A data centre firewall, whether perimeter-based or distributed, works as a gatekeeper, continuously monitoring traffic flows in and out of a designated network area, prohibiting suspicious activity, and alerting security staff to threats.
Firewalls can restrict traffic flow in a variety of ways, depending on their architecture. Traditional systems include static packet filtering, proxy services, and stateful inspection. There is also one more concept called Firewall Data Fragment
Modern gateway firewalls usually contain intrusion detection (IDS/IPS), application context, and advanced threat analysis to aid in the analysis of traffic passing through.
Finally, distributed firewalls are designed to secure specific workloads while filtering east-west traffic.