🏆 2025 MSP 501 Next Generation List — Recognized for Innovation in Managed Services. Learn more

California Telecom
Back to Blog

Why Most Businesses Shouldn't Manage Their Own Firewalls

Why Most Businesses Shouldn't Manage Their Own Firewalls

By Jim Gurol, CEO, California Telecom

There is a firewall sitting in your server room right now. Maybe it is a Fortinet, maybe it is a SonicWall, maybe it is something that was cutting-edge when it was installed four years ago. Here is the question: when was the last time someone actually looked at it?

Not rebooted it. Not checked that the green light was on. When was the last time someone reviewed the firewall policies, updated the firmware, analyzed the logs, rotated the certificates, and verified that the security posture still matches your current threat landscape?

For most businesses, the honest answer is uncomfortable. The firewall was deployed once, configured by whoever set it up, and has been running on autopilot ever since. That is a significant security risk, and it is more common than you might think.

Having a Firewall vs. Managing a Firewall

Buying a firewall and plugging it in is step one. Managing it is everything that comes after, and that is where most businesses fall short.

What Active Firewall Management Actually Includes

  • Firmware updates. Firewall vendors release firmware updates regularly to patch vulnerabilities and add features. Missing these updates means running known-vulnerable software on the device that is supposed to protect your network.
  • Policy reviews. Firewall rules accumulate over time. Temporary rules become permanent. Former employees' VPN access stays active. Overly permissive rules that were added to "just get things working" never get tightened. Regular policy reviews clean up this drift and keep your security posture tight.
  • Log analysis. Your firewall generates thousands of log entries daily. Someone needs to be reviewing those logs for suspicious activity, failed login attempts, unusual traffic patterns, and policy violations.
  • Threat response. When a new vulnerability is disclosed or a new attack pattern emerges, your firewall configuration may need to be updated to block it. This requires someone who is tracking the threat landscape and knows how to translate advisories into firewall policy changes.
  • Certificate management. SSL inspection, VPN certificates, and other certificate-based security functions require ongoing management. Expired certificates cause outages and security gaps.
  • Configuration backups. If your firewall fails and you do not have a recent configuration backup, you are rebuilding your entire security policy from scratch. That is hours of downtime and a significant security risk during the rebuild.

If your organization does not have someone performing all of these functions regularly, your firewall is providing a fraction of the protection it should be.

The Real Risk

The most dangerous firewall is the one that gives you a false sense of security. You see a physical appliance in the rack, you know traffic is flowing through it, and you assume you are protected. Meanwhile:

  • The firmware is three versions behind and has known critical vulnerabilities
  • There are firewall rules that were added two years ago as temporary workarounds and never removed
  • No one has reviewed the logs in months
  • The SSL inspection certificate expired and was never renewed
  • A former employee's site-to-site VPN tunnel is still active

None of these situations trigger an alarm. Your firewall keeps passing traffic. The green light stays on. But your security posture has significant gaps that an attacker could exploit.

What a Managed Firewall Service Includes

When you work with a managed firewall provider, the entire lifecycle of the firewall is handled:

  • Hardware selection and procurement. We recommend and source the right FortiGate model for your environment, throughput requirements, and feature needs.
  • Installation and provisioning. Initial deployment includes network segmentation, security policy configuration, VPN setup, SSL inspection, and integration with your SD-WAN if applicable.
  • Ongoing policy management. Need a new firewall rule? Need to open access for a new application? Need to set up a VPN for a new office? We handle it.
  • Firmware management. We test and deploy firmware updates on a regular schedule, coordinating maintenance windows with your team.
  • 24/7 monitoring. Your firewall is monitored around the clock through Netverge. We see security events, traffic anomalies, and health metrics in real time.
  • Configuration troubleshooting. When something is not working and the firewall might be the cause, our engineers troubleshoot and resolve it.
  • Priority support. Network security issues get prioritized. You are not waiting in a general support queue.

Why FortiGate?

We standardize on Fortinet FortiGate firewalls for customer deployments, and there are specific reasons for that choice:

  • Gartner Magic Quadrant Leader. Fortinet has been recognized as a Leader in the Gartner Magic Quadrant for Network Firewalls consistently. This is not marketing fluff. It reflects independent evaluation of the platform's capabilities.
  • Unified security fabric. FortiGate firewalls integrate with FortiSwitch, FortiAP, and FortiManager, creating a unified security architecture where your firewall, switches, and WiFi access points all work together under one management plane.
  • Built-in SD-WAN. FortiGate includes SD-WAN functionality in the same appliance, which means you can get next-gen firewall security and SD-WAN in a single box at sites where that makes sense.
  • Our NSE7/FCSS-certified engineer leads firewall architecture for all customer deployments. This is not a generalist reading documentation. It is a deeply certified specialist designing security architectures for production environments.

The Cost Comparison

The math on managed firewall services is straightforward. A dedicated network security engineer commands a salary of $120,000 to $160,000 per year, plus benefits. That single person cannot provide 24/7 coverage. They take vacations, get sick, and eventually leave. When they leave, they take institutional knowledge of your firewall configuration with them.

A managed firewall service costs a fraction of that salary and provides 24/7 coverage from a team of engineers rather than a single person. The firewall configuration is documented in the provider's platform (in our case, Netverge), so there is no single point of failure if someone leaves.

For businesses with multiple locations, the economics are even more compelling. Each additional site adds minimal marginal cost under a managed service agreement, while hiring additional security engineers to cover more locations scales linearly.

Who Needs Managed Firewall Services?

If any of these apply to your business, managed firewall is worth evaluating:

  • You handle sensitive client data (legal, financial, healthcare, insurance)
  • You have compliance requirements (HIPAA, PCI-DSS, SOC 2, CMMC)
  • You do not have a dedicated network security engineer on staff
  • Your firewall firmware has not been updated in the last 90 days
  • No one is regularly reviewing your firewall logs or policies
  • You have multiple locations with firewalls that need consistent policy management

Get a Firewall Health Check

We will review your current firewall setup, identify gaps in your security posture, and give you an honest assessment of whether managed firewall services make sense for your business. No cost, no obligation.

Request a free firewall review →

Ready to Get Started?

Talk to our team about how California Telecom can help your business with enterprise-grade solutions.

Get a Free Network Assessment