Happy Monday. We want you to start your week off with a burst of productivity. That’s why Firewalls.com put together a list of 5 common mistakes that organizations make when deploying their firewall. These tips are designed to be practical, easy-to-follow, and short! Whether your Internet has slowed to a crawl or the voice on the other end of your VoIP phone sounds like Charlie Brown’s teacher, these quick tips will let you self-diagnose your setup and correct 5 common issues in a few clicks of the mouse. It’s time to get your Monday Morning Firewall Fix!
#1: Your Firewall Isn’t Scanning Encrypted Traffic
Over 60% of the web has migrated from HTTP to HTTPS, a security protocol which encrypts data between websites and servers. If your firewall is not utilizing Deep Packet Inspection (DPI), then it is not scanning that traffic for viruses, malware, or ransomware potentially encrypted in the data packet. Whereas traditional stateful inspection scans only the data contained in the packet head, DPI scans every last byte for threats. With a majority of the Internet now encrypting everyday web traffic, if you’re not enabling DPI on your SonicWall, you’re completely neglecting the bulk of the danger.
Fix It:
- Open your Firewall Admin Console
- Go to: Manage > Decryption Service > DPI-SSL/TSL Client
- Enable: SSL Client Inspection
#2: Your Firewall Isn’t Gathering Crucial Internet Usage Data
Most companies fail to implement a proper content filtering policy, leading to employees wasting time on non-productive websites or potentially exposing the organization to HR issues. Whether it be adult content, game sites, gambling, movie streaming, or otherwise, users on your network can slow down productivity for everyone while they slum it on unproductive websites. To further complicate the issue, your organization could be held liable for any illegal activity that occurs on your network! Take back control of your network and your traffic.
Fix It:
- Open your Firewall Admin Console
- Go to: Manage > Security Services > Content Filter
- Enable: Content Filtering Service
#3: You Haven’t Implemented Employee Tracking
In addition to enabling your content filtering service, you should also implement tracking for your user groups. Without tracking, it’s difficult to track down and reprimand employees who violate your organization’s Internet usage policy. Tracking also helps you pin down users who are slowing down your connection with unusually high bandwidth usage.
Fix It
- Open your Firewall Admin Console
- Go to: Manage > Users > Settings
- Set “User Authentication Method” to any option except for Local Users
#4: YouTube Is Making Your VoIP Sound Funky
Complaints about an echo, buzz, or garbled sound when talking on your VoIP phone system? It’s likely that your VoIP client is competing with other data-heavy applications that aren’t allowing it access to the bandwidth it needs. By implementing bandwidth usage, packet shaping, and application priorities, you can ensure that your bandwidth is being rationed to business-critical applications (like VoIP) first, granting them priority over less important applications. By setting up your VoIP as a high-priority client, you’ll have strong, crystal clear calls once more.
Fix It:
- Open your Firewall Admin Console
- Go to: Manage > Network > Interfaces > Configure WAN Interface
- Click: “Advanced” options tab
- Enable: Egress Bandwidth Management
- Enable: Ingress Bandwidth Management
#5: You’re Running an Outdated Firewall
If you made it this far and have thought “huh, those last 4 images looked nothing like my admin console,” then you’re not running a current-generation firewall!
The introduction of ransomware-as-a-service and exploit kits has transformed the cyber threat landscape into a dynamic force that adapts and evolves by the day. The old “set it and forget it” approach to cyber security has been outpaced by cyber criminals who are always looking to innovate. Unfortunately, your outdated firewall just doesn’t have what it takes to withstand a modern cyber attack. It’s time to update your firmware, check your subscriptions, & consider an upgrade.
Fix It:
If you’re unable to set up these services, we strongly recommend that you have one of our SonicWall-certified engineers perform a health check on your network and configure the appliance. More than likely, you are NOT secure. Our engineers look for 20+ of the most common mistakes found on firewalls and we provide recommendations to help you address those issues. In order to get the most value and protection out of your firewall, our team implements a 99-step configuration checklist that we’ve developed over two decades as SonicWall partners. With the correct settings, we can get you back to a safe, productive network environment.