What is a Network Firewall, and What Does It Do?
A network firewall is a physical piece of equipment, usually located in your office’s server room, telecommunications closet, or network equipment rack. Network firewalls are active electronic appliances that act as the gateway between the internet and your office’s internal, trusted network and computer equipment. The network firewall’s job is to manage all the resource requests from your office computer equipment and pass them appropriately and securely to the internet destinations you’re trying to reach. Similarly, if your office has network servers or similar equipment that publish services to the internet, the network firewall accepts those incoming connections from the internet and directs them to the appropriate resources, while rejecting all other incoming connection attempts. Because the internet is a global network, one of the challenges a firewall helps solve is regulating network traffic to minimize the exposure of your trusted business network to bad actors searching from the internet for exploitable resources. Because all of your outbound requests to the internet also flow through your firewalls, they also provide an available point of management, policy control, or logging.
If you have mobile and remote users that need to access resources from servers inside your office network, a network firewall can also provide remote access services and authentication, helping ensure that only authorized users can reach those resources. If you have multiple office or business sites, the network firewalls at each site are often configured to talk to each other and trust traffic between them. This allows your secure business data to flow securely between your business locations, encrypted, across the internet.
Network firewalls are computer devices themselves and have a variety of performance grades and security capabilities. It’s important that the network firewall selected for each of your business sites provides appropriate performance for the speed of the internet connection you’re subscribed to for each site, can handle the expected number of people and devices that will be part of the protected network at that site, and is licensed for the appropriate level of security inspection and mobile or remote access services you expect to use in your organization.
As a best practice, Aldridge specifies network firewall manufacturers with products that integrate with our IT management and support stack. We recognize there are many models of network firewalls out there, including bargain firewalls intended for at-home-use. While the core function of separating your protected devices from the general internet can be the same, there are differences in reliability and lifecycle, performance, security, flexibility, diagnostics, and management. This makes a sometimes higher up-front investment for the security of your office network a much more economical choice over bargain equipment.
Configuration Elements We Consider When Installing Network Firewalls
- Internet connection speed. Faster internet connections require more-powerful firewalls to inspect the expected flow of network traffic without causing performance issues.
- Number of devices. Managing networks of 100 devices is a different load on the network firewall versus managing a network of 1,000 or more devices.
- Remote/mobile user access requirements. Do your mobile/remote users need to be able to access network server resources published from the protected network behind the network firewall?
- Secure site-to-site connections. Do you have multiple offices or does your business site have a secure connection to a cloud provider or hosting service that your network firewall needs to participate in establishing and maintaining a secure path for your business data to travel between your various business sites or services?
- Is this a new installation, or are we replacing an existing, older or slower network firewall? If it’s a new installation, we configure these elements below to our Aldridge best practices, consistent with your overall network design and the intended usage of the network firewall. If it’s replacing or supplementing an existing installation, we review the current network firewall’s use and configuration, align those to best practices, and deploy the new firewall to achieve a supportable installation with the least interruption to your business. When we’re replacing existing equipment, a network firewall will require us to schedule up to four hours of network downtime for your office with you. We will need that time to install the new firewall, verify internet connections, verify cross-site connections (if you have multiple sites), verify your inbound services are working as expected, and verify proper operation. If we’re replacing multiple firewalls at multiple sites at the same time, we may need additional time.
- Remote Management Integration. The network firewalls we deploy for your organization should be able to participate in your overall network infrastructure management, permitting us to centrally define device types and policies to be applied to all equipment of that class.
- VLAN configuration. (Virtual Local Area Networks) are for logical segmentation between different types of devices or traffic. These are often used in conjunction with your network switches to limit which devices can interact, or be restricted to internet-only services. The most common VLAN configurations are to separate voice (telephone desk set) traffic from regular business data traffic, or to separate privileged-access (authenticated) wireless network users from guest-access, internet-only wireless network users.
- Physical environment. As active pieces of electrical equipment, firewalls need clean power, preferably from a battery-protected power source and adequate ventilation.
- Mounting options. 95% of the time, network firewalls are designed to be mounted in standard 19”-wide equipment racks, or placed on network equipment shelves. Most network firewalls take “1 unit” (1U) of space, about 1.75” vertical inches.
Network Firewall FAQs
How many years will a network firewall last?
Network firewalls are active pieces of electronic equipment. They have manufacturer support, hardware warranties, software updates, and they are subject to wear-and-tear. As a best practice to keep your firewall supportable and manageable, we require your network firewalls to have current, maintained manufacturer support. – This is often purchased as a term warranty or an annual support renewal during the firewall’s useful life. When performance, security, features, and capacity aren’t in question, we recommend considering replacement of most network firewalls after three to five years of operation, or once the model is no longer supported by the manufacturer, whichever comes first. Older network firewalls usually don’t suddenly stop working, but they often don’t keep up with today’s rapidly-increasing internet connection performance and become a speed bottleneck. Internet threats and attacks are also constantly evolving, and the tools network firewalls use to protect your network must evolve, too. Devices have an effective lifecycle of protection, as well as performance, even with regular software and security updates.
Do I need to keep my network firewalls under a manufacturer support agreement?
In most cases, yes. We recommend operating modern, managed infrastructure devices, which means that most network firewalls are designed to participate as “smart” devices with all your other like-model network infrastructure equipment. That requires an active software license for each device, including each network firewall or we can no longer manage the device. Many types of subscription-licensed network firewalls will no longer function without an active software and support subscription. As a best practice, we regularly license smart network devices for three-year terms–an initial three-year term at purchase, quoted with the product, and a subsequent three-year renewal, presented for your approval once it’s time if the current network firewall is still appropriate for your organization’s needs.
Positioning new technology for success takes more than technical expertise. IT implementation is a core principle in our Framework for Successful IT. Learn more about why understanding your business and your vision for the future is key to a successful IT implementation.