OneTrust sets this cookie to store details about the site's cookie category and check whether visitors have given or withdrawn consent from the use of each category.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
_zcsr_tmp	session	Zoho sets this cookie for the login function on the website.

Cookie	Duration	Description
_calendly_session	21 days	Calendly, a Meeting Schedulers, sets this cookie to allow the meeting scheduler to function within the website and to add events into the visitor’s calendar.
_gaexp	2 months 11 days 7 hours 3 minutes	Google Analytics installs this cookie to determine a user's inclusion in an experiment and the expiry of experiments a user has been included in.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_GY6RPLBZG0	2 years	This cookie is installed by Google Analytics.
_gcl_au	3 months	Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.

Cookie	Duration	Description
_opt_expid	past	Set by Google Analytics, this cookie is created when running a redirect experiment. It stores the experiment ID, the variant ID and the referrer to the page that is being redirected.
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
NID	6 months	NID cookie, set by Google, is used for advertising purposes; to limit the number of times the user sees an ad, to mute unwanted ads, and to measure the effectiveness of ads.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.

Cookie	Duration	Description
_dc_gtm_UA-6494714-6	1 minute	No description
_gaexp_rc	past	No description available.
34f6831605	session	No description
383aeadb58	session	No description available.
663a60c55d	session	No description available.
6e4b8efee4	session	No description available.
c72887300d	session	No description available.
cookielawinfo-checkbox-tracking	1 year	No description
crmcsr	session	No description available.
currentware-_zldp	2 years	No description
currentware-_zldt	1 day	No description
et_pb_ab_view_page_26104	session	No description
gaclientid	1 month	No description
gclid	1 month	No description
handl_ip	1 month	No description available.
handl_landing_page	1 month	No description available.
handl_original_ref	1 month	No description available.
handl_ref	1 month	No description available.
handl_ref_domain	1 month	No description
handl_url	1 month	No description available.
handl_url_base	1 month	No description
handlID	1 month	No description
HandLtestDomainName	session	No description
HandLtestDomainNameServer	1 day	No description
isiframeenabled	1 day	No description available.
m	2 years	No description available.
nitroCachedPage	session	No description
organic_source	1 month	No description
organic_source_str	1 month	No description
traffic_source	1 month	No description available.
uesign	1 month	No description
user_agent	1 month	No description available.
ZCAMPAIGN_CSRF_TOKEN	session	No description available.
zld685336000000002056state	5 minutes	No description