Timely Firewall Management Tips from ASCII Members

See how to balance what’s permitted and what’s not, efficacy and cost, and function and manageability.

Firewall Management Tips

Firewalls’ primary function to control access to a network has never been more critical. Although it isn’t the only security your clients’ systems need, a firewall and effective firewall management can be vital components of a comprehensive, layered security strategy.

To help businesses defend against the increasing number and variety of cyberattacks, many managed services providers (MSPs) and value-added resellers (VARs) offer firewall management, but it’s not without challenges.

ASCII Group member and COO of Cohere Marc Bodner says solutions providers can encounter challenges when accessing other service providers’ equipment and, occasionally, poor onsite wiring conditions. “But the main challenge we encounter is the time required for a proof of concept (POC).”

He explains that Gartner recommends selecting from a pool of the top five vendors to meet initial criteria. “Five POCs is time-consuming and requires resources, but in the end, we have technical scoring that allows us to make good decisions,” Bodner says.

ASCII Group member and CEO of ZLH Enterprises Zina Hassel agrees that finding the right firewall for the use case is crucial. “We particularly like to work with firewalls that are easy to manage with VoIP implementations. But, unfortunately, some products are not ‘VoIP-friendly’ and add to installation time.”

Felicia King, president, vCISO, and security architect of QPC Security, says she begins firewall selection with efficacy and total cost of ownership (TCO). “Another key factor is how the network security appliance fits into the cybersecurity kill chain paradigm.” She looks for a single manufacturer for wireless, network appliances, and endpoint security. “Having converged visibility into what’s going on is a significant value,” she says.

Hassel also points out, “Some firewall management has migrated to cloud-based technology, and we have had some challenges configuring and connecting associated wireless access points. In addition, single pane of glass management is more challenging in environments with both on-premises and cloud configurations.”

Bodner points out, “Hands down, the biggest advances in firewall management solutions are in the GUI. The dashboards and interfaces have become much more user friendly.”

King also looks at how easy the configuration is to audit to identify misconfigurations and to export it to human-readable format for third-party or compliance audits without giving an external party access to the management interface.

A Practical Approach to Firewall Implementation

King says some businesses bring security hardening in after implementation, which can result in clients being unable to access the websites they need. She says she starts by talking to the client, identifying a baseline template closest to their need, and customizing it before onsite installation.

Then, she migrates assets incrementally, allowing for better control, asset inventory development, and good cyberhygiene. But, King adds, “I never run an old and new network security appliance in parallel. So there must be a hard cutover to the new appliance.”

The risk in running both is missing assets. “I have found assets in a ceiling that no one knew about but were still chatting on the network,” she comments.

What Firewall Management Success Looks Like

Some of the solutions and services that MSPs provide clearly demonstrate that they’re working and providing value. However, it may be harder for you to convince your clients that firewall management benefits them.

Bodner explains, “As a cybersecurity-focused company, it’s hard to pinpoint specific success stories. We are hired to secure our clients’ infrastructure and networks, and we often have to undo years of neglect and damage. So, we start from square one.”

“But that’s our job. Success is when we identify threats that we stopped and when our clients add additional services, rely on us more, and stay with us for many years. We want to be like a referee on a football field: do a good job but not be the main attraction. So every day with no incidents is a good day.”


About The ASCII Group, Inc.

The ASCII Group is the premier community of North American MSPs, MSSPs, VARs and solution providers. The group has over 1,300 members throughout the U.S. and Canada, and membership encompasses everyone from credentialed MSPs serving the SMB community to multi-location solution providers with a national reach. Founded in 1984, ASCII provides services to members, including leveraged purchasing programs, education and training, marketing assistance, extensive peer interaction and more. In addition, ASCII works with a vibrant ecosystem of major technology vendors that complement the ASCII community and support the mission of helping MSPs and VARs grow their businesses. For more information, please visit www.ascii.com.