A MERDEKA SHOUT OUT TO ALL MALAYSIAN! LONG LIVE MALAYSIA
When purchasing a firewall long time ago, there weren't many things to consider as it was really the lame ole' packet and stateful filtering the few vendors boast about. Fine, that was then but these days, things seem more complex than just to say "i want that one" (ala Little Britain). Organizations need to ensure that the first unit of defense, normally the firewall, be equipped with enough firepower to thwart intelligent attacks and "noises" that come from the internet, particularly.
So, here, i try to discuss the basis of enquiry when purchasing firewalls by breaking down the methods into the soft and hard factors. Soft factors are quite tricky sometimes as its mostly subjective or open to further discussion. So, here's some of the things you should run in your heads when considering a firewall solution;
The soft(er) factors
- Management - Consider solutions that you are familiar with. There's no patch for human error. Nonetheless, this shouldn't be the reason for a compromise in quality.
- Scalability - Will the solution be able to cater for your business needs in say, 5 years?
- Support - Firewalls will have holes, these holes must be patch. Is there a guarantee from the manufacturer of full support for up to n-number of years that you wish to keep the unit. How about SLA from these providers? Any formal training/certification provided?
- Policy - Does the firewall govern and works with your current IT policy and/or a corporate policy? Will it eventually help to achieve governance and compliance?
- The $$$ factor - There's firewalls that cost virtually nothing to those which will have your arm and leg. I personally don't believe anything is free. In IT, free comes with a non obvious price tag on it. In reality, this particular factor determines play the ultimatum decision for the rest of the factors.
- Company direction - What is the type of vendor you are buying from, their proposal (and product) and business direction
- Type - Hardware or Software. I don't wish to discuss which is "better". Have your own opinion, justify it and live with it
- Speed - Throughput vs network speeds. No. of concurrent connections/users/devices
- High availability, cluster, cold standby - Do you guarantee SLA for users? If so, how..
- Built-in AntiDOS/IDS/IPS/Antivirus/Content Filtering (e.g. web filtering, antispam, antimalware) - Should the firewall include this? Take overheads into consideration when turning on such features
- VPN (and sslvpn) - Do you need this? If so, again, consider performance factors
- Forward/Reverse proxy - Should the firewall provide application layer filtering including reverse publishing of web servers or forward proxy functions?
- Logging/Reporting/Accounting - Do you need extensive reporting/accounting? Do you wish to correlate with an existing tool?
- Protocol support - Do you need any specialized routing protocols such as BGP/OSPF/VLAN other protocols such as Authentication protocols (multi factor authentication), content vectoring/rendering
- Integration with existing firewalls/systems - Is there a supported configuration when using this particular firewall? Is such even needed?
- Others - E.g. requirements for policy governance e.g cipher strength, supported internet standards etc