Tag: secure remote access

You Asked, We Answered: Firewalls for Remote Employees

Here at Firewalls.com, we love hearing from you. Just last week, we got a great topic suggestion for a blog post from a reader: an affordable firewall for remote employees that seamlessly interacts with headquarters.

So without further ado, here’s one way you might go about addressing this increasingly common scenario. Check out our first entry in a series we’re calling, “You Asked, We Answered.”

Blog Banner General Buy Now Red-High-Quality

Firewalls for Remote Employees: A SonicWall Setup

TZ270

Let’s tick off the boxes of the request. First of all, we need to identify a firewall model ideal for fairly heavy use in a remote setting. How about the SonicWall TZ270. One of the newest of SonicWall’s Gen 7 firewalls can handle a power user with multiple devices and still run even the most complex security services.

What are those services? With the Total Secure Advanced Edition bundle, the TZ270 runs:

  • Gateway Anti-Virus, Intrusion Prevention, Application Control
  • Content Filtering Service
  • 24×7 Support
  • Network Visibility
  • Basic DNS Security
  • Anti-Spam
  • Capture ATP (Multi-Engine) Sandboxing
  • RTDMI Technology
  • Cloud Management
  • 7 Days Cloud-based Reporting

That’s a pretty lengthy and advanced list that’ll protect your network at home (and thereby at HQ) from the most advanced threats, from email to web-based hazards and everything in between. Around the clock support means even if your remote workers keep a non-traditional schedule, they’ll be able to get in touch with an expert whenever they need to. And those last two bullets may be the biggest key when it comes to communicating with headquarters, but we’ll get to that in a second.

By the Numbers

Before we get to that, let’s not forget performance. The TZ270 has a firewall throughput of 2.0 Gbps, that’s a lot of speed in a small package. Even with just about all those aforementioned services running, the Threat Protection Throughput clocks in at 750 Mbps, supporting connection speeds that exceed what just about any home users have. It also comes with 5 IPSec VPN clients (supporting up to 200) and 1 SSL VPN client (supporting up to 50) for that very necessary secure remote access.

On the hardware side, the TZ270 offers 8 GbE RJ45 ports, plenty to connect a robust home network, and 2 USB 3.0 ports to connect 3G, 4G, and yes, even 5G & LTE modems. And we mentioned small package – this is a compact device that easily tucks onto a desktop, bookshelf, table, or whatever your remote employees may use. The wireless model, the TZ270W, also acts as an access point with the same footprint aside from a couple external antennas.

SonicWall TZ270 Wireless Firewall

Connecting with HQ

Back to the other part of the question, connecting your remote workers to the mothership. Whether your main office SonicWall firewall is small or large, remote deployment and management is a breeze. Let’s start with deployment. You won’t need to send IT staff to each remote household to set these TZ270s up. With the SonicExpress app, you can deploy one or several new firewalls with your desired settings remotely.

On top of that, the firewall features auto-provision VPNs, so no on-site configuration necessary there either. Once they’re up and running, your IT pros can manage as many firewalls as your organization has at once. That’s thanks to Network Security Manager 2.0, which offers single-pane-of-glass management, analytics, and reporting with an improved user experience. NSM works for single and multiple firewall scenarios. That means not only can you monitor everything from one place, you can make configuration tweaks that way, too.

Blog Banner General Buy Now Red-High-Quality

Affordability

We can’t forget this last part of the question. As they say money talks and something (I forget what) walks. An appliance only TZ270 retails at $465, with the TZ270W MSRP a hundred bucks more. As we mentioned before, you’ll want services to maximize your firewalls. The recommended 1-year TotalSecure Advanced hardware bundle (including both appliance and advanced service suite) retails at $865.

But a big disclaimer here, if you reach out to a Firewalls.com expert via phone or online chat, you will get a better deal. On top of that, they can walk you through any questions you may have about a remote work setup for your staff. Give them a call at 866-957-2975 or simply pop open the chat window on our site and start typing to get started today.

Cisco Meraki Z Series: Security & Connectivity for Teleworkers

Meet the Cisco Meraki Z Series

Unless you’ve been living under a rock for 2020, you’ve probably heard about the massive shift to remote work. While that change is well underway, businesses are still playing catch up to get the right solutions in place for their remote workers’ security and performance. Enter Cisco Meraki Z Series Teleworker Gateways.

Telework is literally this appliance’s middle name, so you know you’re looking at a strong answer. The Z Series combines enterprise-level firewall security with a VPN gateway and a wireless router, all in one compact package. They’re purpose-built to securely extend Meraki’s cloud managed networking to the work from home crowd. Let’s take a closer look at what the Z Series offers to improve your remote work days.

Blog Banner General Buy Now Red-High-Quality

Cisco Meraki Z Series Models

The Cisco Meraki Z Series consists of two hardware models, the Z3 Cloud Managed Teleworker Gateway and the Z3C LTE Teleworker Gateway. The models are virtually the same, except the Z3C offers an additional cellular failover option with an integrated CAT 3 LTE Modem. The first entry in the series, the Cisco Meraki Z1, reached end of sale in July of 2018. Now let’s get more into the specific features you can expect from Z Series Teleworker Gateway appliances.

How Many Devices Can the Z3 Support?

The Cisco Meraki Z3 and Z3C are made for remote workers’ home office setups. Therefore, they support a typical power user’s home network, with a recommended max of 5 devices – also known as clients. Devices can mean desktop computers, laptops, printers, phones, and more.

Cisco Meraki Z3 Tech Specs

Cisco Meraki Z3

Physically, the Cisco Meraki Z3 and Z3C share similar footprints, with the Z3C weighing in a quarter pound more and measuring an inch longer thanks to its internal modem. That of course just means the difference between under a pound and slightly over a pound, so if you have a desk (or table, or shelf, or whatever), you’ll find a spot. Otherwise, their features are identical:

  • 4 wired LAN ports – incl. one 802.3af PoE port, ideal for phones
  • 1 GbE WAN port
  • 1 USB 2.0 port (for 3G/4G failover)
  • Dual-band 802.11ac Wave 2 WiFi, 2×2 MU-MIMO
  • Stateful firewall throughput: 100 Mbps
  • VPN throughput: 50 Mbps

Z Series: In Summary

In case reading tech specs isn’t your thing, allow us to elaborate. When it comes to firewalling, the Z Series has you covered with Cisco Meraki firewall security and solid throughput for a home user. This keeps threats from entering the home office environment. Plus, you can separate work and home traffic for added protection. When it comes to wireless, you get a Wave 2 router with support for up to 4 SSIDs (with guest access) and a data rate up to 1.3 Gbps.

When it comes to remote work connectivity, you get Auto VPN. With Meraki’s self-configuring Auto VPN technology, administrators can deploy network services including VoIP & remote endpoints without needing to walk-through the home user. Your home workers get secure, zero-touch site to site connectivity to HQ and all the apps and files therein. And when it comes to management, you get Cisco Meraki’s single-pane-of-glass, cloud-based dashboard. In addition, there are throughput, connectivity monitoring, & email alerts, plus automatic firmware upgrades & security patches.

Blog Banner General Buy Now Red-High-Quality

How to get the Z Series

First, choose between the Cisco Meraki Z3 and the Z3C if you need the added failover assurance of the internal cellular modem. And then, choose your support subscription length. Then, to get all the management, reporting, firmware updates, support, and zero-touch deployment you can handle, choose your enterprise license. Select a subscription length of 1, 3, 5, 7, or 10 years. And remember, all Cisco Meraki appliances require an active license to operate.

 

5 Things to Consider to Secure Your Telework Employees

Telework Cybersecurity

With the rapidly evolving circumstances surrounding the COVID-19 pandemic, workplaces around the world have been faced with a difficult challenge – quickly deploying a remote workforce. While some have been prepared for telework all along, others are scrambling to ensure employees can access their networks quickly, without compromising security. The unfortunate truth of our current situation is that while many are banding together to protect those most vulnerable to the coronavirus, there are those who see this more scattered user-base as a golden opportunity for cyber attack.

It’s important to remember that just because you’re not in the office, it doesn’t mean hackers are taking a holiday. In fact, remote work is their bread and butter. And they stand at the ready to exploit the vulnerabilities teleworking can bring.

With that in mind, what can you do to plug those holes? How do you keep both your network and your work-from-homers secure? Here are 5 things to consider…

1 – It Starts With a Policy

Both you and your staff benefit from knowing what to expect from remote work. Putting a telework policy in writing and ensuring everyone in your organization is aware of it is an important step for consistency and therefore security. Hopefully you already had one, but if not, it still pays to put one together and make it clear to all employees.

What should it include? Acceptable use, personal vs company devices, personal vs company accounts, how to connect, whether public wi-fi is allowed, etc. A couple of statistics should reinforce the need for a strong telework policy: nearly half of employees say they transfer files between work and personal computers; almost 15% say they can’t connect to their work network from home, and more than three quarters say they don’t take privacy measures when teleworking in a public setting.

2 – Protect Your Endpoints

Each device an employee uses to access your data is an added security risk. Remote laptops, tablets, smartphones, etc. are not constantly protected by your firewall. But you need to ensure they have a level of protection against malware, email scams, and other data breaches, so attackers can’t use them as a tunnel back into your network. That’s why a strong endpoint security solution is vital for all your telework users. The best options also provide added visibility into their status for admins. Protecting each device individually makes protecting your network as a whole much easier.

3 – Build a Tunnel

To work from home effectively, your employees need to have use of all the apps and files they normally have at the office. How do you facilitate that quickly and securely? You need to offer virtual private network – better known as VPN – access.

A VPN sets up a secure tunnel between your telework employees and your network, protecting their and your data from any spying or prying eyes. This encrypted tunnel (using either IPSec or SSL) can even help when employees use public networks. In case you missed it, we outlined SonicWall’s VPN options in a recent post.

4 – Make Sure Passwords Have a Passing Grade

An all too common problem with an all too easy solution in the cybersecurity world is weak passwords. Ensure your telework employees (and everything on your network) uses strong passwords of length, with numeric and special characters, and phrases if supported. This keeps brute force attacks at bay, which typically just fire thousands of common words at a login screen until one works.

And take it a step further with multi-factor authentication. For employees to access your network remotely, require an additional step, such as an authentication code texted or emailed to provide added security. Some types of multi-factor authentication even include options like geotracking.

5 – Training Is Vital

You’ve likely already heard that the most common reason for a breach is human error. Whether it’s in the form of a misconfiguration or because an employee clicked a malicious link, the human element puts your network at risk. And just as cybersecurity training is vital in the office, it’s extremely important for telework.

So safety using the aforementioned public wi-fi should come up, as well as reminders about what to look for in social engineering scams. Online attackers’ new favorite? Coronavirus-related malware in the form of emails, and even phony maps to steal personal data from anyone who visits to try and keep up with the virus’ spread.

You’ll also want to be sure your work-from-homers are sticking to VPN-only when it comes to work files. Too often, the easy way may be to send sensitive data as an unencrypted email attachment, but that risks exposing it to bad actors. Teach them to keep it encrypted, even if it takes a little bit longer. And even though social distancing may keep you from conducting this training in person, there are plenty of videoconferencing options to help.

 

BYOD & Remote Access: Staying secure in the era of mobile workers

As Bring Your Own Device (BYOD) and Remote Access policies ramp up, so too does the mad dash to secure these new endpoints. Gartner predicted that by 2017, half of employers will require employees to supply their own device for work purposes. With so many fresh attack surfaces, employers scramble to assemble additional security layers that prevent data leakage and intrusions. The nature of BYOD proves challenging as devices in the wild show volatility without proper VPN and next-gen firewalls to lock down security.

Our solutions

Secure Mobile Access – Powerful, cost-effective secure mobile and remote access means that your users have access to applications wherever they’re working, so they stay productive and your company stays competitive.

SonicWall VPN – Ensure secure access to crucial applications for Android & iOS mobile devices using SSL and policy-based enforcement.

Next-Generation Firewalls – Next-Gen Firewalls provide you the power to execute cutting-edge security without your performance withering away.

Secure Remote Access – SonicWall Secure Remote Access solutions provide users with easy-to-use, secure, and clientless remote access to necessary resources on the corporate network.

Aventail SRA Connect Mobile – SonicWALL Aventail with Connect Mobile provides robust remote access solutions for smart phone users, with “in-office” access optimized for the device.

Trouble setting things up?

Firewalls.com provides a video library chock full of helpful how-to’s and troubleshooting guides. One of our certified engineers will provide the answers you crave to set up your remote access VPNs.

Segment your users into Local Users & Groups

Use NetExtender to set up an SSL VPN

BYOD sonicwall firewalls diagram infographic email encryption with SSL VPN

Firewalls.com is a value-added reseller of firewall appliances & a vendor of managed security and Firewall-as-a-Service support.  Whether you’re looking to add an appliance to your security set-up or expand BYOD and remote access security, we provide solutions that get you secure and keep you secure. Contact our sales staff to answer questions you may have about your network, next-gen firewalls, or BYOD!