Network Security 101: Choosing and Configuring the Right Firewall for Your Business

Your firewall is the gatekeeper between your network and the internet. While cloud services have changed how we think about network perimeters, most businesses still have on-premises resources that need protection. Understanding firewall options helps you choose appropriate protection without overspending.

Understanding Firewall Types

Basic Router Firewalls

Your ISP-provided router includes a basic firewall that blocks unsolicited incoming traffic. This provides minimal protection and no visibility. It's free but inadequate for business use.

Business-Grade Firewalls

Dedicated firewall appliances from vendors like Fortinet, SonicWall, or Cisco provide stateful packet inspection, VPN capabilities, and management interfaces. Suitable for businesses with on-premises servers or specific security requirements.

Unified Threat Management (UTM)

UTM appliances combine firewall with additional security services: intrusion prevention, content filtering, antivirus scanning, and application control. These all-in-one devices simplify security management for SMBs.

Next-Generation Firewalls (NGFW)

NGFWs add application awareness, user identity integration, and advanced threat detection to traditional firewall capabilities. They can make decisions based on applications (block Dropbox, allow OneDrive) rather than just ports and protocols.

Do You Need a Firewall?

The answer depends on your environment:

When You Need a Firewall

On-premises servers (file servers, applications, databases)
VPN access requirements for remote workers
Compliance requirements specifying network segmentation
Multiple office locations requiring site-to-site connectivity
Guest WiFi networks requiring isolation

When You Might Not Need One

Fully cloud-based with no on-premises infrastructure
Small office with only endpoint devices accessing cloud services
Remote-first business with no central office

Firewall Solutions for SMBs

Fortinet FortiGate: Popular SMB choice, good performance/price ratio, includes UTM features
SonicWall TZ Series: Established SMB firewall brand, comprehensive security services
Cisco Meraki MX: Cloud-managed, easy deployment, subscription-based licensing
WatchGuard Firebox: User-friendly interface, strong visibility tools
pfSense/OPNsense: Open-source options for technical teams, lower cost

Essential Firewall Configurations

Default deny: Block all traffic not explicitly permitted. Start restrictive and open only what's needed.
Change default passwords: Admin interfaces with default credentials are actively scanned by attackers.
Enable logging: Without logs, you can't investigate incidents or understand traffic patterns.
Keep firmware updated: Firewall vulnerabilities are high-value targets. Patch promptly.
Segment networks: Separate guest WiFi, IoT devices, and sensitive systems.
Review rules regularly: Rules accumulate over time. Audit and clean up unused rules.
Configure alerts: Set up notifications for suspicious activity and login attempts.

Important: A firewall you don't understand or manage is worse than none—it creates false confidence. If you can't maintain it properly, consider managed firewall services or simpler cloud-based alternatives.

Cloud-First Security Alternatives

For businesses without on-premises infrastructure, cloud security services may replace traditional firewalls:

Microsoft 365 security features: Conditional Access, Defender for Cloud Apps
DNS filtering: Cloud-based threat blocking (Cisco Umbrella, Cloudflare Gateway)
Zero Trust Network Access: Replace VPN with identity-based access
Secure Access Service Edge (SASE): Cloud-delivered network security

How We Researched This Article

This article was compiled using information from authoritative industry sources to ensure accuracy and relevance for Australian businesses.

Sources & References

•
Australian Cyber Security Centre - Gateway Security
ACSC guidance on gateway and perimeter security
•
NIST Network Security Guidelines
US Government network security standards and guidelines
•
Gartner Network Firewall Research
Industry analyst research on firewall solutions

* Information is current as of the publication date. Cybersecurity guidelines and best practices evolve regularly. We recommend verifying current recommendations with the original sources.

Frequently Asked Questions

How much should we spend on a firewall?

Entry-level business firewalls start around $500-1,000 plus subscription fees ($200-500/year for security services). Mid-range UTM appliances suitable for 20-100 users run $1,500-5,000. Balance cost against your actual needs—don't overbuy, but don't rely on consumer-grade equipment for business.

Can a firewall stop ransomware?

Firewalls with advanced threat protection can block some ransomware at the network level, but they're not sufficient alone. Ransomware often enters via email attachments or compromised credentials—paths that bypass traditional firewalls. Defense in depth is essential.

Do we need both a firewall and endpoint protection?

Yes. Firewalls protect network boundaries; endpoint protection (antivirus/EDR) protects individual devices. With remote work and cloud services, devices operate outside your firewall frequently. Both layers are important.

Should we manage our firewall or use managed services?

Unless you have security expertise on staff, managed firewall services often make sense. Misconfigurations are common and dangerous. Managed services ensure proper setup, monitoring, updates, and response—for roughly the cost of an hour or two of specialist consulting per month.