Eh… not “exactly”. 
We do have a couple of default rules that apply to all zones to block exploits which could be potentially disastrous to a large number of our customers for “free” even though technically they haven’t subscribed to a plan which would normally cover it.
I also suppose it depends on how one defines Firewall. But if you want what is generally considered to be a Web Application Firewall that is available only on a Pro, Business or Enterprise plan.