Playing with Fire... Walls (And Not Getting Burned)

By Errol McCall, CXtec Product Engineer


Just like dealing with fire, there are some important factors you’ll want to think about before you get into the business of protecting your network. If you don't, it could get out of control and all go up in flames.

Here are some essential tips and tools to consider when getting started that will provide you with an easy, safe, and fast firewall protection experience.


There is a growing trend among users, whether they are traveling, working from home, or just checking in remotely to monitor things at the office, that could pose a serious threat to an organization’s network.

To help keep your network safe, remote VPN provides an easy way to accomplish offsite monitoring. It comes standard on most firewalls and its use will prevent you and your company from getting burned.

But first, you’ll need to determine certain factors in order to have an effective remote monitoring experience:

  • How many users will be working remotely?
  • Is there a need to connect to more than one office site?
  • How many remote connections will there be?

Answers to these questions will help you determine the best type of remote VPN to use.

If it’s only a few connections, then you may want to utilize IPSec VPN. In this option, you configure the client on the device they are using.

If it's going to require hundreds of connections, then you will want to use SSL VPN. This tool is a good weapon of choice as you do not have to configure each device. Instead, you just configure a website-like interface for remote users to log into.


Threats to the stability and privacy of your network aren’t going away anytime soon. These types of threats are growing in number and those implementing the threats are becoming more and more clever in their delivery techniques.

You need to be prepared because the port and IP blocking of yesterday just won’t cut it anymore. Firewalls are now armed with features such as Content Filtering, Intrusion Detection/Prevention, Antivirus, and Antispam.

If you want to use more advanced settings, there is Application Control, Data Leak Protection, WAN Acceleration, and more. Decide which of these next-generation firewall features are important to your organization and make sure that the protection you purchase supports it effectively.


Just like with a computer, a hardware firewall features tools like Antivirus, Content Filtering, IPS, and IDP that all require a renewal subscription every year to ensure that your threat defense is up to date. New attacks come out every day, so maintaining these updates are an important part of your ongoing fight against firewalls.

When pricing out a firewall, see if you can get an estimate of how much the yearly cost will be to maintain your feature set. In many cases, you can even save money over the years by purchasing a multi-year maintenance contract of 2+ years when you first buy the firewall protection.


One of the most important pieces of information to have, besides your normal throughput, speeds and feeds, is the number of users/endpoints that will be connecting through this device concurrently. Do not get this confused with total number of users on the network. If you do you will purchase a very expensive device that will be overkill.

For example, consider a school that has 500 students and 120 faculty members. You will not need a device that supports 620 people. Instead, find out when the peak usage time occurs. At any given time, there are probably around 300 users accessing the network through this device. If so, then that is the number you need.


The more features you use, the less the throughput will be. If you are using a firewall that has 1G of throughput, then it may be able to handle a certain number of users at that speed. By turning on the content filtering feature, the throughput takes a hit and may now do 500gb of throughput. Be sure to find out the throughput of each feature, or your network could quickly burn out.

Most firewalls can do what routers can do and so much more. Keep the information listed here in mind when looking around for a firewall. This will help ensure your network will be burning strong and a bright for years to come.