What is Firewall as a Service (FWaaS) and Why You Need It

Since the beginning of networks, the lynchpin of network security has been the firewall.  The first network firewalls appeared in the late 1980s, and gained almost universal acceptance by the early 1990s.  It was not until 2009 when firewalls as we know them started to undergo a significant change with the rise of the Next Generation Firewall (NGFW) that performs deep inspection of traffic.

In 2017, Gartner’s analyst Greg Young published Hype Cycle for Threat-Facing Technologies where he describes Firewall as a Service (FWaaS) as a category “on the rise” with a “high benefit” rating. So what is a Firewall as a Service and why do you need it?

What is FWaaS, and Why Do You Need It?

FWaaS is a new type of a Next Generation Firewall. According to Gartner’s report, Firewall as a Service is a firewall delivered as a cloud-based service that allows customers to partially or fully move security inspection to a cloud infrastructure.

It does not just conceal physical firewall appliances behind a cloud of smoke and mirrors, but actually eliminates the appliance altogether. With this technology, an organization’s sites are connected to a single, logical, global firewall with a unified application-aware security policy.

FWaaS takes advantage of advances in software and cloud technologies, to deliver a wide range of network security capabilities on-demand wherever businesses need, including URL filtering, network forensics, and infection prevention. All enterprise traffic from datacenters, branches, mobile users, and cloud infrastructure are aggregated into the cloud. This allows a comprehensive security policy to be enforced on WAN and Internet traffic, for fixed location and mobile users.


Compared to traditional firewalls, FWaaS improves scalability, provides a unified security policy, improves visibility, and simplifies management.  These features allow an organization to spend less time on repetitive tasks such as patching and upgrades, and provides the responsive scalability to fast-changing business requirements


FWaaS provides the necessary resources to perform complete security processing on all traffic, as opposed to physical appliances. IT staff also no longer need be concerned about capacity planning when upgrading security appliances. This elastic capacity allows for the rapid deployment of additional sites and changes in bandwidth requirements.

Unified Policy

Despite the presence of centralized management consoles, uniform policy management across all devices is difficult to achieve, especially if there is a mix of models or vendor products. For example, if some branch locations are not connected via MPLS, separate firewalls may be required, forcing security administrators to manage separate network security policies. FWaaS eliminates those issues by uniformly applying the security policy on all traffic, for all locations and users.  


Solutions such as Secure Web Gateways in the Cloud don’t provide visibility to the WAN.  Thus, a separate firewall solution is required for the WAN. Both Secure Web Gateways and physical or virtual firewalls deployed in the cloud also don’t allow the ability to connect mobile users back to the office.  With FWaaS and SD-WAN, one logical network allows for full visibility and control.

All WAN and Internet traffic, both unencrypted and encrypted, is visible to the firewall, meaning there are no blind spots and no need to deploy and monitor multiple appliances.  


Managing physical firewall appliances means maintaining the software through patches and upgrades, which introduces additional risks as upgrades can fail or are skipped altogether. With FWaaS, there’s no need to size, upgrade, patch, or refresh firewalls. Finally, IT staff can focus on delivering true value to the business through early detection and mitigation of risks without endlessly fidgeting with appliance maintenance tasks.

But What About The Cloud?

The Gartner report Hype Cycle for Threat-Facing Technologies, 2017 warns that while FWaaS has fast growth potential, vendors need to provide more than cost-effectiveness to convince enterprises to embrace a cloud infrastructure as a core security component. Consistently good latency need to be prioritized, and failure to integrate with other cloud services and SD-WANs is not acceptable.

The FWaaS solution from Cato Networks addresses this concern by providing Firewall as a Service (FWaaS) as part of an optimized, global SD-WAN service, ensuring resilient connectivity to its FWaaS from any region or cloud service.

Plans of the Future are Better Than the History of the Past