Firewalls are critical security devices that filter Internet communications to block packets from blacklisted IP addresses and applications. Firewalls can be hardware-based or software-based. There are even virtual firewalls whose software is hosted on instances in the public cloud.

Firewalls are ubiquitous. These security devices are found in corporate data centers, colocation facilities, and as part of public cloud infrastructure. Firewall implementations vary across these different venues. In this article we will review the factors to consider when deploying firewalls at a colocation data center.

Firewalls Can Be a Single Point of Failure

Firewalls at colocation facilities typically are hardware-based network units. Their components usually include processors, SSD storage, communication ports, fans, and power supplies. They are manufactured with highly reliable electronic components and typically do not include mechanical components, though some older firewalls may include HDD storage. Even without moving parts, they still are subject to failure over time; especially when exposed to extreme temperatures or power spikes. Colocation facilities maintain optimal temperature and humidity levels and power condition to extend the life of firewalls and other electronic systems.

Most firewalls in colocation data centers are configured as stand-alone units. As such, they constitute a single point of failure. If a firewall goes down, operations will be interrupted. For high availability (HA) requirements, redundant firewalls may be configured so that operations are not disrupted if one of the firewalls stops functioning.

New firewall software is released as needed to provide operating system upgrades and bug fixes. Some colocation data centers offer enhanced services that may include performing firewall updates. If the data center does not provide firewall maintenance services, clients can remotely manage the update, or they can go to the colocation facility to manually perform the upgrade.

Many of the leading firewall manufacturers have products in use by CAPS’ colocation clients. Firewalls from Cisco (ASA and Meraki MX), Fortinet Fortigate, Palo Alto Next Gen PA Series, and SonicWall are some of the leading firewall vendors with products at the Shelton, CT data center. These firewalls vary in terms of functionality, performance, and price. Higher priced units typically offer more advanced packet filtering and faster processing to enable better security and higher data throughput.

Next Generation Firewalls (NGFW) monitor Application Layer (Layer 7) data to provide greater protection than basic firewalls. Basic firewalls monitor only Network (Layer 3) and Transport (Layer 4) data. NGFW products perform deep packet inspection (DPI) and check for malware signatures in real-time to identify activity that resembles known malicious attacks.

Colocation Providers Offer Different Firewall Services

Colocation service providers offer various service options regarding firewalls. Many colocation data centers do not get involved in managing client firewalls. The responsibility for configuring and maintaining firewalls remains with the client. Though colocation staff may recycle a firewall’s power as part of their Remote Hands services, they will not manage the firewall.

Those offering managed firewall services assume responsibility for configuring and maintaining a client’s firewalls. The decision to outsource critical security functions should only be made after thoroughly vetting the colocation service provider to make sure they have the knowledge and commitment to provide the service required.

Firewalls are an important security component whether your IT systems are hosted on-premises, at a colocation facility, or in the public cloud. If colocation is an option you are considering, we hope you will contact the team at CAPS.