Category: Networking Tips

Sophos XG 86 & XG 106 function as secure VPN appliances

Sophos XG 86 & XG 106 firewalls stand in as secure VPN appliances

Sophos XG 86 and Sophos XG 106 appliances are powerful next generation firewalls many small businesses use to as their primary cyber threat defense. However, these mighty little devices are far more versatile than admins give them credit for! Did you know the XG 86 and XG 106 can both stand in as dedicated VPN platforms to secure temporary remote work spikes? So you won’t need a Sophos RED (remote ethernet device) or other comparable VPN appliance.

Sophos XG 86 firewall

A Sophos XG 86 firewall costs about the same as a Sophos RED and similar competing remote access devices. Yet it can perform even better than SMA devices if a split-tunnel deployment is required. This substitution is possible because Sophos XG firewalls come with a basic set of security features and services. They include the ability to deploy Sophos site-to-site VPN tunnels. Since this feature is part of the XG firewall base license, that also means no recurring fees or renewals are necessary.

Remote access security ensured

With your remote workers accessing company applications and resources through a firewall-facilitated VPN tunnel, you ensure the onboard and advanced Sophos security features they enjoy at the office protect users working from home as well. Those include Network Protection, Synchronized Security, and the Sophos Heartbeat. Bundle your Sophos XG 86 firewall with an EnterpriseProtect Plus package that includes advanced Web Protection to get a solution ideal for split-tunnel VPN deployments.

Ease management & deployment of remote access users

Another great benefit of using your Sophos XG 86 or XG 106 firewall as a stand-in for a secure remote access device is ease of management. Manage all your site-to-site tunnels and connected users intuitively through the Sophos XG Firewall single-pane-of-glass management dashboard. Simplify remote work chaos by monitoring and managing traffic with the same tools you would in the home office.

Sophos XG 86 vs Sophos RED

  • Remote workers returning? XG 86 can shift back to a security role
  • XG 86 offers more flexible secure access options like SSL & IPSec VPN
  • Centrally manage XG 86 VPN deployments with Sophos Central
  • Protect traffic routed through split tunnel setups that Sophos RED does not secure

Sophos RED 15 secure access device

How to use an XG Firewall for secure remote access

Using an XG 86 or XG 106 (for even more power and user support) in place of a RED or similar secure access device is simple. A Sophos XG firewall will act as a server that waits for incoming connection requests. This is quick and easy to configure with a few clicks to turn on “RED Status.” You can see full detailed instructions for this VPN setup in the Sophos Knowledge Base.

 

What Is a VPN?

VPN: A Closer Look

VPN. If you hadn’t heard these three letters together before March 2020, you’ve surely heard them now. With businesses and their employees the world over exposed to work from home scenarios – many for the first time – any conversation about secure remote access involves the term. So what is a VPN? The very basic definition is – it’s a virtual private network. But that phrase is just begging for further explanation. So gather ‘round – virtually of course – as we unpack VPNs and why they’re so important for telework.

Virtual

The virtual part of VPN means just that – it requires no physical connection. Instead, a virtual tunneling protocol establishes the connection. Gophers would be jealous of the number of these tunnels out there, but of course, they don’t damage any golf courses or yards. The tunneling is achieved by a process known as encapsulation. Basically, while your remote user’s data still does have to travel through the public internet to get to the other side (i.e. your network), the virtual tunnel covers it. That means, it’s private.

Private

So the tunnel itself offers privacy to a degree, but to achieve the full security benefits of a VPN, it must be encrypted. The public internet can see that a tunnel exists, but encryption – either via SSL (secure sockets layer) or IPSec (internet protocol security) prevents anyone from seeing what’s inside. The user and the network the user connects to are the only ones who can decrypt it, with passwords (multifactor authentication recommended) and certificates.

Getting back to the types, while both SSL and IPSec provide the encryption needed to keep that virtual tunnel private, there are a couple key differences. SSL VPN allows secure remote access through a web browser – without requiring specialized client software – making it simple to deploy. Unlike SSL, IPSec VPN functions at the network layer, and it does typically require a separate hardware or software solution. We compared SonicWall’s VPN service offerings (one SSL and one IPSec) in a recent post, and in a handy chart that could offer some assistance as to which is best for your scenario.

Oh and one more note on privacy, when a user connects via VPN, it also obscures the device’s IP address. That means someone trying to track its location will only get the IP address of the network the user is connected to – a feature many non-business users find handy.

Network

So in our quest to answer the question “what is a VPN?” we’ve explored the virtual and private aspects, now let’s examine the network component. Network in this case means a user’s remote device is connected to your organization’s network. Depending on the connection type, they may have access to all of it, or just specified apps, services, and files. Either way, the VPN connection allows users access to what they need to get work done – all while protected by your existing network security. A VPN in essence extends your network’s reach to wherever your employees need to access it. And in the age of the teleworker, this secure remote access is a must.

Is your VPN connection a little slow?

Check out our video for some tips on how to speed up your VPN connection:

For more talk about all things network security, take a listen to our Ping Podcast, available wherever you listen. And for all your cybersecurity research needs in one place, visit our Knowledge Hub.

Secure remote user credentials with multifactor authentication

Multifactor authentication secures employee credentials

Multifactor authentication – aka MFA – means the bad guys are S.O.L. even if they get your name and password. By requiring multifactor authentication for users on your network, you ensure that connection attempts provide two or more pieces of evidence before allowing a user access to any resources or applications.

Attackers are turning their attention to the vulnerabilities of remote access because working from home has become a requirement of doing business in 2020. With so many workers connecting remotely, hackers are focusing on phishing, social engineering, link spoofing, and business email compromise as ways to steal user credentials, access company resources, and exfiltrate sensitive data.

By adding multiple layers of authentication beyond the simple password (and let’s be honest, how many of your employees are really using long, complicated passwords?), you can safeguard against these vulnerabilities of human error. And with so many employees working from their home office out of the IT department’s direct line of sight, you’re going to want a few extra safeguards until we’re all back on premise.

FortiToken Mobile: One-Time Password Generator

Fortinet’s FortiToken Mobile is a one-time password generator application compatible with both Android and iOS devices. It supports both time-based and event-based password tokens, adding versatility to how users can be authenticated. The app instantly generates a single-use token right on the mobile device that users are carrying around in their pocket all day long. Even if attackers are able to steal your username and password, they’ll have to pay a visit in-person to steal your mobile phone too.

Fortinet FortiToken multifactor authentication

FortiToken Mobile is a great solution for small businesses that are looking to get started with multifactor authentication at a low price-point. SMBs can get started with licenses for as few as just five employees. Adding additional licensing is quick and easy, making the solution scalable with your needs. Plus, because FortiToken Mobile is sold as perpetual licenses, you only have to pay once. No annual renewals or subscriptions needed.

 

WatchGuard AuthPoint: Versatile cloud-based authentication

WatchGuard AuthPoint Mobile is designed to work the way your employees work. That means versatility, scalability, and ease-of-use are key. Network administrators can assign different kinds of authentication to specific users, groups, or applications.

WatchGuard AuthPoint multifactor authentication

Mobile Push Notification – AuthPoint’s mobile device option sends push notifications to a user’s phone after they attempt to log in with their username and password. By responding to this push notification, users let AuthPoint know whether to accept or deny the access attempt.

QR Code — AuthPoint supports a QR code version that works with mobile devices as well. After a user attempts to sign into a machine with name and password, a heavily-encrypted QR code is generated onscreen which can then be read by the AuthPoint app on their mobile device.

One-Time Password (OTP) — Like FortiToken, AuthPoint Mobile is able to generate unique one-time passwords that temporarily act as authentication credentials for the AuthPoint app.


 

Multifactor Authentication & VPNs

Many of us will be working from home for the foreseeable future and Firewalls.com has seen a mad dash of small businesses trying to stay connected through secure remote access, virtual private networks, and email security. Solutions like WatchGuard IPSec VPN Clients are a great way to keep remote users safely tethered to company resources and applications, but the human factor always leaves vulnerabilities. Most VPN services require only a username and password combination, making them ripe targets for credential theft and phishing attacks.

Compromised VPNs present a greater threat than any single application or endpoint being infected. Once an attacker is able to win a foothold in a remote access tunnel, they’ve got a direct pipeline right back into the heart of your network. When most of your network’s users are reaching out through dozens of VPN tunnels, multifactor authentication becomes a must-have security feature, not a convenient add-on.


 

Don’t forget to renew your security services

Remember your security services

With COVID-19 causing workplaces to shift from on premises to remote, network admins have had their hands full keeping employees connected and secure. We know there are plenty of factors to consider to make that happen. But one consideration that can’t get lost in the shuffle: security services subscriptions. These subscriptions have a shelf life, and if allowed to expire, that may render a lot of the effort to protect workplace data – and offer reliable remote access – moot.

Allow me to explain further. Firewalls – the cornerstone of any secure network – are not fully optimized security machines without a suite of security services to enhance their hardware. Those services can include (but are certainly not limited to):

  • Advanced Threat Protection
  • Antivirus
  • Antispam
  • Application Control
  • Content filtering
  • Data loss prevention
  • Enhanced management capabilities
  • Sandboxing
  • SD-WAN services
  • Web application firewalling
  • Web surfing protection
  • 24×7 Technical Support and Updates

This is just a partial list relating to firewalls, with services depending on the manufacturer. But when a security services subscription expires, it could leave your network vulnerable to all of the threats these services address – and leave you out in the cold when it comes to certain networking features you rely on.

What does this have to do with remote employees?

Service subscriptions extend beyond the firewall, with offerings like endpoint protection. This protection is a vital component to a secure remote workforce both to keep data from prying eyes and to offer enhanced visibility into remote devices for network admins. And of course the secure access offered by VPN clients or secure mobile access appliances benefits greatly from active support subscriptions as well. Network security pros can help troubleshoot any of the myriad issues that can arise when most of your employees are connecting remotely.

Additional subscriptions cover a variety of appliances from wireless access points to email gateways to network switches, as well as virtual appliances and other standalone services. Regardless, it’s vital to keep them up to date and renew before they expire to avoid interruptions that can stop your network in its tracks.

How do I know when expiration is nearing?

If you’re a Firewalls.com customer, we’ll send you email notifications starting 90 days from your service expiration date. So even with everything else going on, it’s another reason to keep up with your inbox. If you don’t receive these emails from either us or directly from your service provider, simply visit your manufacturer portal, reach out to your IT consultant, or start a chat on Firewalls.com and we’ll be happy to help too.

How do I renew?

Regardless of where you initially purchased service, this is an easy answer. Go to our Renewals & Licensing locator, choose your product and subscription type, and choose your preferred subscription length. Firewalls.com offers renewals and licensing for SonicWall, Fortinet, Sophos, WatchGuard, Ruckus, Cisco Meraki, and Barracuda.

A few things to keep in mind:

  • You’ll pay a lower yearly cost and guard against any increases in subscription rates with a longer-term renewal
  • Some services like Barracuda licenses come in month-to-month terms, while some come in 1, 2, 3, 4, or 5 year lengths
  • If you upgrade to a new firewall, you can migrate your existing service subscriptions with you

If you have a question while you’re on the renewals page, wait for the chat popup, and one of our experts will be happy to assist you. Either way, it’s a quick and easy process, and your term will be extended before you know it. However you choose to renew, just remember, expired services hurt your network’s performance and security, so keep your subscriptions active!


 

5 Things to Consider to Secure Your Telework Employees

Telework Cybersecurity

With the rapidly evolving circumstances surrounding the COVID-19 pandemic, workplaces around the world have been faced with a difficult challenge – quickly deploying a remote workforce. While some have been prepared for telework all along, others are scrambling to ensure employees can access their networks quickly, without compromising security. The unfortunate truth of our current situation is that while many are banding together to protect those most vulnerable to the coronavirus, there are those who see this more scattered user-base as a golden opportunity for cyber attack.

It’s important to remember that just because you’re not in the office, it doesn’t mean hackers are taking a holiday. In fact, remote work is their bread and butter. And they stand at the ready to exploit the vulnerabilities teleworking can bring.

With that in mind, what can you do to plug those holes? How do you keep both your network and your work-from-homers secure? Here are 5 things to consider…

1 – It Starts With a Policy

Both you and your staff benefit from knowing what to expect from remote work. Putting a telework policy in writing and ensuring everyone in your organization is aware of it is an important step for consistency and therefore security. Hopefully you already had one, but if not, it still pays to put one together and make it clear to all employees.

What should it include? Acceptable use, personal vs company devices, personal vs company accounts, how to connect, whether public wi-fi is allowed, etc. A couple of statistics should reinforce the need for a strong telework policy: nearly half of employees say they transfer files between work and personal computers; almost 15% say they can’t connect to their work network from home, and more than three quarters say they don’t take privacy measures when teleworking in a public setting.

2 – Protect Your Endpoints

Each device an employee uses to access your data is an added security risk. Remote laptops, tablets, smartphones, etc. are not constantly protected by your firewall. But you need to ensure they have a level of protection against malware, email scams, and other data breaches, so attackers can’t use them as a tunnel back into your network. That’s why a strong endpoint security solution is vital for all your telework users. The best options also provide added visibility into their status for admins. Protecting each device individually makes protecting your network as a whole much easier.

3 – Build a Tunnel

To work from home effectively, your employees need to have use of all the apps and files they normally have at the office. How do you facilitate that quickly and securely? You need to offer virtual private network – better known as VPN – access.

A VPN sets up a secure tunnel between your telework employees and your network, protecting their and your data from any spying or prying eyes. This encrypted tunnel (using either IPSec or SSL) can even help when employees use public networks. In case you missed it, we outlined SonicWall’s VPN options in a recent post.

4 – Make Sure Passwords Have a Passing Grade

An all too common problem with an all too easy solution in the cybersecurity world is weak passwords. Ensure your telework employees (and everything on your network) uses strong passwords of length, with numeric and special characters, and phrases if supported. This keeps brute force attacks at bay, which typically just fire thousands of common words at a login screen until one works.

And take it a step further with multi-factor authentication. For employees to access your network remotely, require an additional step, such as an authentication code texted or emailed to provide added security. Some types of multi-factor authentication even include options like geotracking.

5 – Training Is Vital

You’ve likely already heard that the most common reason for a breach is human error. Whether it’s in the form of a misconfiguration or because an employee clicked a malicious link, the human element puts your network at risk. And just as cybersecurity training is vital in the office, it’s extremely important for telework.

So safety using the aforementioned public wi-fi should come up, as well as reminders about what to look for in social engineering scams. Online attackers’ new favorite? Coronavirus-related malware in the form of emails, and even phony maps to steal personal data from anyone who visits to try and keep up with the virus’ spread.

You’ll also want to be sure your work-from-homers are sticking to VPN-only when it comes to work files. Too often, the easy way may be to send sensitive data as an unencrypted email attachment, but that risks exposing it to bad actors. Teach them to keep it encrypted, even if it takes a little bit longer. And even though social distancing may keep you from conducting this training in person, there are plenty of videoconferencing options to help.

 

Know Before You Go: 4 Things You Should Know Before You Shop for a Firewall

Getting Started

The plans have been drawn. The furniture has been ordered. The staff has been hired. That new office is coming together nicely. But you know there’s still a missing piece – a secure network to ensure your new office is connected. But where do you begin?

Don’t fret. We’ve put together a quick video outlining four things you should know about your desired network setup before you start your shop for a firewall – and other solutions like wireless access points, network switches, etc. You probably know this stuff already, but it helps to compile all this background information, so that you’ll know which devices are right for your particular network needs. Watch on for the info:

 

So whether you’re a small business owner taking that next big step or a branch manager tasked with getting things up and running at a new location – getting these information ducks in a row will help you focus on the right products for your network needs and ensure you don’t have to go back to the drawing board after hastily picking the wrong ones. Plan out your user numbers, raw connection speed, remote access needs, and desired wireless capabilities and you’ll be ready for the next step.

The Next Step

Now that you’ve gathered the needed information, it’s time to shop for your network solutions. Visit Firewalls.com and start with the Firewall tool at the top of the homepage. Plug in your user count, and you’ll be off and running. And what’s even easier? Talking to a network security expert who can walk you through your options and work with you to put together a bundle that addresses all your needs at once. Give one of our experts a call at 866-403-5305 or email sales@firewalls.com. If you’d still like to do a bit more research before you shop, check out our Navigating Network Security episode of Ping: A Firewalls.com Podcast (available wherever you listen) for more detailed tips on the process. And if you need help deciphering datasheets, read through our blog post on that very subject. Your secure SMB network will be up and running before you know it!

Understanding firewall datasheets & tech specs: How to find the right firewall

With dozens of competing firewall brands, each sporting several different models and variants in their product catalogs, it can be a serious challenge for non-experts (or even sometimes for experts) to navigate their options when purchasing a Next Generation Firewall appliance. Manufacturers do their best to be transparent about each firewall’s capabilities, but their datasheets often include 40 to 50 different metrics and measurements to sort through. Which hardware specifications are most important to a business network? What’s the difference between NGFW Throughput and SSL-VPN Throughput? Are maximum user counts really a hard limit? To get a clearer picture, we’ll dissect the tech specs of the FortiGate-60F to determine which stats matter most and why.

FortiGate 60F Tech specs

What on Earth are all of these numbers?!

Throughput Statistics

What is Firewall Throughput?

Maximum Firewall Throughput is the highest throughput speed stat in the tech specs and is measured in Mbps or Gbps – that’s megabits or gigabits per second. This statistic measures a firewall’s raw, unhindered processing speed in its base state–with no additional security services or processes activated. While knowing the maximum volume of traffic that can pass through your firewall is interesting, this stat does not usually provide a lot of context for how a product will behave on your real network. After all, nearly every firewall deployment will include some security services whether that’s antivirus scanning, intrusion prevention, or data loss prevention.

Note that the Firewall Throughput of the FortiGate-60F in this datasheet is written as 10/10/6 Gbps. These numbers demonstrate the maximum throughput of the firewall based on the size of data packets that makes up the traffic being scanned. While throughput is higher at 10 Gbps for larger 1518 byte UDP (user diagram protocol) packets, performance decreases when traffic is broken down into smaller, more numerous 64 byte packets. This is a process known as IP Fragmentation.

What is NGFW Throughput?

NGFW Throughput is a metric that you may not find in every manufacturer’s datasheets. In tables where you do find this statistic, it is generally a measure of throughput when Intrusion Prevention Services and Application Control (key next gen firewall services) are running. Because IPS and App Control are such common services, NGFW Throughput is a great statistic to indicate the speeds your appliance may exhibit in a real-world environment. The NGFW Throughput of the FortiGate-60F is a huge 1.0 Gbps, a major step up from its predecessor, the FortiGate-60E, which clocks in at 250 Mbps NGFW Throughput. That is a TON of speed for a small business firewall.

What is SSL-VPN Throughput?

SSL-VPN Throughput measures the volume of traffic that can pass through a firewall for a user who has connected to the network via an SSL-VPN (secure sockets layer virtual private network) remote access connection. Remote access solutions are exploding in popularity as more and more of the workforce becomes mobile. While the added productivity and freedom of a highly mobile workforce is a boon to modern business, it does call for additional layers of security to ensure that employees (and your data) stay safe no matter where they connect. SSL-VPN Throughput numbers tend to be much lower than other metrics because a lot of processing power is needed to decrypt, scan, and verify encrypted traffic. The SSL-VPN Throughput of the FG-60F is 900 Mbps, making it a great choice for remote branches and outposts.

SSL-VPN Throughput is especially crucial for any business that regularly allows users to work remotely. Depending on how much bandwidth is being called down by applications, low SSL-VPN Throughput can create bottlenecks for remote workers.

What is AntiVirus/AV-Proxy Throughput?

AV-Proxy Throughput is a statistic that some manufacturers are beginning to eliminate from their datasheets altogether. However, it can still be a helpful metric to understand. The stat measures the throughput available from a firewall when it is actively scanning traffic for viruses, malware, or other behavior patterns that indicate an attack. The reason this statistic is beginning to vanish from some datasheets is because traditional anti-virus scanning is evolving to more advanced behavior-based processes centered around Intrusion Prevention and deep packet inspection. Firewalls.com recommends basing your firewall decision on NGFW Throughput or SSL-VPN Throughput, depending on your individual network demands.

Fortinet datasheets have dropped the AV-Proxy statistic in favor of Threat Protection Throughput, which measures speeds for a firewall using IPS, Application Control, and Malware Protection with logging enabled. The Threat Protection Throughput of the FortiGate-60F is 700 Mbps.

Maximum Recommendations Statistics

What does Maximum Supported Access Points represent?

Simply put, this statistic tells you the maximum number of wireless access points that can be managed and secured by your firewall. This is a recommendation and not a hard limit. The “maximums” quoted in datasheets describe a rough number of access points that can be deployed on a network before they cause a large, negative impact on performance. Like many of the maximum recommended numbers in datasheets, these are guidelines to prevent you from overworking your firewall to the point of failure. The FortiGate-60F can easily support up to 30 FortiAPs.

How are Recommended User Counts measured?

Similar to the Maximum Supported Access Points section above, Recommended User Counts are a soft limit recommended by manufacturers to size an appliance for your network. Technically, you can allow any number of users to operate on any firewall, but past a certain point an appliance will slow to a crawl. To maintain comfortable performance speeds and bandwidth allocation, it’s best to stay within the bounds of recommended user ranges. The FortiGate-60F is intended for deployments of up to 25 users.

It is important to note that users are not simply the number of employees you expect to use your network. The term user in this case encompasses each Internet-connected device that may use the network on a daily basis. In network security, a user is considered any of the following:

  • PCs, Laptops, & Workstations
  • Mobile devices
  • Internet of Things (IoT) devices
  • Printers
  • Tablets
  • Any other device connected to the Internet

Firewalls.com recommends a firewall with roughly twice the capacity of users that you currently house on your network. This built-in wiggle room is so you can accommodate business growth and spikes in guest users, while still leaving plenty of processing power on the table for resource-intensive applications.

What does Maximum Concurrent Connections mean?

Maximum Concurrent Connections describes the total number of TCP (transmission control protocol) connections a firewall can handle at a given time. Because a firewall acts as a gateway between your internal LAN (local area network) and the external public-facing Internet, the appliance must track and map the IPs (internet protocols) of all original internal requests and the external IPs assigned to them when requests are sent across the web. The Maximum Connections stat indicates how many internal and external mapped IPs can be simultaneously tracked by the security processor. This stat is important when choosing a firewall particularly for companies with employees who use several applications at once. The FortiGate-60F supports up to 700,000 concurrent TCP connections.

Other things to consider

There are a ton of other factors that can determine which appliance is the best fit for your needs. The specific form factor of your appliance–its physical size and shape–may be an important determination if you’re deploying in a small office where space is a limited commodity. Depending on the complexity of your network setup, the amount and types of interfaces (ports) can impact how you connect routers, network switches, high availability firewalls, and other auxiliary security devices. Knowing what kinds of swappable components or add-on modules are available can be important for businesses that must customize appliances to fit a tricky deployment where temperatures, memory requirements, or availability of power supply are an issue. It is also important to note the maximum site-to-site VPN or IPSec tunnels a firewall can support if your business plans on employing a large number of remote workers.

Arming yourself with a brand-specific Buyer’s Guide can simplify the process of choosing the right firewall. Educating yourself through blogs, podcasts, or video reviews can also remove a lot of stress from the decision-making process. However, the best way to ensure that the firewall you purchase is a perfect match is to speak with a knowledgeable, certified representative. You can reach one at Firewalls.com by calling 866-403-5305. Not ready to hop on the phone to discuss your needs? Connect via live chat or email sales@firewalls.com to find your perfect network security solution.

Network Switches: A Video Buyer’s Guide

A Network Switch Shopper’s Companion

Shopping in the business networking space can be a daunting task, with a variety of devices to buy, features available, performance metrics used, and brands to choose from. Network switches are no exception, with common questions including:

  • What is a network switch?
  • Why would I need one?
  • How do I pick the right one for my network?
  • What is the meaning of life? (that’s probably a question for another post)

A few months back we gave you 5 things to consider when buying a network switch. Now, we’re offering a video to take another deep dive into the world of network switches. In our new video buyer’s guide, we go over answers to some of these common questions and give you a primer on the switch-related offerings of a couple of top brands: Fortinet and Ruckus. We also spotlight the switch configuration and management services offered by our in-house network experts. Give it a quick watch here to learn more about network switches:

Ready to Shop?

Now that you’re armed with the most powerful weapon of all – information – check out our selection of network switches. To make shopping on our website easy, you can filter your selections by brand, number of ports, speed, managed vs. unmanaged, and of course price.

FIND MY SWITCH

Still have questions about network switches? Give us a call and you’ll be talking to an expert who can walk you through the process of optimizing your network’s performance and security.

866.403.5305

4 Things to Consider Before an SD-WAN Migration

Just about any Google search for the phrase “SD-WAN” will turn up an overabundance of articles explaining why replacing traditional MPLS with SD-WAN solutions can save you time and money.  Heck, we even published a podcast about it. There is certainly no shortage of elevator pitches pointing you toward SD-WAN (also known as a software-defined wide area network); however, like all things in life, there is far more to the process than “just doing it.” Keep reading and we’ll lay out four key considerations to account for before any SD-WAN migration.

1 – Take Inventory

Your first step should be taking an accurate inventory of all of the locations, connections, and applications using your network. Categorize these locations by requirements. Do they rely on extremely high availability? What requirements are there for factors such a packet loss and jitter? Consider also the costs that each piece of the puzzle will require. All of these factors figure into what your business’s path to SD-WAN looks like.

Forming a highly detailed network diagram should be a priority. Knowing your WAN–including physical locations of devices and the layout of your LAN (local area network)–is crucial. Individual locations may require unique services, bandwidth, or traffic considerations. You will likely be sharing this network diagram with any third-party vendors you work with, ISPs, and your IT team so that all parties participating in the migration have a comprehensive understand of your needs. Firewalls.com always recommends that you leave plenty of wiggle room in your systems to accommodate for growth. With so many applications increasingly re-homing in the cloud, you should absolutely plan for the future of your SD-WAN solution to be able to accommodate them in the coming years.

2 – Determine What the Roll-Out Will Look Like

The second consideration is how quickly you expect your SD-WAN roll-out will be. Businesses have the option to switch everything from MPLS (multiprotocol label switching) as a routing technique to SD-WAN at once, or complete the process in a number of smaller, more modest phases.

SD-WAN is a flexible solution that can work in tandem with MPLS deployments already in place, allowing businesses to operate both simultaneously. Many organizations, especially small businesses, may not be ready or be able to migrate their entire WAN infrastructure in one process, and that’s okay. Hybrid WAN management, where certain connections are handled by MPLS and the rest by SD-WAN are not only possible, but fairly common.

Even if an organization is unable to fully transfer connections to SD-WAN, hybrid WAN management allows for reduced costs associated with bandwidth over time. Not only is this extremely flexible, but the money saved through SD-WAN begets resources needed for the later continuation of digital transformation. Or, put plainly, sometimes you have to save money to save more money later. Hybrid WAN environments make that possible.

3 – Acquire Dedicated Internet Access Lines Early

After taking inventory of the network and diagramming WAN infrastructure, you’ll have a solid idea of exactly what connections and bandwidth requirements to consider. Organizations need to start very early on with the process of orchestrating Internet service provider (ISP) installations, especially if connecting outposts or branch offices in remote locations. Getting Internet circuits installed can take several weeks or months. If the entire SD-WAN migration grinds to a halt while waiting on an ISP to haul fiber to branch locations, businesses can find themselves relying on more expensive MPLS solutions for longer than expected. Those costs add up and can act as a costly spoiler unaccounted for in initial budgeting.

4 – Consider Effects on End Users

Change, even positive change, causes friction. Friction in a business environment can have ripple effects on budget, productivity, and reputation, so it is imperative that businesses are fully prepared for cause-and-effect wrinkles in their daily routines. To that end, there are a number of questions you should ask about how an SD-WAN migration can impact users and internal traffic.

How much downtime should be expected for individual applications during the migration? If these are business critical applications, how can this impact be mitigated to minimally interfere with company workflow?

What changes will end users see in their daily network usage after successfully migrating to SD-WAN? Consider the training your staff may need to understand how this new infrastructure affects them. Again, change creates friction that may rub end users the wrong way, particularly if they’re used to doing things a certain way for a long time.

Speaking of end users, SD-WAN often extends greater access to mobile users on your network by eliminating the backhauling issues that mobile devices face with MPLS. Mobile backhaul describes the unseen process of how data-hungry mobile devices interact with wireless networks and data centers. However, SD-WAN excels at backhauling optimization, allowing for freer access to the network for mobile users. While this may be a boon for mobile workers, organizations should take additional security steps to account for increased mobile traffic on the network. Fortinet’s Secure SD-WAN integrates seamlessly with the rest of the Fortinet Security Fabric, extending powerful mobile security to minimize this impact when using products such as FortiGuard Mobile Service.

Another change that comes with SD-WAN migration is the beneficial impact it has on the IT department. SD-WAN can improve visibility and reduce the number of touch points and management tasks that IT needs to keep up with on a day-to-day basis. Organizations should consider how this lessened burden on the IT schedule can be taken advantage of to further improve network security and performance. What are network administrators to do with all of this extra time and increased control?

SD-WAN Management Made Easy

Hopefully this article has instilled some confidence if you’re on the fence about an SD-WAN migration. But Firewalls.com can still make managing your SD-WAN even easier. With a Security Operations Center filled to the brim with highly certified network administrators and architects, our Professional Services team can actively manage and configure SD-WAN on your behalf as an affordable, commitment-free monthly subscription. Give us a call at the number below to learn how Firewalls.com Professional Services can turn SD-WAN into an E-Z win.

Call us at 866-957-2975 to learn more!

Data Breach Reminds: Configuration Is Key

An Unfortunate Reminder

If we’ve said it once, we’ve said it 1,000 times – and we’ll keep saying it: the right configuration is key for your network to be fully secure. We had another reminder this week, with news of a data breach affecting Capital One in which a hacker gained access to more than 100 million credit card applications and accounts, in what CNN calls, one of the biggest data breaches ever. Capital One had security measures in place, but the breach still occurred. So how did the hacker get through? A misconfigured web application firewall.

Misconfiguration Opens the Door

More specifically, according to the criminal complaint filed by the U.S. Department of Justice, “a firewall misconfiguration permitted commands to reach and be executed by [a specific] server, which enabled access to folders or buckets of data in Capital One’s storage space at the Cloud Computing Company.” Unfortunately, this is all too common. According to Gartner, 99% of successful network breaches can be attributed to a misconfiguration of the firewall.

The DOJ complaint alleges the hacker gained access multiple times over a few months. It wasn’t until Capital One received an anonymous tip that the company became aware of the data breach. That means the stolen personal information – which included approximately 120,000 social security numbers, more than 75,000 bank account numbers, and millions of names, addresses, and birth dates – was available to the highest bidder for quite some time.

Not only was the firewall misconfigured, the theft was not quickly detected. Those are two expensive issues you don’t want your network to have. Capital One expects to spend $100 to $150 million in costs related to this data breach.

How Can I Prevent a Breach?

So how do you prevent the same thing from happening to you? Get a professional configuration with ongoing management of your network. Our network engineers provide personalized solutions based on your unique needs, ensuring optimized performance and security. Once your configuration is complete, they offer managed security services that take the burden of everyday monitoring, patching vulnerabilities, threat detection, and more away, allowing you to rest assured that the security of your valuable data is in the hands of top-notch, certified professionals. And anytime you have a question, they’ll be there at our Security Operations Center to help.

LEARN MORE ABOUT OUR PROFESSIONAL CONFIGURATIONS

If you want to take a crack at a configuration on your own, we can help with that, too. Our configuration checklist takes you on a deep dive through the complexities of the configuration process and helps you keep your settings, rules, and hierarchies organized. Did we mention it’s FREE to download?

Get the Configuration QuickStart Checklist

 

*If you’re a Capital One customer and think you may be affected by the data breach, here are some steps you can take.

Buying a Network Switch: 5 Things to Consider

Why Do I Need a Network Switch?

Whether you have a small business or enterprise organization, your network needs to keep several users reliably and securely connected around the clock. No matter how fast your ISP hooks you up, you’ll need appropriate equipment to spread the high-speed love. Enter the network switch, an oft-overlooked but vitally important piece of the networking puzzle. How do you decide which network switch is right for you? Let’s countdown some factors to consider in relation to your network needs.

1 User count

It all starts with the number of users you need to connect. Remember, a user isn’t just a person on a computer – users include other connected devices as well, like printers (you’ll probably have at least a couple of those), VoIP phones (your business likely will need to communicate with others verbally from time to time), surveillance cameras (just in case), firewalls (a network security must), and wireless access points (those APs have to get their internet connections from somewhere). Generally speaking, a higher number of users requires more ports and faster transfer speeds.

2 Power

Remember those access points? In many cases, you’ll be placing your APs in locations that make traditional power outlets hard to reach. Fortunately, many APs (as well as VoIP phones, firewalls, and other devices) can get their electricity through Power over Ethernet, aka PoE. This means they can stay connected and receive power using only an Ethernet cord. Look for a network switch with Ethernet ports that support the PoE needs of your network.

3 Speed

Network switches don’t create speed, but the wrong switch could slow your network down significantly. If you’re transferring a lot of data, you’ll want to make sure you have ports that can handle your need for speed. Look for 10/100/1000, aka Gigabit ethernet (GbE), ports. These ports will automatically sense and use the fastest speed shared by the sending and receiving devices. For less heavy duty scenarios, a switch with 10/100 ports may suffice (those are speeds of 10 or 100 Mbps), but most modern switches support GbE ports.

4 Managed vs Unmanaged

This one’s a pretty easy choice. If you’re looking at a switch to connect the key pieces of your organizational network, you’ll want a managed switch. What’s the difference between managed and unmanaged? An unmanaged switch is often called “plug-and-play,” and while that sounds convenient, it means there is no ability to configure an unmanaged network switch because it lacks a “brain.” A managed switch gives you the ability to manually configure, monitor, and manage the devices on your network.

Configuring a network switch allows you to better optimize network performance and security – keeping sensitive data siloed and enabling only active ports to minimize your attack surface. It just so happens our security experts at Firewalls.com can work with you to get that configuration just right and keep it that way – actively managing your switch for you, no matter the brand. Unmanaged switches can be useful in lower-stakes network setups or as a supplement – like adding connections in a conference room.

Learn about Switch Configuration

MANAGE MY Switch

5 Value

Just like an unmanaged switch, this is a no-brainer to consider when shopping for a switch (or any significant purchase). At Firewalls.com, you can find value that fits your network, whether you need 12 or 48 port. We offer network switches including the Ruckus ICX SeriesFortinet FortiSwitch Series, and the Cisco Meraki MS Series to help you get your network running smoothly. Visit our Network Switch page and use the filters on the left-hand side of the page to find the network switch that best fits your demands.

FIND MY SWITCH

Enter the SonicWall Upgrade Matrix

Let Me Upgrade You

New cyber threats emerge every day. While the firewall you’ve had since your business opened has kept your network protected, it may be time to bring the latest technology in to maintain that security. As Beyoncé says, “Let Me Upgrade U.” But where do you begin when searching for your next security appliance? Let the SonicWall Upgrade Matrix show you the way.

Enter the Upgrade Matrix

The matrix in this case is not an innovative Sci-Fi flick that spawned two progressively worse sequels. Rather it’s a chart that shows you which devices are eligible for special SonicWall upgrade pricing through the Customer Loyalty Program. That means you’ll save money on your new firewall and gain peace of mind that you won’t have to spend thousands to recover from a ransomware or malware attack that your older device couldn’t stop. Let’s take a closer look at the SonicWall Upgrade Matrix.

SonicWall Upgrade Matrix

[table id=1 /]

Why Should I Upgrade?

Your current device may be nearing or already past End of Support, meaning SonicWall is no longer able to provide support and updates to keep up with the latest threats. Your firewall may be incompatible with newer security solutions. It’s probably slower and shorter on memory than a new appliance. It may not have the capacity you need for your growing organization. Dive deeper into the top 5 reasons to upgrade your firewall with our video:

About That Savings

SonicWall estimates you’ll save up to 50% a year on your firewall plus security services when you upgrade through the Customer Loyalty Program. You’ll get this savings when you bundle a new firewall and a two- or three-year security services subscription like Advanced Gateway Security Suite, which, let’s face it, you needed anyway. Go to our SonicWall Upgrades page now to get the bundle that’s right for your network.

UPGRADE MY SONICWALL

 

3 Ways to Improve Hotel Wi-Fi with Ruckus Security

Veterans of the hospitality industry have witnessed a noticeable shift in the types of feedback received from their guests. Younger travelers come with high-tech expectations like USB charging ports, extra outlets for multiple devices, and, of course, fast and reliable wireless internet. Just a quick scan through review sites illuminates how prominent both complaints and praise are in regards to a hotel’s Wi-Fi. In fact, independent surveys by Forbes, TravelPulse, and eHotelier all point to Internet issues as one of the most common guest complaints. In many cases, arriving guests ask for the Wi-Fi password at check-in and attempt to connect in the lobby, meaning a hotel’s wireless network quality may be the first real impression a guest forms about their stay.

Ruckus Wireless understands that hotels come with a host of unique issues that make planning an effective wireless strategy a challenge. Hotels are large, often with multiple wings and floors, making for a lot of ground to cover. Each room comes with four walls, a ceiling, thick doors, and plenty of other barriers constructed of building materials that block or weaken signal strength. On an average night, a hotel’s wireless network needs to serve up high-performance connections to hundreds of guests. And all this doesn’t even take into consideration additional outdoor facilities such as pools, parking lots, terraces, and shuttle areas where guests arriving or departing the hotel still expect to connect.

Below, we’ll explore some of the most hospitality-friendly solutions Ruckus Wireless offers for hotels looking to boost Wi-Fi guest ratings.

Ruckus Wall Plate Access Points

Many hotels choose to deploy wireless access points throughout their hallways in standard ceiling mounts. While this may seem practical (allowing a single access point to make the most of its effective range by reaching a cluster of surrounding rooms), this also means putting the most obstructions between guests and APs. Certain areas of a room may receive weaker signal strength than others. Some parts of the room may receive no signal at all. By putting walls in the way and making in-room guests surf the fringes of an AP’s range, hotels with ceiling-mounted access points are choosing a utilitarian but flawed solution.

Wall plate access points like the Ruckus ZoneFlex C110, Ruckus Unleashed R510, or Fortinet’s FortiAP-C24JE are designed to use existing wall data cables to provide low-profile in-room signal sources. This means guests receive the most direct Wi-Fi signal possible at a distance that makes the most of the appliance’s range.

Beam Flex Technology

Most APs are either “omnidirectional,” radiating signal in all directions like light bulbs, or “directional,” sending signals on a single vector like a flashlight. Both omnidirectional and directional APs ask clients to find exactly where to stand for the best results. Many modern vendors now make use of “beamforming” to establish targeted connections. Beamforming is a process that allows an AP to focus a WiFi signal to a specific target. Most vendors make use of beamforming by manipulating the signal processing built into their access points’ chip, also known as “transmit beamforming” or TxBF. However, a majority of devices do not support the TxBF protocol. TxBF transmitters also cannot make use of other techniques like spatial multiplexing when beamforming.

Ruckus Wireless takes signal forming to the next level with their patented BeamFlex Adaptive Antenna technology. BeamFlex uses smart, compact antenna systems containing multiple elements that manipulate antenna properties, forming personalized antenna patterns for the individual devices with which they communicate. This means Ruckus Wireless access points establish the strongest connections possible, automatically.

To stick with the lamp metaphor, where omnidirectional APs are lightbulbs and directional APs are flashlights, you can think of a Ruckus BeamFlex access point like a plasma ball. The AP will find you and reach out to initiate an optimal connection.

Wireless Heat Mapping

Custom Wi-Fi heat maps allow you to pre-plan the layout of access point deployments to find and fix wireless dead zones before installation. Ruckus’s ZonePlanner Wi-Fi RF Simulation tool lets you place and compare access points on a real, customized map of your facilities. It also takes into account variables like building materials, wall thickness, and other environmental factors. You can swap different access point models in and out to find which hardware makes the most sense for you.

Properly size new deployments for any location and predict network performance before you buy by previewing your network by channel or SSID. You can even seek out and minimize signal bleed to keep guest Wi-Fi out of sensitive areas.

Pre-planning your wireless network saves you money by preventing overspending on unnecessary access points. Firewalls.com will save you even more by mapping out your office using Ruckus ZonePlanner at no additional cost when you purchase a Ruckus access point. You send us a map of your building with as much detail as possible and we’ll send back a detailed wireless heat map showing how a variety of different Ruckus access points would fit your needs. Call us at 866-957-2975 to request a free wireless heat map report.

See How to Get A Free Wireless Heat Map

Looking for even more ways to save money on a wireless network?

Read how Ruckus Unleashed lets you dodge the costs of wireless controllers.

Bring Everything to Light With Sophos Cloud Optix

See Everything, Secure Everything

Each day, more and more business-critical assets move from on-premises deployments to the cloud. Maintaining visibility across platforms is vital to ensuring your organization’s sensitive information is secure. The new SaaS-based Sophos Cloud Optix does just that. Powered by artificial intelligence (but not Haley Joel Osment), Cloud Optix automatically and continuously discovers all your assets on Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP) environments.

That visibility, combined with smart alerts about suspicious behavior, gives you the ability to see when risks emerge and respond to them in minutes instead of days or weeks – making the cloud anything but cloudy. You can also setup guardrails to prevent, detect, & remediate network configuration changes. Speaking of setup, Cloud Optix plays nice with all your organization’s existing tools, and you can have this agentless service up & running in minutes.

Why Cloud Optix?

Aren’t cloud platforms already pretty secure? Yes and no. These services do have built-in protections on their end. But in a recent report, Sophos found that cloud servers faced an average of 13 attempted attacks per minute, per honeypot. That means if just one setting is wrong on your end, your organization’s valuable data may be exposed. Cloud Optix ensures you have the full picture of your settings at all times, making it simple to see if there’s a problem and address it.

And what about compliance? The public cloud is always evolving, and compliance requirements often change with that evolution. Cloud Optix continuously monitors compliance with custom or out-of-the-box templates for standards like CIS, SOC2, HIPAA, ISO 27001, and PCI DSS. It also does the diagramming for you so you’ll be prepared for security audits – with reports ready to download in just a couple of clicks instead of the hours they used to take to put together manually.

Ready to See More?

Take a closer look at some features of Cloud Optix with this Sophos datasheet, then see it in action in this video:

Try It Yourself

You may be thinking that while the video demo is nice, you’d need to take it for a test drive yourself before buying in. Guess what? You can! Sophos is offering a free online demo of each and every feature. And if that’s not enough, you can get a 30-day free trial to test it with the tools your organization uses every day. And finally, once you’re ready to buy, we have the subscription option that’s right for your organization.

GET CLOUD OPTIX NOW!

The Configuration Conundrum: When good businesses make bad choices on firewall configuration

Breaking Down the Common Reasons Why Businesses Skip a Professional Firewall Configuration

At Firewalls.com we spend each and every day discussing common network security woes, helping partners craft unique solutions, and helping to widen firewall education and expertise for all. We’ve heard it all: knee-slapping tales from administrators in sticky situations; never-seen-before security conundrums and, of course, plenty of bad excuses. Any network security engineer worth their salt understands that securing small business networks doesn’t stop at choosing which appliance model or services to buy. Even the most modern and impressive hardware is no better than a door stop if administrators don’t understand how to configure, deploy, and maintain the complex security systems needed to combat 2019’s most advanced threats.

Our new video series, which we’ve named the Configuration Conundrum, takes a hard look at some of the less-than-solid reasons why businesses choose to configure their own firewall (or, in most cases, attempt to configure their own firewall) instead of having their advanced security appliances configured by a team of experienced, certified engineers. Over the next few episodes, we’re putting the penny-pinchers, security-gamblers, and “I’ll-get-to-it-later” guys on blast! So hop over to our YouTube channel and join us as we dissect the most common reasons why small businesses risk their security (and your confidential data) by opting for sub-par or non-existent firewall configurations.

Check Out the Videos


“I’ve got a guy for that!” Ah, yes. We’ve all got our favorite vaguely-titled “business consultant” or “IT solution grower” to fall back on. Whatever title he claims on his LinkedIn profile, he can run cables, register employee MAC addresses, reconnect the printers, and can maybe fix the coffee pot too.

Is he a security expert? Not specifically.

Does he have network experience? He’s got a little experience in a lot of things.

Does he have certifications, manufacturer training, or industry accolades? No, but he’ll cut you a great deal.

Check out this short video to see what can go wrong when your guy accidentally leaves the door open to ransomware on your network.


Budget constraints. We get it. That’s our go-to excuse when we’re looking to get off a sales call too! As cyber security threats grow more advanced and more dangerous, the once modest IT budget is encroaching further and further up the P&L, eating up OpEx that you were hoping to carry into next quarter.

A good configuration pays for itself. By eliminating unnecessary services, preventing bottlenecks that slow down business-critical resources, and intelligently restricting network traffic to productive activities, a professional firewall configuration ensures that you’re not wasting resources or, worse, rendering your security investment moot by leaving elusive pinholes and blindspots that persistent threats use to worm their way in.

Check out this Budget video to see why prevention is ALWAYS cheaper than remediation.


Some people can’t resist a good puzzle. For the enterprising DIY master a complex firewall configuration seems like tempting sport. Unfortunately, they rarely have the expensive virtual labs needed to stress-test their results with simulated traffic, pre-staged attacks, and benchmarking platforms.

What that means is that their first real attack is a live-fire assessment of how well they did. Like testing out a boat design by shipping out to sea, configuration-hobbyists often find themselves frantically patching holes, bailing water, and holding bulkheads in place as they gradually slip beneath the waves.

60% of small businesses that experience a data breach shutter their doors within 6 months. This video outlines why you should never gamble your life’s work on a weekend project.

How to Ensure a High-Quality, Professional Firewall Configuration

Don’t deploy top-dollar hardware with bottom of the barrel settings. Look behind the curtain of the setup wizard and you’ll see that the cyber threats of 2019 can’t be whisked away with a magic wand. If you want to make the very most of your security investment; if you want to take advantage of cutting-edge technologies working in perfectly-integrated harmony; if you want personalized solutions with 1-on-1 considerations designed to address your unique needs and demands, you deserve a professional firewall configuration.

You should seek out a professional services team with an on-site Security Operations Center, a multitude of certifications, and tangible experience earned through on-going education and a rich history of security expertise.

Still want to take a crack at DIY? We wish you the best of luck and recommend you check out the Firewalls.com Configuration QuickStart Checklist. Our configuration checklist guides you through the steps of the configuration process and helps you keep your settings, rules, and hierarchies organized. It’s in-depth and completely free to download!

Get the Firewall Configuration QuickStart Checklist

Stay tuned for our second installment where we’ll cover even more of the common excuses that business use to skip out on professional firewall configurations.

No More Wizards! Get the Firewalls.com Configuration QuickStart Checklist

Unrivaled Network Security. It’s no magic trick. Stopping 2019’s top threats means more than just a slick next-gen appliance. It means deploying a detailed and thorough configuration touching on dozens of unique settings, complex hierarchies, and strategic arrangements of resources. How you manage your firewall is just as important as which brand or model you choose, so you can’t afford to short yourself with the setup wizard. According to Gartner, 99% of successful network breaches can be attributed to a misconfiguration of the firewall. It’s time to blow away the smoke and mirrors.

If You Want Something Done Right

You want to try DIY, but maybe you’re not the GOAT with the NSA series. If you’re switching to new tech or just haven’t tackled a config project in a while, you may be surprised by all the advanced new features and options available on next-generation firewalls like the FortiGate-100E with built-in SPUs or how the SFOS 17.5 firmware release handles clientless SSO through Sophos Central. While you may be tempted to bridge a knowledge gap with the pre-packaged configuration wizard, there’s just not a whole lot there when you look behind the curtain.

In fact, the setup wizard is one of the culprits behind some of the most common mistakes even experienced professionals make when configuring their firewalls. We went over seven missteps that we see most often in the video below. Watch if you’re feeling lucky.

To give you another reason to say “No” to the configuration wizard, Firewalls.com is providing a free copy of our Firewall Configuration QuickStart Checklist! This in-depth checklist assists with every step of the configuration process from start to finish. If you choose to tackle your firewall config in-house, follow along with our checklist to make sure you’re not missing out on any of the advanced capabilities your appliance can perform. The checklist includes:

  • 17 Pages of Settings, Documentation, & Helpful Configuration Tips
  • User Group Hierarchy Tables & Network Application Logs
  • In-Depth Overview of WAN, LAN, & Guest Wireless Setting Options
  • Advanced Security Feature Lists
  • Options for Managed Security Services, Support, & Custom Solutions

Make sure you never miss a step by following along with the Firewalls.com Configuration QuickStart Checklist. Every setting, big or small, can be the deciding factor that determines whether you’re a victor or a victim. Download the checklist free and say “No” to the setup wizard!

 

Get the Configuration QuickStart Checklist

No More Wizards. Get the Firewall Configuration QuickStart Checklist from Firewalls.com

 

If You Want Something Done Flawlessly

Want to skip the config headache completely? Firewalls.com has the credentials to write the guide on firewall configurations because our expert team of top-tier certified network engineers has been perfectly configuring SonicWall, Sophos, Fortinet, WatchGuard, and Barracuda firewalls for literal decades! Each year, we process hundreds of end-to-end firewall configurations out of our Security Operations Center in Indianapolis. Real, local certified security experts work one-on-one with you to take on the unique demands of your network. Whether you’re looking for a highly available network with built-in redundancy or a super smart appliance backed by machine learning, our engineers have the skills and experience to get the job done while you focus on more productive tasks.

Learn More About Firewalls.com Configurations

Don’t rely on cheap tricks. Say “No” the Configuration Wizard with a Firewalls.com Custom Configuration or follow along with the Firewall Configuration QuickStart Checklist.

Fortinet Renewals Made Easy: Try the Firewalls.com License Finder for Your Next Security License

Looking to for Fortinet renewals? It can be a real hassle to hunt down the exact subscriptions you’re looking for. Firewalls.com makes it easier by providing a simple-to-navigate License Finder tool. You can find any Fortinet FortiGate licenses you can think of on this list! There are a huge benefits to renewing security licenses that keep your business network safe from all the latest threats, so don’t let your services lapse.

Fortinet Renewals: Easy As 1-2-3

You’re always just a few clicks away from an array of high-powered Fortinet security services from FortiGuard Labs. Scan through the images below to see just how easy finding your next Fortinet licenses or Fortinet renewals are.

1.

Select the type of appliance you’re renewing for under “Select Appliance Type.” You’ll also notice that Firewalls.com covers security
licenses for Sophos, SonicWall, wireless access points, and much more. Whether you
need a SonicWall renewal or a Sophos FullGuard Bundle, finding a match is painless.
Hint: If you need help with the renewals process, hop in the chat window on the right anytime to speak with an expert.

2.

Locate the FortiGate or FortiWifi model you’re renewing for in the second dropdown, called “Select the Model.”
Many Fortinet next generation firewalls can get specific, so if you’re not sure exactly
which model to choose, contact our experts for further assistance (again, the chat window is your friend).

3.

The third dropdown – “Select a Subscription” is where you’ll find a list of the subscriptions available
for your specific appliance. Whether you’re renewing a license that’s expiring
or starting fresh with a new subscription, you’ll find your Fortinet renewals and licenses for FortiCare, Advanced Threat Protection,
or 360 Protection options here. When you’ve decided, click “Find Licenses.”

Don’t Go your Fortinet Renewals Alone

The License Finder is just one of the many free tools that Firewalls.com provides to help you make your best security investment. Our most powerful resource, though, is our team of highly-certified firewall product masters ready to assist you in choosing the right license for your FortiGate firewall. Hop on a Live Chat or call us at 866-957-2975 to discuss your project with a Fortinet expert.

Take Me To the License Finder

Firewall Buyers Guides: Learn About Firewalls, Bundles, & More with our Most Helpful Firewall Guides of 2018

Demand for convenient and comprehensive firewall buyers’ guides exploded over the past year. 2018 was witness to a whirlwind of advancements in next generation firewall defenses. Research teams at FortiGuard Labs, SonicWall’s Capture Labs, & SophosLabs pushed the envelope to hone the capabilities of artificial intelligence, behavioral-scanning, and machine learning in network security.

With product launches like the SonicWall NSa 2650 through NSa 6650 series, a revolutionary power-up to Intercept X Advanced (now with EDR), and the continued growth of the Fortinet Security Fabric, there’s a lot of acronyms, brand terms, and tech data to cover! That’s why in 2018, our Buyers Guides were a huge hit. They generating a ton of buzz and engagement from administrators, small business owners, and IT consultants alike.

Here’s a quick review of all of our firewall buyers’ guides from 2018! *Update: Our latest Ultimate Firewall Buyers Guides are now live. The buttons below will take you to the latest versions.* Arm yourself with the knowledge. Make your best network security investment.

2018 SonicWall Buyers Guide

Check out how SonicWall CGSS and SonicWall AGSS security bundles come with all the tools you need to secure your NSa series next generation firewall. An SMB or mid-range firewall with SonicWall TotalSecure transforms even small business networks into big-time security powerhouses. This guide includes everything you need to know about current SonicWall firewalls, including SonicWall configuration options.

 

2018 Sophos Buyers Guide

Covering everything from XG Firewalls, recommended user counts, TotalProtect bundles, to Synchronized Security operating through the super-intelligent Sophos Central security hub, our 2018 Sophos Buyers Guide can you teach you how to lockdown endpoints with real-time behavior scanning and integrate your whole network’s security infrastructure with Sophos Security Heartbeat. See how the XG 115, Intercept X, and Sophos Central are linking up to provide enterprise-grade security to small business networks.

 

Fortinet Buyers Guide

The Fortinet Buyers guide made its debut in October 2018, and it was packed to the brim with information about FortiGate firewalls that can help both Fortinet SMB and Fortinet enterprise customers when they’re looking to build, upgrade, or expand a secure network. FortiGate firewalls are powerful, smart, and best in class in terms of total cost of ownership. Pound for pound, FortiGate firewalls can stack up against any competitor and with reinforcements from FortiCare support contracts and FortiGuard security services, you’re never facing a fight alone. Go see how the Fortinet Security Fabric wraps up all the loose ends of network security.

 

Compare Fortinet Firewalls: How to Buy the Right FortiGate with 4 Easy Tools

The Fortinet firewall catalog can be a bit daunting to outsiders. With options like wireless FortiWifi appliances, ruggedized outdoor firewalls, and a slew of brand terms (What is FortiGuard?), it’s hard to find clear comparisons between the Fortinet series, models, and services available to end users. Below, you’ll find 4 tools that can help you compare Fortinet firewalls and make your wisest security investment.

2018 Fortinet Buyer’s Guide

Next Generation Firewalls are technically-dense subject matter and for those who haven’t dedicated their nights and weekends to memorizing the brand terms, bundle taxonomy, and hip manufacturer lingo, it can be a challenge to get started with new purchases. The Fortinet Buyer’s Guide is designed to demystify the marketing mumbo jumbo and arm firewall buyers with insightful info about their options. The Fortinet Buyer’s Guide covers:

  • How to Accurately Size a FortiGate for your Network Environment
  • Overviews of Security Services, Bundles, & Licensing Models
  • FortiGate Series Comparisons
  • Glossary of Fortinet Terms & Acronyms

Download the Fortinet Buyers Guide

 

NSS Labs Comparison Series

Interested in how a Fortinet FortiGate stacks up against its biggest competitors? Firewalls.com recently published a series of head-to-head comparisons based on the results of NSS Lab’s 2018 NextGen Firewall tests. These articles lay out contrasts between security effectiveness, throughput performance, total cost of ownership, and more to provide no-nonsense recommendations backed by lab-tested outcomes.

Fortinet vs Cisco

Fortinet vs Palo Alto

 

Fortinet Comparison Table

If crunching numbers is more your speed, then the classic tech-spec table is a faithful fallback. Indulge your inner data nerd with our “Compare Fortinet FortiGate Models” webpage and see how a FortiGate firewall performs under a variety of workloads. Whether you’re planning to roll your firewall out with a full Unified Threat Management deployment or just want to confirm how many wireless access points your next FortiGate can support, we’ve got the answers all laid out in a crisp, stripped-down data table.

Take Me To The Table

 Compare Fortinet firewalls with our FortiGate Comparison Table

 

Talk to a Trusted Expert

All the tables, guided tools, sizing wizards, blog posts, and videos in the world don’t hold a candle to the informed recommendation of an expert you trust. Next generation firewalls are a highly focused niche subject best handled by a specialist. Top resellers are not only friendly and helpful, but knowledgeable! When evaluating whether a firewall vendor is worth the webpage they’re not printed on, look for signals such as genuine & descriptive reviews, product knowledge certifications, a comprehensive offering of related services, and at least some level of specialization. Much like a gaudy family restaurant with a 15-page menu, eCommerce sites that seem to sell anything and everything under the sun are likely aiming to win a numbers game rather than dedicate themselves to truly understanding their products. If you want to properly compare Fortinet firewalls, hop on a phone call with a vendor you trust!

Give Firewalls.com a call at 866-957-2975 to see for yourself why 5-star reviews, repeat customers, and industry recommendations keep pouring in. Whether you’re a VLAN veteran looking to tackle a complex deployment or a network novice trying to get your bearings, our Fortinet-certified team has the answers needed to compare Fortinet firewalls and choose the perfect FortiGate for your goals.

 

 

Want to save a little money on your next Fortinet firewall?

Check out the Firewalls.com Partner Program to learn about discounted pricing.

Learn About Firewalls with Firewalls.com YouTube Tutorials

Learn about firewalls, cyber security, and network management with our growing library of YouTube firewall tutorials. Each day of the week, Firewalls.com releases a firewall tutorial video showing you how to configure and maintain a healthy next generation firewall! Whether you’re running a SonicWall NSa, Fortinet FortiGate, Sophos XG Firewall, or a WatchGuard Firebox, our engineers can show you how to make the most of your NGFW investment.

Our team of engineers not only creates and publishes videos, but we also actively follow up on comments, replies, and special requests. If there’s something specific that you’d like to learn about firewalls, let us know in the comment section and we’ll create a custom tutorial for your request.

Check Out Today’s Video

Stay Up to Date with Our Weekly Schedule

Monday – SonicWall EssentialsView the SonicWall Playlist
Tuesday – Sophos XG EssentialsView the Sophos Playlist
Wednesday – WatchGuard WednesdaysView the WatchGuard Playlist
Thursday- Ruckus Wireless EssentialsView the Ruckus Wireless Playlist
Friday – Fortinet EssentialsView the Fortinet Playlist

Some Firewall Topics We Cover

Registering Your Firewall Configuring Content Filters
Firmware Overviews Configuring Application Controls
Creating & Restoring Backups Creating Service Objects
Enabling Single Sign On IP-MAC Mapping

 

We’re here to help you learn about firewalls so that your network is equipped with the latest security tips and best practices. Subscribe to the Firewalls.com YouTube Channel and you’ll be notified whenever a new video is published. These video tutorials are 100% free and contain to most up-to-date information to help you learn about firewall configuration, utilizing security services, and limiting your network attack surfaces!

Learn About Firewalls Now

2018 Fortinet Buyer’s Guide

Fortinet, Defined

FortiGate? FortiWifi? FortiRugged? FortiFabric? What feels like forty-million options offered by the Fortinet product catalog can be a turn-off for small business owners looking to make the wisest investment in their cybersecurity. Unfortunately, this deters many organizations from getting their hands on one of the greatest product lines in the security industry. Fortinet consistently rocks benchmark tests, with their super smart FortiGate series of next gen firewalls winning massive praise from the likes of Gartner and NSS Labs. Don’t miss out on great security solutions; download our Fortinet Buyer’s Guide!

Here’s a FortiFact: In 2018, Fortinet reported LOWEST total cost of ownership among 10 brands tested by NSS Labs. (Just $2 per secured Mbps—compare to Check Point’s whopping $57 per Mbps)

Marked as a Leader in Gartner’s 2017 Magic Quadrant for Next Gen Firewalls, Fortinet has been making waves with their E-Series firewalls featuring dedicated security content processors, their FortiRugged outdoor appliances, and FortiWifi devices with built-in wireless access points. So how can a consumer with little to no Fortinet knowledge conquer this big, bad maze of killer options?

Another FortiFact: The FortiGate NGFW blocked 100% of the evasions that testers at NSS Labs threw at it.

Meet the Firewalls.com Fortinet Buyer’s Guide

Meet the Buyers Guide -- Comic drawn by Kat at Firewalls.com. Email us and we'll force her to draw one for your too!

In the pages of our short PDF Fortinet buyer’s guide, you’ll find helpful tables and definitions that demystify the catalog and examine the golden threads Fortinet spun into their FortiFabric.

More FortiFacts: FortiFabric is an end-to-end suite of security appliances, services, and licenses. Together, Fortinet’s integrated services outperform piece-by-piece security patchworks deployed by many organizations…

What Does the Fortinet Buyer’s Guide Include?

Recommended Users Counts

Glossary of Fortinet Terms

Service Definitions

Product Series Overviews

Follow-up Info on Buying Options

Third-Party Testing Reports

 

 

 

 

Get Your Copy of the Fortinet Buyer’s Guide!

 

 

 

 

 

Renewing A SonicWall License: Why, how, & when to renew

Depending on the length of your previously purchased subscriptions, you may be nearing time to renew licenses for your SonicWall appliance. Renewal time can be a confusing and burdensome period, forcing you to make expensive decisions in a shrinking timeframe. As your deadline for renewal approaches, you may be wondering why you’re paying these recurring costs in the first place. After all, you’re not buying annual renewals for your printer or copy machine, so what’s the deal with firewall renewals?

Why Do Cybersecurity Licenses Need to be Renewed?

There’s a classic thought experiment called the “ship of Theseus.” For those unacquainted, here’s the paradox in a nutshell: as the wooden planks of Theseus’s (an ancient Greek hero) ship slowly rot with age, they are replaced–one at a time—with new planks. If this process continues for years until 100% of the original wooden planks have been scrapped and replaced with new lumber, is Theseus still sailing his original ship or a completely new vessel? This paradox of identity is relevant to how we think of license renewal: the firewall guarding your network today is not the same firewall that you deployed a year ago.

Ransomware, hackers, and malware cocktails are constantly evolving. When the threat actors in Russia call it a day, the hackers in Argentina are just clocking in. Luckily, network engineers and architects all around the globe are working even harder to deny their advances. Because of this never-ending cyber arms race, your firewall receives daily updates with up-to-the-minute strategies, signatures, and solutions for the dark web’s malware du jour. Chances are, the strategies that your firewall used to combat breaches last year are obsolete and have been replaced by more appropriate solutions.

Many people consider firewalls to be the primary powerhouse of network security; however, the physical appliance mounted in your rack (need a rack mount kit?) can be better thought of as a command center from which highly-specialized task forces—your licenses—can effectively deploy. While most firewalls do include some basic security capabilities, their true strength lies in empowering the security services executed through them.

What happens to your firewall if you decide to skip renewal? The same thing that would happen if Theseus decided to never replace the rotten lumber of his famous ship: his boat would go on sailing for a while, slowly gaining larger holes and breaches until it disappeared under the waves, leaving poor Theseus stranded and very salty.

How Do I Find the Correct License for Renewal?

Firewalls.com has worked hard to make this a painless process with our Renewals & Licensing Wizard. The license finder can locate your next renewal in under 30 seconds.

Firewalls.com strongly recommends SonicWall’s Advanced Gateway Security Suite (AGSS), which offers the greatest degree of protection at a fair price point. The SonicWall AGSS bundle arms your network with a comprehensive array of cyberdefenses and, with Capture Advanced Threat Protection, denies even never-seen-before advanced threats.

Still not sure which license best fits your needs? Leave us your name & number. Our team will lend a hand!

[zohoForms src=https://forms.zohopublic.com/firewalls/form/RenewalAssistanceRequest/formperma/x1THwNvd7urJ9iRk4BdIFs2alUMvUm094fDYru_L3J0 width=100% height=600px/]

When Do I Need To Renew?

This question is somewhat trickier to answer as it depends on the date you purchased your initial license. Most security providers and resellers offer licenses in 1, 2, or 3-year terms. Organizations that plan ahead can save a ton of money by purchasing licenses in longer 3-year terms. If you can afford

If you’re a Firewalls.com customer, you can relax. Our team will reach out when your license’s expiration date draws near with helpful reminders, tips, and special offers.

Didn’t purchase your appliance from Firewalls.com? We can still show you how to find your service expiration date. Just follow the steps in these screenshots:

renew your sonicwall license expiration date location in mysonicwall

Step 1: Navigate to the the “Manage” tab in the top bar.

Step 2: In the left-hand menu, select “Licenses.”

renew sonicwall license at mysonicwall expiration date location

Step 3: Expiration dates for services can be found in the far right column.

Never Want to Worry About Renewal Again?

Psst… hey. We know a little secret that could mean you never have to keep track of expiration dates, service terms, or activation codes ever again. Security As A Service through our partner company, Techvisity, puts our team of expert engineers at the helm of your cyber security defenses, making them responsible for firmware updates, license renewals, and all of the gritty day-to-day particulars of network security. If you’re ready to quit Googling articles about subscriptions and patches, come explore how Security As A Service can improve your security posture while reducing your security budget.