Blog Posts

Top 5 Reasons to replace your Firewall

Often overlooked, the firewall is the single most important device on your corporate or home network. It’s usually placed near your Internet Providers modem or router in a closet and forgotten about. In some situations the Internet Provider has bundled in basic firewall services into their device.

edgeos ubiquity interface traffic graph

So why should you replace your firewall? Isn’t it like that coffee cup on your desk, it always works, never complains and it provides you with confidence and piece of mind. We’re about to shatter these misconceptions. Hang on tight for our top 5 reasons to replace your firewall.


Technology changes, everything gets older. Should you replace an item just because it’s old? That seems like a waste. But unlike a classic automobile, you’re not going to be able to upgrade or change out the parts on these devices. The majority of firewalls on the market are appliances and do not have any serviceable parts. The hardware is locked in time and the hours will just keep adding up. You’re not going to be able to change the fact that it’s on 24x7x365 and every hour it operates is an hour it will not get back.

Everything has an operational limit and the older technology gets, the more likely it is to fail at the worst time. This point holds true for all technology including firewalls, routers, switches, servers, desktop PCs, smartphones, access points, NAS devices etc. About the only thing that doesn’t seem to be affected by age is cabling.


The firewalls function is as a gatekeeper and traffic cop which evaluates data as it passes into and out of your network. It makes the determination whether to pass the data through and where to pass it to.

pfsense firewall interactive graph of performance

As internet speeds improve, the performance of the gatekeeper has to improve as well. If you’ll remember when we chatted about age above, the hardware can only go so fast. It’s like a 1960’s mustang with a V8 engine. 200 HP seems like a lot, but in today’s cars, a VW Golf has more horsepower and is a much lighter car.

Your firewall (and any hardware you have) will always be stuck at a point in time in terms of performance. Can it keep up to the internet speeds you are working with today? Gigabit was just a pipe dream 5 years ago, now it’s the standard for high speed in cities. If you find you’re not getting the speeds you subscribe to and your firewall is older, it’s likely the bottleneck and will need to be looked at.

Capability and Features

As time has moved on, the requirements of firewall devices have increased. Most of these changes are related to the software on the firewall devices. For example, many years ago a firewall’s job was simple. All it needed to do is filter the traffic based on source, destination and port and provide basic routing and address translation. A very small footprint and very efficient, small amount of code was all that was required to do this.

pfsense firewall interface statistics

Modern firewalls need to

  1. Determine where in the world the data is coming from and based on country allow/block. There are billions of addresses in these address tables that the device must search lighting fast. (Geoblocking)
  2. Determine what is in the data (viruses/malware/other) and allow/block. But to do this it must reconstitute the data from individual packets, then scan it, then break it apart again and sent it along. (Content filtering)
  3. Make some intelligent logical choices on emerging threats and patterns in the data (Intrusion Prevention System IPS)
  4. Connect remote workers and branch offices using encrypted tunnels at wire speed (Virtual Private Networks VPN)
  5. Support SD-WAN and multi ISP fail over for resiliency. Years ago an internet outage was an inconvenience, nowadays with cloud services an internet outage will bring your business to it’s knees.
  6. Provide user authentication, radius and 2 factor authentication to control access to network resources.

As you can see, today we need a lot more from our equipment and yesterdays gear is just not up to the task.

Support and Obsolescence

Vendors need to support and provide fixes for their equipment. When security bugs are found, software updates will be used to fix them. Otherwise your vitally important firewall will be vulnerable to attack and your network that it protects may be at risk.

Industry standard support for equipment is typically (but not always) 5 years. Anything after that and the vendor may or may not support the equipment. When your firewall reaches vendor end of support you will need to replace it or your network and your data will be at risk.


pfsense snort alerts summary

As the gatekeeper the firewall is the single most important device on your network that protects everything behind it. If your budget only allows you to replace one device on your network choose your firewall. Between power, your internet service and switches, the firewall is a device that impacts everything that needs to connect to the internet. In addition, on business networks your firewall will control access to the various branch offices and network segments throughout your building.

Do you value keeping your call center separated from your executive computers? I thought you would! this is one of the many functions of the firewall in a corporate office.

Make an investment in security and keep that firewall up to date!


Keep that firewall current, updated and configured with the latest technology to provide you the best protection against new and emerging threats. Investments in common technologies that impact your entire network are always good investments.

If you need an assessment of your firewall equipment, or are in the market for new equipment and are unsure where to start, give us a call, we’re happy to help. Please share if you liked this post on our top 5 reasons to replace your firewall.

Check out more of our How-To’s for additional great tips like this one.

Leave a Reply