A firewall protects against unauthorized access by scanning traffic and controlling what information can pass through the network. Since firewalls work by filtering traffic based on source and type, they won’t catch threats that come from a “legitimate" origin, such as:
Social engineering, including phishing attacks
Malicious websites disguised by an SSL certificate
Human error and the insider threat
Phishing emails, for example, often make it through a firewall, as email is considered normal traffic.