Look at firewalls like castles. In where the firewall, like the name suggests is functioning like a wall that protects everything on the inside. A firewall can monitor in- and outgoing traffic and also allow, drop or block based on its destination IP, source IP, destination port, source port and/or protocols like TCP, UDP, AH, ICMP or IGMP.
In the past, next to the firewall, we ran a separate webfilter, mailfilter, DNS filter and/or IDS/IPS (Intrusion Detection System / Intrusion Prevention System)
An UTM (Unified Threat Management) is essentially the same as what is described above but all combined into a single device! This device can scan all passing traffic using all or some function specified above.
UTM’s are generally more expensive, but there are free variants also! But limited in capabilities, for instance.