1. You need a network firewall – sometimes two
Just like bars have bouncers, the best way to stop trouble from harming your network is to keep malicious content from even getting through the door. Firewalls are the “bouncers” of your network – actively monitoring, filtering, and controlling traffic based on your set configurations. They can also include web filtering to block employees from time-wasting websites and limit bandwidth for guest networks, which helps to restrict non-essential traffic on your network.
When considering firewall security, you have several options.
Hardware-based firewall protection will be the most robust and comprehensive solution, but software-based firewalls require no physical space and can be up and running quickly. However, they do utilize local memory and processor power. There are also other variations like Application layer, Next-Generation Firewalls (NGFW), Proxy Server, and Circuity-level. Working with someone who understands the benefits of each is essential to finding the right solution for your needs.
Internet connection type and speed are also considerations.
If you are using fiber, the firewall appliance you’re looking at may have built-in compatibility or could require an adapter. Turning different firewall protections on or off may also hinder connection speed to the rest of your network. Manufacturers may advertise high throughput but fail to mention that certain features restrict bandwidth during use.
The benefits of two firewalls.
Like the example with the bouncer at the bar – it wouldn’t be wise to leave the door unattended if your head bouncer steps away. That’s why having an additional firewall could be beneficial when configured as a High Availability pair, with a primary unit doing all the work and the second set up and ready to go so that it fails over automatically. Some manufacturers will offer discounts or waive licensing costs on the second appliance, while others may make you buy two units with two subscriptions. And speaking of subscriptions…
2. There are ongoing subscription costs
Firewall subscription benefits.
Network firewall manufacturers continuously update their security policies to respond to modern pressures, so maintaining a subscription ensures you receive firewall updates as they are published in response to new threats. Some subscriptions will also give you access to technical support with levels ranging from 8/5 support to 24/7, with varying response times depending on the severity of the issue. VPN access features also may, or may not, be included.
Subscriptions commonly come in one and three-year options.
If you’re anticipating a network firewall replacement in the next year or want to get a feel for the product, a one-year option can work well. However, if you are comfortable with a brand, taking the three-year option right away when replacing an appliance will lock you into the best price and avoid annual increases. After three years, you can evaluate whether you will replace the unit or extend the contract.
Don’t miss renewing your firewall’s security subscription.
Regardless of the subscription timeframe you choose, the appliance will maintain the security definitions it has in place when the subscription ends but will no longer receive updates as new threats emerge. Though you may not initially notice any difference, your organization will be open to new threats. You may also lose technical support.
3. Proper configuration and management are vital
Out of the box, your firewall device is going to work.
You’ll be able to plug in your network cables and get it “functioning.” However, to make the most of your investment, firewall features need to be turned on, properly configured, and managed. Configurations are even more critical with a High Availability setup because the devices work in tandem.
Configuring your firewall for your organization takes more time.
Let’s say you want to make social media sites available to marketing because they are a key component of their role. However, you may wish to block social sites entirely for other employees or find middle ground by giving them access and limiting the amount of bandwidth available. Even minor settings take time and energy to tweak. If you have the expertise and time to get it done – great! If you don’t – we’re here to help!
Your best defense again threats.
Zero trust policies are a robust firewall security configuration that blocks everything that isn’t explicitly designated as safe or allowed. Setting up this type of policy is your best defense against threats but will take expertise and time to implement and maintain. Outsourcing the management of your devices means policy updates can be made in almost real-time and isn’t dependent on when you can find time in your schedule.
Ongoing firewall security you don’t have to worry about.
While we may get to enjoy a night’s rest or vacation from time to time, your firewall security is always working to guard your organization 24/7/365, and it will require monitoring, rule and firmware updates, vulnerability scans, and log monitoring. Having a managed service provider that can do it on your behalf allows you to focus on other things and still have confidence you’re protected.
A good MSP will work with you to set guidelines about the types of notifications you want to receive and when. You may want a call in the middle of the night in the case of a full-blown attack or loss of mission-critical systems. However, a short outage from a firmware update and forced restart can be an email – which you see in the morning after a full night of well-earned rest!
Your choice of a network firewall is a crucial part of your network security, and it’s imperative to get it right. CCB Technology can help you select, configure and manage your devices. Our goal is to do whatever is necessary to help you have complete peace of mind about your security. Let us know how we can help you best.