The simple answer is, you probably don’t. Manufacturers like Meraki, Fortinet, WatchGuard, Sophos, Barracuda, and Check Point offer firewall licensing options for their security products. But most don’t require it. Meraki is the notable exception.
When you buy a firewall, you are purchasing a product that will protect your network from unwanted traffic. But there is a lot of hostile traffic that comes in many forms. And some of it’s easier to detect and stop than others. Not all organizations need to protect themselves from every kind of threat.
Firewall licensing gives you a way of picking the level of protection you desire. Think of it as buying additional feature sets. Anything from very basic (for a home, maybe), to total protection (for a financial institution). The different vendors have catchy names for their license products, of course. But they are all pretty similar in the way they work. Fortinet has FortiGuard. They also have FortiCare, which is the tech support piece. Sophos calls theirs FullGuard and EnterpriseGuard. Meraki’s are the Enterprise License and Advanced Security License.
Firewall licensing is used to enable various features on the your firewall. And the same general principles apply whether the license is for a hardware firewall or a virtual/software firewall.
Can’t I just skip firewall licensing?
Most firewalls include a base license. That’s just another way of thinking of the basic firewall without any of this additional licensing. Typically, the base license is perpetual. The additional features can be purchased like subscriptions. They are offered in yearly or two-year increments. As mentioned earlier, Meraki firewalls require such licensing to function at all.
Typically, a base license gives you a firewall with basic features. Those are things like Application Control and SSL Inspection. In addition, there’s WAN Optimization, Unlimited VPN clients, and so on. But it will be different from one vendor to the next, of course. Sophos’ basic firewall has Network Firewall, SSL and IPSec VPN, and complete wireless protection.
In another example, FortiGate firewalls will still give you IPS function, URL Filtering, VPN tunnels, VIPs, routing protocols, DPI, and so on. Without additional licensing, the FortiGate will not be able to update its signatures from FortiGuard. And, you wont be entitled to contact support. You won’t get the firmware or security updates or FortiGuard features, either.
What sort of things does firewall licensing buy?
Firewall licensing gets you things like the more more advanced Malware Protection, Advanced Threat Protection, and Remote Access. In addition, you get features like Antivirus, Application Control, Vulnerability Scanning and Web Filtering. Fully-automated updates, AntiSpam, and Web Application Firewall are some others. Of course, these feature sets and add-ons will differ from one vendor to another.
Is this stuff I need?
You just have to think about the benefits of those security features you’re not sure you want to pay for. Basic firewalls will catch and block most of the basic threats.
But you just have to consider your on-going needs. Buying a firewall without support can quickly develop into a mess for your organization. Things like automatic firmware and security updates may not move the needle for you much when we’re talking about your phone or home PC. But it’s an absolutely critical feature of your IT infrastructure.
The long view
Many people are focused on the initial cost of the firewall. But just about any IT professional will agree to the need for vendor support and firmware updates. There is so much that comes at your firewall. True, not everybody needs the highest level of protection. But everyone should at least consider more than just basic firewall protection. It adds so much to what your firewall can do. There’s a story about a client who resisted for three years before he FINALLY gave in and bought a WatchGuard with Basic UTM. Within the first two months it TWICE stopped him from getting ransomware.
When the time for renewal came up three years later, he did not hesitate to upgrade to a new, faster unit with the Total Security package. And it was several hundred dollars more than just a plain renewal. He learned how well it was protecting him.
At the end of the day it’s a business risk decision. What features do you need? Where does the benefit finally mitigate the cost of the extra features? If you need help deciding whether you need firewall licensing, just email us or call Corporate Armor at 877-449-0458. That’s what we’re here for! We hope this is helpful, and thanks for reading!
Firewall licensing features
Web Application Firewall |
Fully-Automated Updates |
dvanced Spyware Detection |
Application Control |
Web Filtering |