Which Firewall to Choose for Remote Work & Hybrid Teams?

Now I’m reading reports about some new thing called an “SD-Branch,” that essentially uses the same marketing tech talk as something as old as history like “firewalls.” And the transition to remote and hybrid work has made the firewall even more critical — because attackers love remote workers.

I’ve worked with companies trying to make this transition — particularly banks, where compliance and security needs to be bulletproof. Firewalls must not just stop bad traffic; they must be reactive, cloud-friendly, and penetrate home offices, coffee shops and company networks.

So, how do you pick the best one for you? Let’s dive in.

Entering the Risks of Remote Work Security Challenges

Here’s the thing — remote work increases the attack surface. Any laptop logged in via a hotel Wi-Fi or an access point with a default root password is a point of entry for assailants.

The largest security headaches I’ve encountered in remote models:

• Unsecured home networks. Employees will connect to ISP-provided routers with default passwords without a second thought.
• Soaring phishing attacks. Individual users who are outside of corporate protection are ideal targets.
• Lack of visibility. Companies have no idea what’s connecting to what — or what’s hiding in the network.
• Vulnerable VPN configurations. There are still plenty of setups out there that are not using MFA — or worse, split tunneling without inspection.
• BYOD security gaps. That personal laptop of yours is full of unpatched software, you know.

In order to secure the networks of today’s remote and hybrid workforce, a firewall must see all and block bad and seamlessly integrate with VPNs and SD-WAN.

VPN & SD-WAN Integration

Firewalls and VPNs are best buddies — or they should be. But I’ve witnessed way too many implementations where the firewall and VPN solution are almost in a fight with one another, instead of working in concert.

When it comes to VPN integration, here’s what matters when choosing a firewall for remote work:

1. Zero-trust access controls. No blanket access — users have exactly what they need and nothing more.
2. Everywhere multi-factor authentication (MFA). Take it for granted that your VPN access is compromised if it’s not protected by MFA.
3. Split tunneling with caution. When your security team doesn’t inspect outbound traffic, it can be a big risk.
4. Performance matters. A firewall that can’t maintain scale against falling encrypted VPN traffic is a schedule for a traffic jam waiting to occur.

And then there’s SD-WAN — which is not a buzz term used by vendors to tack on OTAs to an inflated price tag. An integrated SD-WAN solution wears many hats:

• Optimized traffic routing. Say goodbye to the slow, crowded VPN tunnels.
• Application-layer security. Identifying what traffic is coming in — not only from where.
• Direct-to-cloud with security baked in. Your firewall should not assume all traffic must go back to HQ unless there is a clear need to do so.

Yet I still remember ramping up several ISPs in a BGP cloud to balance VPN traffic across each one manually; pure pain. And SD-WAN automates that pain right off.

Cloud-Based Firewalls

Let’s talk cloud firewalls. Because legacy firewall appliances stuck in your office basement aren’t cutting it in 2024.

What a cloud-native firewall delivers:

• Scalability. Scales with your remote team — no hardware to add.
• Anywhere access. The security doesn’t decline if users are not behind the on-prem firewall.
• A unified policy across devices. Home office? Branch? Cloud server? And they are all governed under one security policy.

But here’s what bothers me — some vendors just put a cloud sticker on what we were traditionally calling firewalls and think magically running virtual machines in AWS is the solution to every security problem. They don’t.

A true cloud-based firewall does the following:

1. Native integration with SaaS platforms. Your users live in Google Workspace, Office 365, and Salesforce — your firewall should cover those environments natively.
2. Work transparently with endpoint security. Firewalls are good but not sufficient. Instead, they complement EDR/XDR solutions, not compete with them.
3. Simplify security management. If you require a PhD in firewall admin just to configure policy updates — get a better vendor.

Remote Work Solutions from PJ Networks with Fortinet

We are the same at PJ Networks. We not only sell firewalls but we deploy them in real-world security-critical environments. Banks, financial institutions, big corporations — we know what works.

Recently, we have been deploying Fortinet Secure SD-WAN and VPN solutions for remote users because:

• Fortinet’s firewalls play the best of both worlds: security & performance. Remote workers never gripe about slow VPN speeds.
• ZTNA (zero-trust network access) is baked in. No more excessively-permissioned remote access.
• Strong integration with cloud environments. AWS, Azure, and Google Cloud — it just works.
• Centralized management. “The new thing you do in the cloud world is you have visibility into all endpoints anywhere they are.

One of the biggest wins? Assisting three banks with not only updating their firewalls but actually rethinking their zero-trust frameworks — shifting from legacy access controls to granular, least-privileged access for every single customer. (And yes, it dramatically reduced phishing-based intrusions.)

Quick Take

If you don’t have time, here’s what you need to know to pick the right firewall for remote work:

• Integration of VPN + SD-WAN is non-negotiable. It’s both for security & performance.
• Security for the cloud must be purpose-built, not an add-on. However, if your firewall is not meant for SaaS, consider your decision again.
• Zero-trust is a best practice. Not an add-on feature.
• Performance is everything. A slow firewall is an ineffective firewall — employees will just learn to circumvent it.
• Visibility needs to be centralized. If remote devices aren’t easily monitored, your security is blind.

Conclusion

Nevertheless, securing a remote and hybrid workforce is far more complicated than putting in a VPN and washing your hands of it. Attackers are never the same twice — and neither should your network security strategy. Smart, scalable, and integrated firewalls across your VPN, SD-WAN, and cloud environments.

Here at PJ Networks, we’ve seen firsthand what works (and what doesn’t). Until today, it did not matter whether banks, enterprises, or startups — firewalls that evolve with the new realities of remote work are the key takeaways. If your firewall isn’t keeping up, it’s time to rethink your security stack.

Now, it is time for number four of my coffees.