Firewall and NGFW Implementation
91% of attacks start from network traffic. Next-generation firewall blocks threats before they reach systems. We design, implement and maintain Fortinet and Cisco solutions with 99.9% SLA.
What is a Next-Generation Firewall (NGFW)?
A Next-Generation Firewall (NGFW) is an advanced network device combining traditional traffic filtering with SSL/TLS inspection, IPS, application control, and zero-day threat protection. nFlo designs, implements, and maintains Fortinet and Cisco solutions with 99.9% SLA — deployment within 2 weeks.
Traditional firewalls don't see 80% of modern threats
NGFW tailored to your environment
Design
Architecture matched to business and budget
Implementation
Configuration, migration, tests without downtime
24/7 Support
Maintenance, optimization, 99.9% SLA
Firewall Let Ransomware Through for 3 Months
Logistics company had traditional firewall checking only ports and IP. Ransomware communicated with C2 via HTTPS (port 443) - firewall passed it without inspection. Malware waited 3 months collecting data and privileges. Weekend attack: 90% systems encrypted. Cost: €2M downtime + €50k ransom.
Without modern NGFW:
- No encrypted traffic inspection (80% of attacks hidden in SSL/TLS)
- No application control - only ports (Dropbox = Facebook = HTTPS:443)
- Don’t know who connects where (no user identification)
- Don’t meet NIS2, PCI DSS and cyber insurance requirements
Complete Implementation - From Design to 24/7 Support
We don’t just sell hardware. We design architecture matched to your business, migrate rules without downtime, train team and provide 24/7 support with 99.9% SLA. You know your network is protected by experts.
What you get:
- Environment assessment and requirements analysis (security, performance, HA)
- Architecture design (standalone, HA, clustering, SD-WAN)
- Solution selection matched to budget and requirements
- Migration from existing firewall without production downtime
- Security policy configuration (App Control, IPS, AV, SSL inspection)
- Integration with Active Directory, SIEM, NAC
- Functional, performance and penetration tests
- Documentation (network diagrams, policy matrix, runbooks)
- IT team training on management and troubleshooting
- Optionally: managed firewall 24/7 from us
Who Is It For?
This service is for you if:
- You have outdated firewall and need upgrade to NGFW
- You’re expanding infrastructure and need new locations
- You’re subject to NIS2, PCI DSS and need compliance
- You want visibility and control over application traffic
- You need expert support - don’t have in-house resources
Why NGFW?
Next-Generation Firewall is more than traditional firewall:
NGFW vs Traditional Firewall Capabilities
| Function | Traditional FW | NGFW |
|---|---|---|
| Port/IP Control | ✓ | ✓ |
| Application Control | ✗ | ✓ (e.g., block Facebook, YouTube) |
| User Identity | ✗ | ✓ (AD integration) |
| SSL/TLS Inspection | ✗ | ✓ (scans encrypted traffic) |
| IPS/IDS | Optional | ✓ built-in |
| Advanced Malware Protection | ✗ | ✓ (sandboxing, AI) |
| Threat Intelligence | ✗ | ✓ (updates every 5 min) |
| Reporting | Basic | Advanced dashboards |
Use Case Examples
Application Control: “Block Dropbox for everyone except IT department”
User-based policies: “Marketing can access YouTube, finance cannot”
SSL Inspection: “Scan encrypted traffic for malware”
Geo-blocking: “Block connections from Russia, China, North Korea”
Supported Platforms
Fortinet FortiGate
Performance and security effectiveness leader (NSS Labs):
- Entry: FortiGate 40F-100F (small offices, 50-200 users)
- Mid-range: FortiGate 200F-600F (medium companies, 200-2000 users)
- High-end: FortiGate 1000F-7000F (data center, ISP)
- Capabilities: Security Fabric, SD-WAN, FortiGuard Services
- Our competencies: NSE 4, NSE 7, NSE 8
Typical price: from €3,750 (FG-60F) to €125,000+ (FG-3000F)
Cisco Secure Firewall (Firepower)
Integrated security for Cisco ecosystem:
- Firepower 1000 Series (small branch)
- Firepower 2100 Series (medium branch, campus)
- Firepower 4100/9300 (data center)
- Capabilities: Snort 3 IPS, Talos Intelligence, SecureX
Typical price: from €7,500 (FPR-1010) to €150,000+ (FPR-4150)
Engagement Models
Implementation Project
One-time firewall implementation:
- Assessment and design
- Hardware delivery and installation
- Configuration and migration
- Tests and training
- Management handover
Time: 2-6 weeks | Price: from €7,500 (work) + hardware and licenses
Managed Firewall
Full management by nFlo:
- Firewall implementation
- 24/7/365 management
- Rule changes (SLA: 4h)
- Monitoring and alerts
- Monthly reports
- Incident response support
Price: from €1,250/month (+ hardware and licenses in lease)
Support and Maintenance
Support for existing firewall:
- 24/7 helpdesk
- Configuration changes
- Troubleshooting and diagnostics
- Quarterly health checks
- Firmware and license upgrades
Price: from €750/month
Related Glossary Terms
Learn more about key concepts related to this service:
Contact your account manager
Discuss Firewall and NGFW Implementation with your dedicated account manager.
How we work
Our proven service delivery process.
Assessment
Requirements analysis and current architecture audit
Design
Architecture and security policy design
Implementation
Deployment, configuration, rule migration
Testing
Functional, performance, security tests
Handover
Documentation, training, management handover
Benefits for your business
What you gain by choosing this service.
Threat Protection
Block malware, ransomware, exploits in real-time
Traffic Visibility
Know who, what and when sends through network
Regulatory Compliance
Meet NIS2, PCI DSS, ISO 27001 requirements
Business Continuity
HA/redundancy, 99.9% SLA, 24/7 support
Related Articles
Expand your knowledge with our resources.
CVE-2021-4477: Hirschmann HiLCOS OpenBAT and BAT450 products contain a firewall bypass vulnerability in IPv6...
Hirschmann HiLCOS OpenBAT and BAT450 products contain a firewall bypass vulnerability in IPv6 IPsec deployments that allows traffic from VPN connections to bypass configured firewall rules. Attackers ...
Read more →CVE-2024-40489: There is an injection vulnerability in jeecg boot versions 3.0.0 to 3.5.3 due to lax character...
There is an injection vulnerability in jeecg boot versions 3.0.0 to 3.5.3 due to lax character filtering, which allows attackers to execute arbitrary code on components through specially crafted HTTP ...
Read more →CVE-2026-20131: Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management Deserialization of Untrusted Data Vulnerability
Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management contain a deserialization of untrusted data vulnerability in the web-based management ...
Read more →Frequently Asked Questions
Common questions about Firewall and NGFW Implementation.
How much does NGFW firewall implementation cost?
Implementation project (work): from €7,500 for simple standalone, €12,500-20,000 for HA cluster with migration. Hardware: Fortinet from €3,750, Cisco from €7,500. Annual licenses: 20-40% of hardware price.
How long does firewall implementation take?
Simple standalone firewall: 1-2 weeks. HA cluster with legacy migration: 4-6 weeks. Includes assessment, design, implementation, tests and training. Rule migration happens without production downtime during maintenance window.
Can you take over management of existing firewall?
Yes - we support Fortinet and Cisco. First we do health check, update firmware/licenses, then take over 24/7 management. Managed firewall model from €1,250/month with 4h SLA for rule changes.
Does NGFW firewall slow down network?
Modern NGFWs are designed for high performance. Fortinet FG-200F: 20 Gbps throughput, 2.4 Gbps with IPS+AV. Cisco FPR-2130: 10 Gbps throughput, 4.5 Gbps with IPS. During design we match model to your traffic with 30% headroom.