FirewallHighCriticalHighHighHigh
Firewall & Perimeter Security Audit
A senior network engineer conducts a deep-dive review of your firewall rule base, zone design, VPN configuration, and remote access controls — and delivers platform-specific hardening recommendations.
Platforms Covered
Fortinet FortiGateCisco ASA & FTDPalo Alto NetworksSophos XG / XGFWpfSense / OPNsenseCheck Point
Starting from
£950
Single firewall, remote delivery
Request Quote →
Remote or on-site available
Audit Scope
✓
Firewall Rule Base Review
Full audit of inbound and outbound rules — identify any-any rules, unnecessary open ports, shadow rules, and zero-hit rules that indicate poor hygiene.
✓
Zone & Segmentation Design
Review of WAN, DMZ, LAN, and any additional zones. Assess inter-zone policies and whether critical systems are appropriately isolated.
✓
VPN Configuration
Audit of site-to-site and remote access VPN — authentication requirements, cipher suites, MFA enforcement, and split-tunnelling policy.
✓
NAT & Routing Assessment
Review of NAT policies, published services, and routing configuration for security implications.
✓
Remote Access Controls
Assessment of all remote access mechanisms — VPN, ZTNA, jump hosts, RDP gateways — and their authentication and policy requirements.
✓
Hardening Recommendations
Platform-specific hardening guidance aligned with CIS Benchmarks and vendor best practices for your firewall model and version.
✓
Firmware & Patch Status
Verification of current firmware version against known CVEs and available updates. Identification of critical security patches not yet applied.
✓
Logging & Alerting
Review of log policy, retention configuration, and alerting rules. Verification that denied traffic, authentication failures, and policy changes are logged.
Common Findings We Uncover
Any-any outbound rules
Found on the majority of SMB firewalls. Allows malware to communicate freely.
VPN without MFA
Single password grants full network access from anywhere in the world.
Management UI on WAN
Admin panel reachable from the internet — common after missed hardening steps.
Legacy ciphers in VPN
3DES, RC4, and DES still configured on many firewalls installed before 2020.
No logging or log review
Incidents cannot be detected or investigated without firewall log collection.
Get Your Firewall Audited
Contact us to discuss your platform, scope, and timeline. Most firewall audits complete within 1–2 days of access.