Yes, firewall appliances are between the servers and the outside world.
By default we authorize everything from inside to outside (except email), and deny everything from outside to inside (except ssh for Linux, and RDP for Windows).
That setup is not good in the long run though, you should change it to match your requirements. Don’t authorize anything more than what you need for outgoing traffic. Search well what ports you need open for incoming traffic.
Firewall rules changes are free, you can request as many changes as you want.
Should you need live troubleshooting (it does happen that some apps use weird-undocumented ports), schedule a session with our support, and we’ll do the troubleshooting together through the chat window.