FirewallFortinet

How Firewalls Support Zero Trust for Remote Workforces

Sanjay Seth
May 19, 2025
253 0
0
66
2
Shares
Secure remote teams with Zero Trust-enabled firewalls.

Understanding Modern Firewalls for Zero Trust Remote Workforce Security

It’s been a tough summer, and I’m finally at my desk after my third cup of coffee — you know, the magic third one that brings me a rare combination of clarity and the urge to rant a little bit — and I’m thinking about firewalls. Not the old brick walls that separate you from your neighbors, but the digital kind that block cyberbaddies from destroying your network. Special now, when everyone and their dog needs to be able to work remotely, is no time to be traditional about how we put in a firewall.

I was in the trenches 1993 looking after networks and multiplexers to carry voice and data which slithered over PSTN lines (PTSWhat?). And then jump forward to the early 2000s and handle the Slammer worm in practice — let me tell you, firewalls saved a lot of bacon that day. I now run my own security shop, P J Networks, working with banks and enterprises to implement Zero Trust architectures for remote workforces, and I am still, if not quite still, almost vibrating from the hardware hacking village at DefCon.

Firewalls Today: More Than Just a Perimeter Defense

So here’s the thing—firewalls are no longer only required to forge a wall round a territory. They’re a key part of Zero Trust, especially when you have people literally all over the globe accessing your most important applications and data from the outside. Let’s discuss how to secure your remote access by configuring your firewalls with Zero Trust.

VPN vs ZTNA The New Guard

Remember when a VPN was the cat’s pajamas of remote security? Those encrypted tunnels were the best — until they weren’t. Once you’re in with a VPN, you’re in. That’s akin to having the key to the whole house when all you wanted to do was open the fridge. This is where Zero Trust Network Access (ZTNA) comes in to play.

  • A VPN typically establishes a hide roadway, along with poor microsegmentation.
  • ZTNA confirms every request Who is the requestor What device Which application
  • Access is on a need-to-know and trust but verify basis not a free pass for all.

The firewalls that are enabled for ZTNA allow us to control east-west movement. When I recently assisted three banks upgrading their Zero Trust setups, it was obvious: their old VPN firewalls were no longer up to snuff. We had to change out their firewalls to do user and device authentication on a per-connection basis (not just at a network-level).

Key Firewall Requirements for Zero Trust

  • Firewall should support integration with IdPs for instantaneous user validation.
  • Device posture checks (such as antivirus status, patches for the OS) should determine firewall rules.
  • No implied trust even among the firewall’s confines.

And honestly If you’re relying on VPN as your primary remote security bicep, you’re doing far too little.

Helpdesk and Reporting Improvements VPN and Endpoint Integrations Configuration Import More

This one’s near to my heart because I’ve seen too many systems where the firewalls are just sitting around, doing nothing — a bouncer who doesn’t ask to see ID, just punching at things.

Those remote endpoints (laptops, phones, tablets) are a wild card in your security game. You can no longer trust (only) the network; you have to trust the endpoint — and do it continuously.

Which is why today’s firewalls must talk to endpoint security platforms. Firewalls need to be able to dynamically change rules based on how healthy the endpoint is. For example, if antivirus is not up to date on a device, or there’s unusual behavior observed, the firewall should restrict or withhold entry for that system automatically.

Firewall and Endpoint Security Integration Best Practices

  • Deploy EDR (endpoint detection and response) tools that can send real-time data to your firewall.
  • Have your firewall automatically capture and quarantine or isolate risky endpoints.
  • Couple your MDM policies with BYOD (Bring Your Own Device) to ensure security on mobile devices.

I confess, when I first heard about fully automated, endpoint-firewall communication I was a little skeptical — it seemed like putting the steering wheel in the hands of the car’s autopilot without even so much as glancing down the road. But the versions I have seen lately have improved dramatically. There are still rough sections, but this collaboration is no longer elective.

Least Privilege Its Not a Buzzword

I mean least privilege has been thrown around so much it’s appearing on a security consultant’s business card. But it is the foundation — especially as the landscape of remote work grows.

In the context of a firewall, this would be:

  • Users can access only the applications and data they require.
  • Firewall policies are down to the application, user ID, device, location and time.
  • Default is no allow or trust, especially for remote users.

I sometimes tell my clients setting up Zero Trust firewalls, Think of it as valet parking versus giving your guest car keys. You want to control it, not give away the whole car.

Based on my experience dealing with these three banks, we added rigorous role-based access controls (RBACs) directly into their firewall policies. By segmenting not only the network but also the applications, remote users saw only what they absolutely had to. It may sound basic, but all of those settings should be locked down once someone has breeched the VPN tunnel.

What Is Secure Cloud Access via Firewalls

Cloud is no longer a ‘nice-to-have;’ it’s the lifeblood of most WFH worlds. But great cloud power, in other words, must come with great cloud security responsibility.

Your firewall needs to stretch Zero Trust controls not just to your on-premise network but also to cloud applications and infrastructure. Some people are still getting tangled in these knots, as far as I can tell.

  • Presuming cloud apps are somehow safe because they’re controlled by trusted vendors.
  • Firewall rules, or micro-segmentation on cloud traffic can be bypassed.

The trick Leverage a firewall that offers sophisticated cloud access controls:

  • Examine encrypted traffic that is encounterd towards cloud applications.
  • Integrate with cloud access security brokers (CASB) to see and control cloud usage.
  • Fresh policy checks over both user and device context prior to allowing cloud app access.

On the more recent projects I worked on, especially those banks, I ensured their Zero Trust firewalls were configured with in-depth cloud app inspection and user behavior analytics. Without it, you’re more or less trusting your treasured recipe book with a stranger — would you do that?

Tracking Remote Sessions The Firewall That Never Sleeps

So here is where traditional firewalls fall short and where Zero Trust excels beautifully. Once access is given, though, that doesn’t mean the firewall is retired.

Continuous observation of remote sessions is necessary to identify suspicious activity, stop lateral movement, and mitigate threats as they develop.

Features to Look For in Zero Trust Firewalls

  • Session-level monitoring for abnormal activities (such as exfil of data, unauthorized use of application).
  • Real-time notifications and automatic alerts on anomalies.
  • Matching and correlation with endpoint telemetry and UBA.

I’m partial myself to associating firewall telemetry with SIEM (Security Information and Event Management) offerings. Yes, you can make things more complex and you may have more to tune — but you get visibility, which means you can step in before a problem becomes an incident.

Quick Tip Not only do you want to watch for intrusion. Be on the lookout for policy infractions and operational anomalies as well. And the greatest risk may be not a hacker but a missed misconfiguration.

Quick Takeaways for Zero Trust Firewalls

  • VPNs are so yesterday for Zero Trust. Consider also ZTNA + firewall magic.
  • Firewall decisions need to hint about endpoint health.
  • Apply the principle of least privilege with fine-grained, context-aware endpoint based firewall policies.
  • Expand Zero Trust firewalls to cloud app access controls.
  • Monitoring of remote sessions must be constant.

The Future of Firewalls in Remote Workforce Security

So, if you’re managing a remote workforce — and really, who isn’t these days — your firewall’s no longer just a gatekeeper. It’s the cop on the beat, the officer directing traffic, and on occasion, the judge, jury and executioner, all in one.

And yeah, I still remember that day from the past when firewalls were just about ports, and simple ACLs. They sure have come a long way — and you have to keep pushing them further. Like fine-tuning a high-performance engine, Zero Trust firewall configuration is all about the correct mix of technology, policy and continual watchfulness.

Here’s my advice as someone who’s been around the block since networking was new — and the Slammer worm was a wake-up call: Don’t trust an old-school VPN or tech buzzwords. Invest in Zero Trust-designed firewalls, deeply integrate with endpoint and identity systems and always monitor.

Trust but verify? Nah—have so little of it you gotta check constantly. That’s what you do to keep your remote workforce — and your business — safe.

Sanjay Seth

Sanjay Seth

What's your reaction?

Related Posts

1 of 235
© 2025 Fortinet Firewall CyberSecurity Networksecurity PJNetworks NAC Solution Blog - Fortinet Firewall CyberSecurity Networksecurity PJNetworks NAC Solution Blog by Sanjay Seth.
© 2025 Fortinet Firewall CyberSecurity Networksecurity PJNetworks NAC Solution Blog - Fortinet Firewall CyberSecurity Networksecurity PJNetworks NAC Solution Blog by Sanjay Seth.