Examining firewall as a service

Examining firewall as a service

Virtualising physical appliances is just one part of the equation.

Credit: Dreamstime

Firewall as a service, or FWaaS, relies on technology in the cloud. A user or application connects to the FWaaS via the internet, and the service applies domain rules, URL filtering, and other security that physical firewall appliances use. The idea is to replace the multitude of hardware firewalls you’d need to secure all of your business’ traffic from all of its different operational sites with secure internet connections to the service.

What’s wrong with firewall appliances?

Possibly nothing. Physical firewalls are still quite popular, particularly for businesses without a lot of different locations and without a lot of remote workers. They even have some advantages over FWaaS, like different cost profiles. On-prem firewalls are a capex expenditure up-front but tend to be cheaper over time. They also have lower latency.

Why is FWaaS more prominent now?

The pandemic and its attendant spike in remote working made things tough on businesses that needed their employees’ connections to be protected at all times. FWaaS can protect connections coming from anywhere, from a branch office or even a remote worker’s study. Gartner estimates that FWaaS will go from a US$251 million industry to about US$2.6 billion by 2025, assuming that current remote-working trends continue. That would give FWaaS a 21 per cent share of the roughly US$12 billion firewall market in less than five years. Most of the fastest growth has been in North America and Europe.

How is it deployed?

It’s considerably easier than deploying a substantial number of hardware appliances across numerous branch offices, but it’s not the simplest thing in the world, either, according to Adam Hils, a senior research director at Gartner.

“[Organisations must] get some kind of understanding of what kind of access they need at each branch and configure the firewall,” he said. “This can involve multiple configurations, but, again, it’s not nearly as complex as plopping a thousand physical firewalls down in a network and having to configure those.”

How does FWaaS work, exactly?

It’s conceptually quite simple: It does precisely the same things an on-prem firewall does, it just does them remotely, either from a physical point of presence in a data center somewhere or in the cloud. The precise location of where the firewall workload happens varies by vendor.

It’s also worth noting that FWaaS is often either bundled with SD-WAN by networking vendors or simply used in tandem with another SD-WAN offering. It becomes another connection the SD-WAN manages and provides centrally managed firewall protection.

Are cloud firewalls and FWaaS the same thing?

Cloud firewall is a marketing term, and, according to IDC research manager Chris Rodriguez, isn’t a particularly helpful one. “I’d caution against cloud firewall because it’s confusing. Is it a firewall in the cloud or a firewall that’s defending a cloud network?” he said. So the short answer is cloud firewall and FWaaS are not necessarily the same thing.

What are the downsides of FWaaS?

From an opex point of view, FWaaS can be pricey, and it doesn’t get cheaper over time like a group of physical firewalls would. For another, there’s the issue of small transmission delays as the traffic gets filtered through the FWaaS.

“There can be some latency because you have to send user traffic through that cloud and to wherever it’s bound for,” said Hils. If, for example, a FWaaS provider’s nearest point of presence is down, round-trip times for the connections that were using that point would get substantially longer.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.


EDGE 2023

EDGE is the leading technology conference for business leaders in Australia and New Zealand, built on the foundations of collaboration, education and advancement.


ARN has celebrated gender diversity and recognised female excellence across the Australian tech channel since first launching WIICTA in 2012, acknowledging the achievements of a talented group of female front runners who have become influential figures across the local industry.

ARN Innovation Awards 2023

Innovation Awards is the market-leading awards program for celebrating ecosystem innovation and excellence across the technology sector in Australia.

Brand Post

Channel Roadmap

The Channel Roadmap is a bespoke content hub housing strategic priorities from technology vendors for 2022 and beyond, partners can find the guidance on the key technologies and markets to pursue, to help build a blueprint for future success.

Show Comments