What is Firewall as a Service and what do you need?

Older firewalls required frequent software updates and patches. The lack or delay of updates created security risks.


Firewalls in buildings are fireproof brick walls that prevent fires from spreading. Network firewalls also prevent the spread of data and applications that can endanger the security of a business or home network. It works in both directions, it prevents the entry of traffic with harmful data packets and the exit from the protected network.


Network firewalls have been an important block for network security since the advent of the Internet in the late 1980s. Over the next two decades, firewalls were implemented either as hardware or as software in the hardware network. This changed in 2009 with the development of the Next Generation Firewall (NGFW), which was developed for deep packet inspection (DPI) of network traffic. The latest manifestation of NGFW is Firewall as a Service (FWaaS). In his 2017 report, Hype Cycle for Threat-Facing Technologies, security analyst Greg Young described FWaaS as a "growing" trend with "great value".


What makes FWaaS a growing technology? Does it have defects?


The advantages of FWaaS

FWaaS is an NGFW that is implemented as a cloud-based service. Moving firewall functions to the cloud has many advantages.


  • Simpler architecture: All network traffic is combined in the cloud, regardless of whether it is remote users, data centers or affiliates. Therefore, there is only one point for IPR, eliminating the tedious task of keeping distributed firewall policies in sync. Firewall devices are also removed. All locations in a company are served by a single cloud-based firewall with an application-related security policy.
  • Scalability: The scalability of FWaaS is a by-product of its simple architecture. Using a single firewall to process all traffic simplifies capacity planning. Adding new sites and changing bandwidth is also easier.
  • Unified Security Policy: This is also a by-product of the simple FWaaS architecture. The old firewall architecture required the transport of certain firewall devices for branches that do not use MPLS. A company can deploy firewalls from different vendors or even different models from the same vendor. If you have different devices, it is difficult to maintain a uniform security policy for everyone.
  • Full visibility of network traffic: Web security solutions like Secure Web Gateway (SWG) protect users from Internet threats like malware and phishing. Since SWG does not protect WAN traffic, a WAN firewall is required. There is also the problem that SWGs and firewalls cannot connect mobile users to the office. To solve these problems, FWaaS and SD-WAN can be used to implement a single logical network that offers complete transparency and data traffic both on the Internet and in the WAN.
  • Easier maintenance: Older firewalls required frequent software updates and patches. The lack or delay of updates created security risks. FWaaS firewalls are always up to date, so there is no risk of delayed or missed software updates. IT staff can spend their time planning future infrastructure requirements instead of doing maintenance.

Disadvantages of FWaaS

The following are the challenges facing the introduction of FWaaS, not the disadvantages of the technology.


  • Resistance to adoption: Organizations may be reluctant to move an important feature like cloud security. You may be willing to give up all FWaaS cost savings and operational facilities and stay with old firewalls.
  • Concerns about network latency: As mentioned above, the integration of SD-WAN and other cloud services in FWaaS makes the solution more attractive for companies. FWaaS providers must guarantee network latency that is comparable or better than that of older firewalls.

Secure SD-WAN, a global service from Cato Networks, solves problems related to the introduction of FWaaS by integrating firewall as a service. This product provides a connection to FWaaS from any region or cloud.

Also read:sla monitoring