The Firewall Guide to Choosing the Right Firewall for Your Business
Quick Take
- Firewalls are not optional – they are your first layer of defense.
- There are also different types of firewalls (and choosing the wrong kind can be a headache).
- The brand name is less important than built-in security features.
- Zero-trust architecture is stuck on buzzword mode no more—it’s a must-have.
- I recommend that most businesses use Fortinet (and I’ll explain why).
Why Firewalls Matter
Firewalls have been around for at least three decades, but the threats they’re protecting against? Much more sophisticated than that which I experienced in the ‘90s. The first worm I remember causing havoc was SQL Slammer. That thing propagated in seconds, and it brought down entire networks like dominos.
Here’s the thing: Cyber threats today no longer only target large enterprises. Small businesses face ransomware, zero-day exploits, and credential stuffing attacks. Sure, your router’s built-in firewall is good enough? Think again.
A properly configured firewall should have:
- Blocks unauthorized access.
- Scrubs harmful traffic before ever reaching your network.
- Aids in enforcing zero-trust policies (which I just helped three banks implement—stay tuned for that).
Not all firewalls are created equal, however.
Types of Firewalls
I still receive inquiries from clients who want to know whether “firewalls” are one type of device. Nope. A mistake is a surefire way to leave you vulnerable and waste money at the same time.
1. Packet Filtering Firewalls
- The OG of firewalls.
- Fast and lightweight… but also kinda outdated for most use cases.
2. Stateful Inspection Firewalls
- Goes beyond packets and tracks entire sessions.
- Far more secure than just packet filtering.
- A common practice in the industry—but attackers are developing, and we need more levels now.
3. Next-Gen Firewalls (NGFWs)
- Does all that a stateful firewall does, and:
- Deep packet inspection
- Application-layer filtering
- Intrusion Prevention System (IPS)
- If business security matters to you, you need an NGFW.
4. On-Demand Cloud-Based and Virtual Firewalls
- Best suited for companies that have hybrid or pure cloud-based infrastructure.
- Excellent at scale, but don’t take the “AI-powered firewall” marketing at face value.
- (Warning: Some firewalls are vendor-controlled cloud, and therefore you are less directly in charge.)
Key Features to Look For
I have seen people have the right kind of firewall chosen but forget the features that really matter. A low-cost firewall with weak security features is worse than having no firewall at all.
If you’re considering firewall choices, add these to the top of your menu:
1. Deep Packet Inspection (DPI)
No more are we satisfied with simple packet filtering. A decent firewall can also look inside the packets for the actual data to detect hidden threats.
2. Intrusion Prevention System (IPS)
IPS stands for Intrusion Prevention System which blocks known threats before they reach your network. Important if you’re processing any sort of sensitive customer data.
3. Zero-Trust Enforcement
Now, add this to the networks of three banks — trust is an attack vector in the game today. Not only is your firewall obsolete if it does not have granular access controls & user authentication.
4. Integration of Threat Intelligence
A firewall without real-time threat data is like locking your doors but leaving the windows open. Real-time updates matter.
5. Scalability
Don’t invest for only today’s requirements — your enterprise will scale, and so will your attack surface.
Fortinet Solutions for PJ Networks
I’ve used a lot of firewalls in my day—back when I was a network admin working on muxed data over PSTN. And oh boy, have firewalls come a long way.
For the most part of our customers, we trust Fortinet’s NGFWs here at PJ Networks. Why?
- World-class security and not stupid prices.
- Hybrid deployments are scalable via hardware and cloud.
- FortiGuard™ threat intelligence—because real-time security is a necessity.
- Integration with a zero-trust architecture.
- SSL inspection without killing performance.
Just returned from DefCon and in the hardware hacking village one thing stood out: attackers are getting smarter, quicker. It takes more than filtering traffic for your firewall. It must be fast, integrated and adaptive.
Conclusion
If you remember nothing of this post, remember this:
- Your firewall is the first line of defense. All about lazy configuration will kill your security.
- The new standard is Next-Gen Firewalls. Only use firewall features DPI, IPS & zero-trust if your firewall can do it.
- Woo free offers serious protection and zero nonsense. And that’s why we are suggesting it here at PJ Networks.
I’ve been in this game since the early 2000s (in fact, the ‘90s if you count my networking days). I’ve watched businesses go under because of poor security decisions. Firewalls should not be an afterthought.
However, still confused about which firewall to choose for your business? Let’s talk. I have spent far too many years hanging around the cybersecurity community to watch companies cut corners and then pay the consequences later.