We can help with implementation and management of an effective WatchGuard-based network security.
Organizations have the wrong paradigm about network security. Usually, organizational management believes that internal IT can or should be able to implement network security, security appliances, design the network, or even support it effectively. Again, we’ve never seen it happen in 25 years in SMB. Certainly, organizations with 10,000+ users have full-time network architects and network security personnel that competently take care of network security. Those individuals have a FTE cost of >$160,000/yr. This is why it is impossible for SMB to attract and retain that type of in-house IT staff. They just don’t have the budget for it. Further, a person of that skillset will not do desktop support, which is the type of generalist job duties that are required in SMB.
SMB organizations need to outsource network architecture, network engineering, maintenance, and certainly network security because they are never going to be able to hire anyone with the skills to do that in-house. It is a fallacy to think that network layer security can be done effectively or even costeffectively by in-house IT. Network security appliance manufacturing support is legally not allowed to provide security strategy and security implementation guidance. They are simply very baseline break/fix support.
Let’s look at what is required to get a VPN with Active Directory integrated authentication working:
- Correctly programmed Active Directory domain controllers
- Healthy GPOs for security
- Correct Firebox integration settings
- AD root certificate authority server correctly programmed
- Correct network layer security rules (VPN defaults CANNOT be used if there is any intent for security)
- Correct VLAN structure
- Correct VPN settings for DNS, routing, and encryption
- Correct procedures for client software on endpoints (mobile devices, laptops, etc.)
The only personnel that can implement this objective are personnel with comprehensive expertise in all the technologies involved. If a person has to call support in order to get this implemented, they are the wrong personnel to be doing the implementation. This is a great example as to why it is not a realistic expectation and the wrong paradigm to presume that internal IT can do this on their own or with manufacturer support. The level of integration with other components and technical prerequisites is extremely high.