A managed firewall. Not just a box at your perimeter.
Buying a firewall is the easy part. Keeping it patched, tuned, monitored and renewed is where SMBs fail. Here is what "managed" actually means, and why it is the difference between protection and theatre.
A firewall is a hardware (or virtual) appliance that sits between your internal network and the internet, inspecting traffic in both directions and applying rules. That part has been true since 1995. What has changed is what "managed" means.
What you get
Modern business firewalls do far more than block ports:
- Stateful inspection. Tracking connection state to allow legitimate return traffic.
- Deep packet inspection. Looking inside the packet, not just at the headers.
- Intrusion prevention (IPS). Signature-based detection of known exploit attempts.
- Application control. Allowing Microsoft 365 traffic but blocking BitTorrent.
- Web filtering. Blocking malicious or unwanted destinations by category.
- SSL/TLS inspection. Decrypting encrypted traffic to inspect it (where policy allows).
- Site-to-site VPN. Encrypted tunnels between branch offices and to cloud workloads.
Why "managed" matters
A firewall is software running on a specialised computer. Like any software, it has bugs. The Sophos 2025 Active Adversary Report flagged external remote services — firewalls, VPNs, edge devices — as the dominant initial-access vector for ransomware. The report includes a customer breached three times in 14 months via a FortiGate VPN running 14-year-old firmware. Patches existed. They had not been applied.
Unmanaged firewalls fail this way constantly. The hardware works fine; the software is years out of date; nobody is watching the logs. In a managed service, that is our problem.
What 4UIT's managed firewall covers
- Sophos XGS hardware (or other approved brand), sized for your environment.
- Active subscription license — IPS signatures, web/app control, anti-malware, sandboxing.
- Firmware patching on a documented schedule. Critical CVEs handled same-week.
- Quarterly rule review with change log.
- Continuous log monitoring. Alerts go to our team, not yours.
- Hardware replacement under warranty.
- Documented configuration backed up off-device. Restore-tested annually.
The customer experience is "the firewall just works." The reality is a lot of disciplined ops behind the scenes.
More on our firewall service or talk to us about your environment.
Source: Sophos 2025 Active Adversary Report.
// Frequently asked questions
What is included in managed firewall service?
Hardware (or virtual appliance), license subscription, firmware patching, rule review, IPS/IDS signature updates, log monitoring, alerting on suspicious traffic, and replacement on failure. The customer never touches the firewall directly.
Why are unpatched firewalls a problem?
Edge devices (firewalls, VPN concentrators) are the #1 initial-access target. The Sophos 2025 Active Adversary Report flags external remote services as the dominant attack vector. Unpatched firewalls are exploited at scale long after fixes exist — Sophos documented one customer breached three times in 14 months via a FortiGate VPN with 14-year-old firmware.
What firewall does 4UIT recommend?
For most Ottawa SMBs we recommend Sophos XGS series — they integrate cleanly with Sophos Intercept X EDR for true XDR correlation. For larger environments or special requirements we also deploy Fortinet and Cisco Meraki. The brand matters less than the discipline of patching, tuning and monitoring.
What is the difference between a firewall and a router?
Routers move packets between networks. Firewalls inspect those packets and decide whether to forward, block, or alert based on policy. A consumer router has basic firewall rules; a business firewall does deep packet inspection, intrusion prevention, application control, and web filtering.
How often should firewall rules be reviewed?
At minimum quarterly. Rules accumulate cruft over time — temporary holes for vendors that never got closed, legacy services still allowed. We do quarterly rule reviews on every managed firewall and document changes for audit.