September 2018 • 9 min read
Introduction
As enterprise networks evolve and threat landscapes become more complex, firewalls transform from simple perimeter guards to sophisticated inspection points across hybrid and multi-cloud architectures. In 2018, security strategies increasingly rely on context-aware firewalls to enforce granular policies across users, applications, and devices.
From Perimeter to Everywhere
Traditional firewall placement focused on the network edge. But cloud adoption and mobile workforces dissolve the classic perimeter. Enterprises deploy firewalls in branch offices, data centers, and even as virtual instances in IaaS environments. Security follows users and workloads, not just IP ranges.
Layer 7 and Application Awareness
Modern firewalls analyze traffic at Layer 7, identifying applications regardless of port. This capability helps detect evasive behavior and enforces policy beyond TCP/UDP headers. For example, a firewall distinguishes between Skype and Office 365, even when both use HTTPS on port 443.
SSL Inspection and Challenges
With over 70% of traffic encrypted in 2018, SSL inspection becomes vital. Firewalls intercept and decrypt HTTPS flows to inspect payloads. However, this introduces performance and privacy challenges. Enterprises must balance visibility with user trust, regulatory requirements, and hardware capabilities.
Intrusion Prevention Integration
Next-Gen Firewalls (NGFWs) integrate Intrusion Prevention Systems (IPS), blocking threats based on signatures and behavior. This shifts detection closer to the source, minimizing dwell time. Advanced models even incorporate machine learning to detect zero-day exploits.
Micro-Segmentation and East-West Visibility
Data centers no longer rely solely on perimeter defense. Micro-segmentation enforces security within east-west traffic. Firewalls now operate inside the data center, segmenting environments based on workload sensitivity and compliance boundaries. This trend increases firewall instances but improves lateral threat containment.
Cloud-Native Firewalls
Public cloud providers offer native firewall capabilities—security groups, NSGs, WAFs. Yet, enterprises often supplement with virtual NGFWs for policy consistency. Vendors provide images for AWS, Azure, and GCP to align on-prem and cloud policy management through central consoles.
User Identity and Role-Based Policies
Firewalls now integrate with directory services (e.g., AD, LDAP) to apply policies based on user identity, not IP. This approach enhances BYOD and roaming scenarios, enabling consistent enforcement regardless of device or location. It also simplifies audits and incident forensics.
Management and Orchestration
Manual firewall rule management no longer scales. Enterprises adopt centralized policy engines and REST APIs to automate provisioning and updates. Intent-based security models define desired outcomes (e.g., “block file sharing in finance”), with systems translating them into rules.
Best Practices in 2018
- Use Layer 7 inspection to classify encrypted and evasive applications
- Enable SSL inspection selectively to preserve performance and privacy
- Apply micro-segmentation for east-west traffic in data centers
- Leverage cloud-native controls, but supplement where needed
- Automate policy management using APIs and orchestration tools
Final Thoughts
Firewalls continue to play a central role in enterprise security, but they evolve beyond basic filtering. In 2018, their power lies in application awareness, dynamic policy enforcement, and integration with broader security ecosystems. As threats grow in sophistication, firewall strategies must adapt in lockstep.