Your first job in planning for your firewall deployment is understanding the network it will protect. You must know how your network is going to function first, then you can incorporate your budget limitations, which will allow you to choose equipment that meets both of these needs. This applies to firewall hardware and software, but also to every other aspect of your network design.
Planning Your Firewall Deployment
Your plan will come from three things fundamentally.
- Determine what it has to do
- Determine how much you have to spend
- Find a compromise that balances the importance of budget and function
Determine uses of the intended network. Agree upon a budget, and research, and decide on a balanced compromise of budget and function.
Here are some basic rules of thumb when planning.
- Plan 20% to 30% overhead
- What’s inside that needs to be seen from outside?
- What shouldn’t be able to leave?
Plan for a firewall that can handle 20 to 30% more speed than you expect to have available from your Internet connection. Additionally, you need to know what resources inside the network will need to be accessible from outside of the network. Servers, client VPN connections, a DMZ network, and/or connecting multiple remote locations to one another via persistent VPN connections, or SD-WAN connections.
Once you know what needs to be accessible from the outside world, you’ll want to know what special needs your internal resources will have for your network. Do you plan on having a voice-over IP phone on your network? Do you plan to allow gaming? Would you like to de-prioritize streaming and gaming so those non-work-related traffic types can’t monopolize your network? Pay attention to planning redundancy into things like your firewall, but also mission-critical switching equipment and power management to all of the devices necessary to keep the network running during a power outage. That is unless your business could easily survive to shut down for a while in the event of a major power failure. These points will help you to not only understand how you will choose, setup, and maintain your firewall, but may also help you to find holes in your design.
- Take Meticulous Notes
- Transfer into documentation
- Share your documentation
After creating your plan, remember to keep meticulous notes as you do your work. Write down what you’ve done as you are doing it. Keep notes, and at the end of the process, you’ll use those notes to create useful documentation of your network design.
Agree on a Budget
- Balance the budget need with function
- Bring real use cases to the table
- Defend your principals
Pay attention to budgetary constraints second, after forecasting network requirements, but realize that your budget might dramatically change your ability to serve the needs you determined initially. Always seek to strike a balance between expense and function. Don’t break the bank, but also, don’t skimp on equipment upfront, only to realize you’ve created a problem that will cost even more to solve later. Word of warning here. Push back against an unrealistic budget. Do not fall into the trap of agreeing to implement an underfunded plan, as the fault will always come back onto your shoulders.
Research and Purchase
- Research-based on efficiency
- Purchase with the advice of multiple vendors
- Treat your vendors well
When researching, use a few qualified vendors as your guides. Show them your plan. Get advice and use their collective wisdom to make a well-balanced decision. Be good to your network vendors. Play fair. Be sure to reward good vendors by paying them to perform services. Buy extended warranties through them, and purchase your equipment through them. Value the expertise of your vendors. They’re a great asset and partner when leveraged properly.