Re: Firewall ?
if you configure MongoDB, properly, as set out in the documentation for the configuration file (parameters), it is possible to explicitly control access to the database, without difficulty.
However, DB access is almost always better controlled (when operating at scale), by using an intermediate tier that the front end connects to, and the intermediate connects to the DB using persistent connections and, in Relational-speak, stored procedures. This type of architecture allows for all sorts of arcane security, authorisation and audit features, transparent non-stop operations and huge per second transaction rates