Network Security 101: Choosing and Configuring the Right Firewall for Your Business

What Is a Firewall and How Does It Work?

A firewall is a network security device—physical hardware or software—that monitors and controls incoming and outgoing network traffic based on predetermined security rules. It establishes a barrier between your trusted internal network and untrusted external networks like the internet. When data packets attempt to enter or leave your network, the firewall examines them against its ruleset and either allows, blocks, or logs the traffic accordingly.

Key Firewall Functions

Modern business firewalls perform several security functions beyond simple traffic filtering:

• Packet filtering: Examines individual packets and blocks those that do not meet security criteria based on IP addresses, ports, and protocols
• Stateful inspection: Tracks active connections and makes decisions based on the context of the traffic, not just individual packets
• Network Address Translation (NAT): Hides internal IP addresses from external networks, providing an additional layer of security
• VPN termination: Provides secure encrypted tunnels for remote workers and site-to-site connectivity
• Logging and reporting: Records traffic patterns and security events for analysis and compliance

Understanding Firewall Types

Business firewalls range from basic to enterprise-grade, with different capabilities and price points. Understanding these categories helps you match the solution to your needs:

Basic Router Firewalls

Your ISP-provided router includes a basic stateful firewall that blocks unsolicited incoming traffic using NAT. While this provides minimal protection, it offers no visibility into what is being blocked, no logging for security investigations, and no advanced threat detection. It is essentially free but inadequate for business use beyond the smallest home offices. The Australian Cyber Security Centre explicitly recommends dedicated firewall solutions rather than relying on ISP equipment.

Business-Grade Firewalls

Dedicated firewall appliances from vendors like Fortinet, SonicWall, or Cisco provide stateful packet inspection, VPN capabilities, centralised management interfaces, and detailed logging. These devices are purpose-built for security with dedicated processors and memory. They are suitable for businesses with on-premises servers, specific security requirements, or compliance obligations that mandate network segmentation and monitoring.

Unified Threat Management (UTM)

UTM appliances combine firewall functionality with additional security services in a single device: intrusion prevention systems (IPS), content filtering, gateway antivirus scanning, application control, and sometimes anti-spam. These all-in-one devices simplify security management for SMBs by consolidating multiple security functions, reducing complexity and the number of separate solutions to manage. Most Australian SMBs with 10-100 employees find UTM devices the optimal balance of capability and manageability.

Next-Generation Firewalls (NGFW)

NGFWs add application awareness, user identity integration, and advanced threat detection to traditional firewall capabilities. Unlike traditional firewalls that only understand ports and protocols, NGFWs can identify specific applications regardless of port—meaning you can block Dropbox while allowing OneDrive, or restrict Facebook while permitting LinkedIn. They integrate with directory services like Active Directory to apply policies based on user identity rather than just IP address. NGFWs typically include sandboxing capabilities to analyse suspicious files in isolated environments.

Does Your Business Need a Firewall?

The answer depends on your specific environment and what assets you need to protect. The ACSC recommends that organisations implement firewalls between their networks and public network infrastructure. Here is how to assess your requirements:

When You Definitely Need a Firewall

• On-premises servers: File servers, application servers, databases, or domain controllers require network-level protection
• VPN access requirements: Remote workers need secure encrypted access to internal resources
• Compliance obligations: Industry regulations or frameworks like Essential Eight require network segmentation and monitoring
• Multiple office locations: Site-to-site connectivity requires secure tunnels between locations
• Guest WiFi networks: Visitor access must be isolated from your production network
• IoT and OT devices: Smart devices, cameras, and operational technology require network segregation
• PCI DSS requirements: If you process card payments, firewall controls are mandatory

When You Might Not Need a Traditional Firewall

• Fully cloud-based operations with no on-premises infrastructure to protect
• Small office with only laptops and phones accessing cloud services like Microsoft 365
• Remote-first business with no central office or shared physical network

Best Firewall Solutions for Australian SMBs

When selecting a business firewall, consider factors like your user count, required throughput, VPN needs, and whether you have internal IT expertise to manage it. Here are the leading options for Australian SMBs:

• Fortinet FortiGate: The most popular SMB choice in Australia, offering excellent performance-to-price ratio with comprehensive UTM features. FortiGate integrates well with FortiClient endpoint protection and offers strong Australian support. Models range from the FortiGate 40F for small offices to the 100F for larger businesses.
• SonicWall TZ Series: Established SMB firewall brand with over 30 years of history. Comprehensive security services, good VPN performance, and competitive pricing. The TZ270 and TZ370 suit most SMB requirements.
• Cisco Meraki MX: Cloud-managed firewalls with simple deployment and excellent visibility through the Meraki dashboard. Subscription-based licensing includes all security features. Ideal for multi-site businesses wanting centralised management without on-premises expertise.
• WatchGuard Firebox: User-friendly interface with Dimension visibility tool providing excellent traffic analytics. Strong in the SMB market with good channel support in Australia.
• pfSense/OPNsense: Open-source firewall options running on standard hardware. Lower cost but require technical expertise to deploy and maintain. Good for businesses with IT staff who want granular control.
• Sophos XGS: Strong integration with Sophos endpoint protection through Synchronized Security. Good for businesses already using Sophos antivirus.

Essential Firewall Configurations for Security

Proper configuration is as important as selecting the right hardware. The ACSC's Guidelines for Gateways provide detailed requirements. Here are the essential configurations for business firewall security:

1. Default deny policy: Block all traffic not explicitly permitted. Start with restrictive rules and open only what is documented as necessary. This is mandated by ACSC ISM controls.
2. Change default credentials immediately: Admin interfaces with default passwords are actively scanned by attackers. Use strong, unique passwords and enable multi-factor authentication where available.
3. Enable comprehensive logging: Without logs, you cannot investigate security incidents or understand traffic patterns. Retain logs for at least 90 days and consider a SIEM solution for analysis.
4. Keep firmware updated: Firewall vulnerabilities are high-value targets for attackers. Subscribe to vendor security advisories and patch promptly—ideally within 48 hours for critical vulnerabilities.
5. Implement network segmentation: Separate guest WiFi, IoT devices, development environments, and sensitive systems into different network zones with controlled traffic between them.
6. Review and audit rules regularly: Firewall rules accumulate over time as needs change. Audit and clean up unused or overly permissive rules quarterly. Document the business justification for each rule.
7. Configure security alerts: Set up notifications for suspicious activity, failed login attempts, and configuration changes. Route alerts to monitored email addresses or your SIEM.
8. Enable intrusion prevention: If your firewall supports IPS, enable it with regularly updated signatures to block known attack patterns.
9. Implement geo-blocking where appropriate: If your business only operates in Australia, consider blocking traffic from high-risk countries you never expect legitimate connections from.

Firewall Integration with Endpoint Security

Modern cybersecurity requires layered defences. Your firewall should work in concert with endpoint protection, email security, and identity management. Leading vendors offer synchronized security features where firewalls and endpoints share threat intelligence—if an endpoint detects malware, the firewall can automatically isolate that device from the network. For businesses using Microsoft 365, Azure AD Conditional Access policies can complement firewall rules by requiring compliant devices before granting network access.

Cloud-First Security Alternatives

For businesses without significant on-premises infrastructure, cloud-delivered security services may complement or replace traditional firewalls:

• Microsoft 365 security features: Conditional Access policies, Defender for Cloud Apps, and Azure AD Identity Protection provide cloud-native access controls
• DNS filtering: Cloud-based threat blocking services like Cisco Umbrella, Cloudflare Gateway, or DNSFilter block malicious domains before connections are established
• Zero Trust Network Access (ZTNA): Solutions like Zscaler Private Access or Cloudflare Access replace traditional VPNs with identity-based access controls
• Secure Access Service Edge (SASE): Comprehensive cloud-delivered network security combining SD-WAN with security services
• Cloud-managed firewalls: Services like Cisco Meraki or Forcepoint offer hardware firewalls managed entirely through cloud dashboards

Common Firewall Security Mistakes

Even with good hardware, these configuration and management errors undermine your security:

• Permitting "any-any" rules: Overly permissive rules that allow all traffic defeat the purpose of the firewall entirely
• Ignoring outbound filtering: Many businesses focus only on inbound traffic while malware needs outbound connections to exfiltrate data
• Disabled logging: Turning off logging to save storage means you cannot investigate breaches or demonstrate compliance
• Stale firmware: Running outdated firmware with known vulnerabilities is like leaving your front door unlocked
• No backup of configuration: If your firewall fails, can you restore the configuration or will you rebuild from scratch?
• Single point of failure: Critical networks should have redundant firewalls with failover capability

Firewall Costs for Australian SMBs

Budget appropriately for both hardware and ongoing subscription costs. Firewall security services like IPS signatures, URL filtering databases, and support contracts require annual renewals:

• Entry-level (5-20 users): Hardware $500-1,500 AUD, annual subscriptions $300-600. Examples: FortiGate 40F, SonicWall TZ270
• Mid-range (20-100 users): Hardware $1,500-5,000 AUD, annual subscriptions $600-1,500. Examples: FortiGate 60F/80F, Meraki MX67
• Enterprise (100+ users): Hardware $5,000-15,000+ AUD, annual subscriptions $1,500-5,000+. Examples: FortiGate 100F, Meraki MX105
• Managed firewall services: $200-800/month depending on complexity, includes monitoring, updates, and incident response