Typically, resources and data are protected using credentials such as username and password. However, those credentials can be compromised. Also, because those credentials are validated by the system, ingenious hackers can exploit vulnerabilities by submitting information that the system did not expect.
A firewall restricts access to resources based on pre-defined rules that are applied to the content of the information that is submitted. The rules can include inspecting for malicious code, blocking certain types of content, blocking certain sources of communication (for example, any connection originating outside the university network), and restricting access to only certain sources of communication (for example, specific computers).
To use an airport example, your username and password is your boarding pass that is validated just before you get on the plane, whereas a firewall is the security screening well before you get near the plane that investigates who you are, where you are going, and whether you are carrying anything malicious.
This service is provided by CCS at no charge.