Firewall is a perimeter security device. A perimeter security device is only good at protecting the internal network from external attack. That means if an intrusion originates from internal network, then firewall cannot deal with it.

Statistics shows that most of the network attacks of an organization comes from internal employee and hence most likely comes from internal network. Firewall cannot handle this kind of network attacks.

To compliment Firewall’s limitation in dealing internal network attacks, we need other devices like Intrusion Detection System (IDS), and of course other common security measures in areas like physical security.