6 Things Your Firewall Should Be Doing For You
The enterprise “next-generation” firewall has changed the face of networking and security. Firewalls are becoming cheap and effective load balancers, attack mitigators, and VPN endpoint aggregators. Next-Gen firewalls have changed how you should look at the edge of your network. If your firewall is just a box for NAT, then you’re wasting money and time.
- Auto Failover and Load Balancing – One of the single most under-utilized features. If the Internet is important and required for your business to run, then you should have two Internet links with two ISPs. You should have automatic failover, and to make things better, make them “Active/Active” – double your bandwidth with two providers in use at once. This allows for better control over the important traffic, like voice, or a VPN to a branch office. You can even route out non-critical traffic over a “low-cost” link, and reserve the high-cost high-performance link for key business functions. If one fails then the other takes over both functions until a repair is made. With the proper planning, you can avoid outages from downed telephone poles, ice storms, hurricanes, power loss, human error, and the like!
- Unified Threat Management (UTM) – Firewalls are now capable of far more than just basic IP/port blocking. Next-Gen firewalls now pack advanced threat management features and in-line virus scanning. While not meant to replace protection on end-user PCs, these features block malware and exploits that your end users may initiate and can even protect servers from well-known exploits. This helps the IT department answer the question, “To patch or not to patch?”. IT can choose not to patch or delay patch schedules while protecting against exploitation via UTM on the firewall.
- Content Filtering – End users within your organization can’t be trusted. They look at inappropriate content on work PCs, download things they shouldn’t, or use Facebook and LinkedIn for extended periods. Content filtering on your firewall can place a level of control previously available only through pricey devices. It can stop viruses by preventing users from going to websites they shouldn’t, keep users working on company tasks, and remove the distraction available by the vastness of the web. With time quotas and usage windows, you can allow limited use, and only during time periods that are appropriate. Your employees have access but within the guidelines acceptable to your company. And when coupled with auditing, logging, and reporting solutions, you gain a level of control that will satisfy security concerns within your organization.
- Data Leak Prevention (DLP) – Do you have concerns about a rogue employee sending the entire customer database to your competitor or their home account? Or copying an employee and vendor directory prior to switching jobs? How about leaking sensitive data such as employee job applications, credit cards, or client social security numbers? With DLP you can have the firewall scan all content exiting your company, watching for the things that are critical to your organization that should never leave the local network. Keep your internal data internal!
- VPN – Single or multi-site firewalls allow end-users remote access and can establish a “poor man’s MPLS”, with site-to-site connectivity without having a dedicated MPLS or P2P network. Link your other sites via IPsec tunnels, or grant end-users access with SSL VPN or IPsec VPN technologies. You can give your end-users the ability to work from home during unavoidable events such as hurricanes and winter storms. Don’t lose productivity because of the weather.
- Logging and Reporting – Lastly, all the next-generation firewall features generate usable data regarding what’s happening on your network. With logs and reports, you can check bandwidth hogs, see who is doing what, and accelerate downtime troubleshooting.
North Atlantic Networks, LLC (NAN) is a certified expert in Firewall Technologies and a proud supplier of Fortinet firewalls (though we can support nearly any firewall device). We’ve provided thousands of comprehensive solutions to our clients over 15 years.
If you’re wondering how you can take advantage of these features, give us a call and let us work with you to design a solution that fits your needs. Our services are backed by our certified team of engineers and are monitored from our 24x7x365 Network Operations Centers based in Massachusetts and Rhode Island.