OK, so I’m working with a network vendor to replace our current ISP, and they offer a managed/monitored network service that includes a firewall - great. The point of going this route, is that I’m the only IT guy, and the company wants to be able to have one number to call, if there is a problem, and I’m not around. In theory, the ISP should be able to trace the problem all the way back to our network, and fix it - great. But I start asking questions about things like actually being able to see what the people on our network are doing, where they are going, and what I can, and can’t block. Turns out this is a very basic firewall, and it offers just very basic packet-in, packet-out services. No intrusion detection, in-line virus filtering, or content filtering, and it can’t do any client side VPN. So, in talking with their engineer, it seems that I’m pretty much going to need to install a firewall behind their firewall to do any of this. A firewall, that they won’t manage, so that kind of nullifies the whole managed end-to-end bit.
Happy Friday everyone…
34 Spice ups
elgin8949
(Elgin8949)
2
A firewall that doesnt protect, barely, sounds like a router.
8 Spice ups
legoman
(LegoMan)
3
That’s an ISP that I would automatically stop doing business with…
Seems like they are including “firewall” cause that’s a nice buzz-word some business owner/management type will be like “yeah, we want that” when clearly it doesn’t provide anything worth having at all.
ISPs should just be ISPs, I don’t want any other “features” or “services” with that - just unrestricted Internet. I’ll do the firewalling, thank you.
4 Spice ups
Agreed. There is a router as well, so it would be Fiber → router → firewall → firewall → my network.
eddie4
(EddieMoore)
5
We have 4 firewalls on different networks that I manage, they have my number!
I can’t remember the last time I was called concerning any of our firewalls. Once you get a firewall configured, they’re fairly low maintenance, at least the Sonicwalls we use have been.
1 Spice up
elgin8949
(Elgin8949)
6
Maybe it’s just a proxy server running on a Raspberry Pi. They then remarket it as a ‘Firewall’, except Firewall is the name of it and not what it does.
2 Spice ups
elgin8949
(Elgin8949)
7
Yes, everyone needs to check out the new routers made by Firewall.
4 Spice ups
Oh, I agree, but it would come down to there being a problem, and then it would be a question of ISP problem vs. firewall problem, and usually you need to convince the ISPs that they have a problem. The whole point of this managed service was that they would know if there was a problem, and would be able to fix it quickly. I know, asking too much…
1 Spice up
legoman
(LegoMan)
9
Nope, way more likely you will discover a problem, then spend 95% of your time convincing them why it is their network / device / “firewall” that is causing it.
I would really steer clear of this thing which is really just “another point of failure”
4 Spice ups
Exactly what I told my manager.
2 Spice ups
jreilly86
(Jared5997)
12
I would fight them on this… and if they don’t listen… spend your free time practicing your “I told you so dance” for when the sh1t hits the fan.
Maybe you need a more robust vendor 
3 Spice ups
The ISP provides the ocean. You should be the floodgate. Or at least that’s how it should work…our ISP is terribad.
Who the heck let them do that?
I didn’t let them do that. That is what they are suggesting as a solution to my problem.
