Firewall advice for ELITE (leased line) Internet services

With every Giganet ELITE (leased line) service, we provide a managed Juniper router. More information about that device can be read up in this article: Giganet managed Juniper router for ELITE services

For most organisations, they will need to connect a firewall to our router, before you can connect the internet connection to your local area network (LAN). In this article, we'll cover off why, and what you need.

Do you include a firewall with your ELITE services?

As standard, no. We only include a router, and a router is not the same as a firewall. Please see our router article for further help on this.

If we're including an SRX router with your ELITE service, although this can work as a firewall, we do not configure this. Please see the above article for further information where we explain our reasonings.

We can provide firewalls on request, for extra charge.

Why don't you include a firewall?

Unlike the router we do provide (which is performing a very specific and limited role (see this article why)), there isn't really one-size fits all with firewalls.

There are lots of options for firewalls, and depending on your requirements, there could be quite a lot to consider. 

You may also be reusing a firewall that is still suitable for use with the service we are providing.

Why is a firewall needed?

A firewall is recommended and almost always required. It's main job is the first line of defence from the public internet into your network. It will block any access into your network from the public internet whilst allowing outbound connections and their responses. Essentially this means that your client devices can browse the web, send emails, use apps such as Teams & Zoom, whilst blocking and preventing third party remote people anywhere connected to the internet access into your network.

Firewalls are sometimes called Security Appliances, UTM or SD-WAN devices. Depending on the main features you are after, they will be called one of these.

What firewall do I need?

The choice of firewall for most SMEs will mainly be down to the following factors:

• Bandwidth (speed) of connection
• Number of users and devices passing through it
• Any security features requirements; such as IPS or anti-virus scanning
• Any content filtering requirements
• Any client VPN requirements
• Any site-to-site VPN requirements, some vendors like to call site-to-site VPNs as SD-WAN
• Whether it needs to support multiple internet connection uplinks (e.g. 2 or more WAN uplinks)
• Support and maintenance options

Depending on the above selection, it will determine the price.

Can Giganet help provide the firewall if I tell you the above requirements?

Yes, we should be able to.

Currently the firewalls we provide and recommend include:

• Cisco Meraki MX range of security appliances
• Netgate pfsense appliances
• Ubiquiti UniFi USG Pro or UDM Pro

Firewall features that Giganet can assist with

• IPv4 and IPv6 addressing (IPv6 not supported on Meraki MX appliances yet)
• VLANs
• Traffic shaping
• Quality of service (QoS)
• Security:
  • Intrusion Protection/ Snort IPS
  • Malware detection/ AMP (requires Meraki MX + Security License)
• Web content filtering
• Port forwarding
• 1:1 NAT
• 1:many NAT
• IPv4/IPv6 ACL rules
• High availability VRRP firewalls

Can Giganet provide Cloud Firewalls?

Yes, we can provide cloud firewalls for PWAN MPLS networks for the central internet breakout. 

For standalone ELITE leased line services, it's not usually cost effective to provide a cloud firewall, so we do not offer this.