Bunkers are fortified physical infrastructure to withstand attack. However, there are side channels required for supplies, reconnaissance, defense or attack the attackers.
Similarly the firewall in cyber world takes the same analogy. It is a network perimeter device to control network traffic but it requires ruleset management, health check thru the network rather than doing this locally. This will open up side channels that could be vulnerable to cyber attack if configured improperly.
Best practices are to review firewall configuration (rulesets), event logs (permitted or dropped traffic) regularly. Automated tool is required as human check is nearly impossible. Log parser via SOC (Security Operation Centre) will associate network traffic from different zones providing a holistic view for better visibility, identify early sign of compromise as threat vectors are conducting reconnaissance to understand the system landscape, vulnerable component before choosing the appropriate attack kit.