We help IT Professionals succeed at work.

Firewall advice

Hi,  we recently disconnected our Cisco firewall ASA 5510 when upgrading to a new T3 line through our ISP Qwest. Qwest informed us we no longer needed our firewall, and we provided configuration for the firewall to qwest. They said they have a firewall on their own network and to call them should i need any configuration changes.

My question is, did i make a mistake removing my Cisco firewall and going to qwest, does this leave me open or vulnerable to attacks? We have over 50 clients and 4 servers on our network. Thanks, any advise would be greatly appreciated.
Watch Question

Top Expert 2010
I'm a control freak and would NEVER let a vendor manage my firewall.  If you don't have access to the appliance, then you DON'T know what they are letting through.  Essentially, they are taking liability for the security of your internal network.  In the end, are they going to claim responsibility if they let someone through that isn't authorized?  Doubt it.  Also, if you need to make changes, you have to contact them now.  How long is THAT going to take?

You need to keep your firewall.  They should oblige you and make the necessary configurations so you can manage your own firewall appliance.
Did you sign up for some sort of managed customer contract? Did they give you a new router with an integrated firewall that they manage now? I mean are you on some sort of private ip network that they have?  You need to keep the firewall I am with digitap I dont like having to wait on some other company to make a change for me.  Plus I am worried they will mess something else up.  We have a company that handles our IPS but in order to do that we had to have a co-managed firewall which isnt to bad. At least I can still get in there and do the things I need to do.  
do you have a contract with the isp that details the firewall delegation to them? here are legal matters that you need to agree with them.  they can run virtual firewalls on the same box for multiple clients and just charge you an extra fee for that.
Do they charge you for additional changes?
If you have connectivity problems they will be able to assist you free of charge?
you can always keep your firewall on your side just as a backup solution or  to be sure you have control of the policies.
If there is a problem on their firewall for another customer do they need to reboot it?

At the end there are several things you should take into account:
1. price (initial, updates, troubleshooting)
2. availability - 24x7
3. performance - have you noticed a degradation of your service due to firewall?


thanks guys,  thats what i was thinking. But i was wondering if there was anyone who would say, "Qwest is a great firewall solution, sell your Cisco firewall on ebay and forget about it!"
Top Expert 2010

That would certainly be nice, but where's the job security in that!!  Thanks for the points!