What is a firewall and why you should have one
In our line of work, we are often asked if a firewall is needed. Having a good firewall is a top consideration that needs to be made for any company opening a new office. The Internet is open by design, and all devices connected to the Internet are vulnerable. So yes, if you are in business, you should have a firewall.
The Internet’s popularity exploded due to the ease with which information could be accessed. A firewall can help shield your connection from the outside world by blocking specific ports and creating other strict access rules.
Some businesses need firewalls, and others should have firewalls. You need a firewall if your business is in the medical, legal, financial, or retail fields. These industries are heavily regulated, and failure to properly secure your network can result in massive fines and penalties.
Even if not legally required, every business that handles customer data should have a firewall. Imagine the fallout if you had a security breach.
Spending money on a firewall when you have a router may seem pointless. You may not realize that a standard router does nothing to secure your connection. When securing your network, adding as many barriers as possible between your company and the outside world is imperative. One mistake by an employee could cause your company to ruin without a firewall.
A firewall reduces the threat of the web, putting a barrier between your computers and the Internet. Botnets constantly scan IP addresses looking for vulnerabilities. A professionally installed firewall will block external scans and close loopholes to prevent intrusions. Further, a firewall will protect against user error. There is always somebody at the office who accidentally turned off the Windows firewall and left the front door open for hackers. A solid Managed Service Provider can help ensure user errors are reduced.
Difference between a router and a small business firewall
Routers are responsible for passing traffic between the Internet and your internal network. Routers contain no safeguards in place to prevent malicious traffic. Using a router for your Internet connection could allow a malicious actor to use a port scan, the first step in a cyber attack, to penetrate your internal network.
An enterprise-grade firewall can block all unused ports on your network. A capable small business firewall will also monitor the traffic passing in and out of your network to sniff out suspicious packets. The firewall can stop a cyber-attack in its tracks if appropriately configured. The firewall logs all suspicious network events for review by an organization’s IT staff.
Best Firewalls for Small Business, Ranked
Cisco Meraki MX67 Firewall for Small Business
Cisco Meraki offers top-tier networking equipment with a top-tier price tag. Tekie considers the MX67 to be the best small business firewall. The Cisco Meraki Ecosystem allows you to manage the traffic and devices on your network fully. Therefore accomplishing what you want, how you want, on a flashy, well-defined web-based GUI.
You can set up a network and have it up and running in under an hour.
The Cisco Meraki MX67 is an entry-level firewall that has a much lower throughput than other models. The Cisco Meraki MX67 can only handle up to 600Mbps stateful throughput for your internet connection without Advanced Security Settings Enabled.
Some Considerations of using the Cisco Meraki Ecosystem:
– All Cisco Meraki Equipment requires an enterprise license to operate otherwise the hardware will not function. This can be a major deciding factor in any enterprise where costs are a top concern. With a One, Three-, Five-, Seven- and Ten-year license terms available the overall cost could be much more than a competitor, but the hardware is solid, the support is solid, and the single pane of glass makes managing one or many networks much easier.
– You need to ensure the feature set of the firewall you are purchasing will meet your future growth. Cisco Meraki Security appliances are limited by the processing speed and total user count. You should double your current user count when considering which Security Appliance to purchase.
There are several versions of Enterprise Licenses you can purchase for a Cisco Meraki Security Appliance including:
– Enterprise License – No Advanced Security: Includes basic security features and Secure Connectivity
– Enterprise License – Advanced Security: Includes All Enterprise Features and Fully Features Unified Threat Management (IPS, ID, Malware, Virus, Secure DNS..etc)
– Enterprise License – Secure SD-Wan Plus: All Enterprise Features from the previous two licenses as well as SD-Wan feature set.
A License must be purchased from an Authorized Cisco Meraki Dealer or Reseller.
You do get the following with your enterprise license for the entire term:
– Next Day Replacement on Failed Equipment
– 24/7 Customer Support
– Online Web Gui to easily manage your network of devices
– Continuous Firmware, Software and Security Patches
Fortinet 60F Small Business Firewall
Fortinet’s Fortigate Security Appliance has been designed more for individuals who know what they are doing and are comfortable completing the setup required to secure their network. In other words, you need to know advanced Network Security Settings to get this Security Appliance set up.
As with Cisco Meraki, Fortinet provides a complete Eco-system of switches and access points. They have been designed to work seamlessly with each other to ensure a smooth network experience.
The Fortinet Fortigate 60F is an Entry Small Business Firewall that allows your business to operate without limitations. The Fortinet Fortigate 60F is capable of up to 10Gbps of stateful throughput for your internet connection. This speed drastically reduces to 700Mbps of stateful throughput with Advanced Security Settings enabled.
The Fortinet licenses are called “FortiGuard Bundles” and can be very confusing to decipher which is best for your business, so we suggest purchasing at least a FortiCare UTM License Bundle, which includes ATP, AMP (Advanced Malware Protection) (See below), and your choice of Business Hours Support or 24×7 Support(FortiCare).
Different licenses sorted by number of feature:
- FortiCare Customer Support – Available in Two Options: Weekdays during Business Hours (8×5) or 24 Hours, 7 Days a week. You can choose your package level on ATP and above.
- FortiGuard Advanced Malware Protection (AMP)*: FortiGuard Malware Services bundle –includes Antivirus, Virus Outbreak Service (VOS), Content Disarm and Reconstruction (CDR), and Sandbox Cloud WITHOUT FortiCare (Customer Support).
- FortiGuard + FortiCare Bundle (ATP): Includes AMP plus 24×7 Customer Support (FortiCare 24×7)
- FortiGuard + FortiCare + UTM Bundle (UTM): Includes ATP, AMP plus AntiSpam, Web Filter and your choice of FortiCare (8×5 or 24/7 Customer Support)
- FortiGuard + FortiCare Enterprise Bundle (ENT): Includes UTM, ATP and AMP, plus Cloud Access Security Broker (CASB) Connector and your choice of FortiCare Service (8×5, 24×7 and 360 days)
- Additional licenses for other features are available via “A-La-Carte” to cover any specific needs.
* FortiGuard AMP Does Not Include Any Customer Support Options passed Basic Level 1 Support. You must choose a higher level to receive greater than Level 1 Support based on your needs for FortiCare.
Cheapest Small Business Firewall: Ubiquity Networks UniFi USG
If you are a home user and want protection from the outside, then this is a viable small business firewall. You will need to know some basic Advanced Security Settings to fully configure this unit, but there is a good starting point out of the box. We do not recommend this unit for Enterprise use. Ubiquity does not compete in the same ballpark as the Cisco Meraki or Fortinet FortiGuard Security Appliances above.
What is the Ubiquiti Networks Unifi USG good for?
It’s suitable for someone who wants to add an extra layer of protection to their home lab or small network. It includes features such as Deep Packet Inspection, Threat Management, Intrusion Detection, Intrusion Prevention, Quality of Service, and a Site-to-site/Site-to-Client VPN Tunnel.
If you have a home server for media (probably a good link to the home media server article) content that you want to share with your Parents or Siblings, simply set them up with a Ubiquiti Networks Unifi USG and then set up a VPN Tunnel and voila, they can see your media server.
The Plus sides? No annual subscription.
The Negatives? Slow firmware patching, so your Security Appliance may be susceptible to cyber threats.