Is Integrated Next-Gen Firewall a viable alternative for the Enterprise?

Should enterprise VPNs be best-of-breed standalone deployments, or integrated with firewalls? There has been a lot of speculation by industry pundits lately about whether an integrated firewall approach is adequate for the large enterprise, and whether a standalone SSL VPN approach is dead. Industry trends come and go — but you need to stick with the approach that achieves your objectives.

Many large enterprises need to provide access for thousands of users to mission-critical applications and resources. And with the growing BYOD movement, enabling employees to use their personal devices to gain access to corporate resources weighs heavily into any network strategy. Enterprises need to ensure control over the end point to ensure the data received is meant for those eyes only.

So do you implement a ‘best-of-breed” or integrated strategy? Both firewall and VPN are needed to protect a company’s private network from an untrusted public network, such as the Internet.  On one hand, firewalls with integrated VPN provide a comprehensive solution. Ease of centrally managing firewall and VPN functionality is a major advantage for an integrated solution. However, combining the functionality into one appliance can put companies at risk. What happens if the integrated firewall goes down?  Assuring secure access to mission critical data enables employees to be productive even when not sitting in the office, which is paramount to a sound security strategy. 

Fact is, stand-alone VPN solutions with good administration capability and published APIs can adequately address the integrated management benefit.

On the other hand, standalone VPN appliances have proven to be viable for enterprise environments that require connections into the thousands. Standalone VPN appliances provide high availability, scalability and high performance that is unmatched by any integrated appliance today. A stand-alone VPN appliance model enables the IT Manager to eliminate the concern of one appliance.

Firewalls and VPN will continue to coexist. But you must be careful, in the attempt to maximize IT budget, not to sacrifice the real objective: secure the company’s access regardless whether from within the network or remotely.  

About the Author: Stuart Lisk