š„Firewall Vendors Have Given SD-WAN a Bad Name ā Itās Time to Address the Gapš§±
Why Firewall Vendors' SD-WAN Solutions Often Fail & How to Improve Them
Driving SD-WAN Adoption in South Africa
For years, firewalls have been the de facto perimeter security device in enterprise networks. With the rise of SD-WAN, firewall vendors saw an opportunity to expand their offerings, positioning their devices as all-in-one security and networking solutions.
Thereās just one problem: most firewall administrators are trained in security, not networking.
And when you take an SD-WAN solution that requires a deep understanding of routing, traffic engineering, and connectivity, then hand it to someone who has only ever configured security rulesā¦ well, itās a recipe for disaster.
The result? Botched deployments, unstable networks, and a growing perception that SD-WAN ādoesnāt work.ā But the real issue isnāt SD-WAN itselfāitās the fact that firewall vendors are selling a networking product to security professionals who often lack the fundamental networking knowledge to implement it correctly.
Letās unpack why this is a problemāand how to fix it.
Firewalls | The Swiss Army Knife That No One Knows How to Use
Firewalls have evolved into complex, multifunctional devices. They offer deep packet inspection, intrusion prevention, VPN termination, traffic shaping, and even SD-WAN.
But hereās the kicker: if your administrators donāt know how to properly use these tools, theyāre not helpfulātheyāre dangerous.
Imagine giving someone a Swiss Army knife who doesnāt even know how to open it. They might:
š¹ Use the wrong tool for the job ā Configuring SD-WAN like a firewall rule set, leading to poor traffic management
š¹ Not know what each blade does ā Failing to understand BGP, OSPF, path selection, and QoS
š¹ Panic when things go wrong ā Resorting to trial-and-error troubleshooting instead of methodical network analysis
The same is happening with firewall-based SD-WAN. Security admins, trained to think in terms of rules and policies, are suddenly expected to configure routing, link bonding, packet loss mitigation, and failover policies.
The outcome? Broken implementations, frustrated businesses, and SD-WAN being blamed for the failures.
Security vs. Connectivity | The Missing Knowledge Gap
Most firewall admins are brilliant at securityābut many lack a solid foundation in networking and telecommunications.
š„ What Firewall Admins Know Well:
ā Writing and managing firewall rules
ā Threat detection and response
ā VPN configuration
ā Application-layer security policies
š What They Often Struggle With:
š§ BGP, OSPF, and dynamic routing protocols
ā” QoS, packet prioritization, and traffic shaping
š” WAN architecture and transport technologies
š Link bonding, SD-WAN path selection, and failover mechanisms
This knowledge gap is the Achillesā heel of firewall-based SD-WAN deployments.
Firewall vendors assume that their customers understand networking, when in reality, most firewall admins have spent their careers focusing on security policy enforcementānot network engineering.
This leads to:
ā Poorly designed SD-WAN deployments that donāt fully utilize path diversity, traffic steering, or redundancy
ā Misconfigured failover policies, causing unnecessary downtime or inefficient link utilization
ā Over-reliance on static policies, because admins donāt understand dynamic network behaviors
ā Blame shiftingāwhen things break, instead of diagnosing the real issue, the entire SD-WAN concept gets written off
How Firewall-Based SD-WAN Damages the Market
Because so many firewall-based SD-WAN deployments fail, the entire SD-WAN industry suffers a credibility problem.
šØ āSD-WAN doesnāt work!ā
šØ āWe tried SD-WAN, and it made things worse.ā
šØ āWe went back to MPLS because SD-WAN was a disaster.ā
These complaints arenāt about SD-WAN as a conceptātheyāre about poor implementations driven by a lack of understanding.
And unfortunately, firewall vendors have made it worse by:
š¹ Overpromising ease-of-use ā Claiming SD-WAN is as simple as āturning it onā
š¹ Overcomplicating deployments ā Requiring vendor-specific approaches that donāt follow best practices
š¹ Failing to address the skills gap ā Selling networking solutions to security admins without proper training
SD-WAN is not just another firewall feature. Itās a comprehensive network architecture shiftāand treating it as a bolt-on function leads to failure.
How Do We Fix This?
If businesses want to successfully deploy SD-WAN, they need to recognize that it isnāt a security toolāitās a networking solution.
ā 1. Stop Treating SD-WAN Like a Firewall Feature
SD-WAN requires network engineering expertise, not just security rule management. Organizations should stop expecting firewall admins to handle SD-WAN without proper training.
š 2. Invest in Networking Education for Firewall Teams
If firewall teams must manage SD-WAN, they need proper networking training. Topics should include:
ā WAN architecture and how different transports behave
ā Dynamic routing (BGP, OSPF) and how it impacts SD-WAN
ā Traffic engineering, QoS, and packet prioritization
ā Path selection algorithms and active failover policies
š 3. Consider SD-WAN-Specific Solutions
Businesses shouldnāt default to a firewall vendorās SD-WAN just because they already own the hardware. Pure-play SD-WAN vendors, like Fusion Broadband South Africa, focus on networking-first designs with:
ā
Simplified SD-WAN deploymentāavoiding unnecessary security complexities
ā
Better automation and visibilityāso networking teams can monitor performance easily
ā
True transport independenceāoptimizing performance across all link types
šÆ 4. Separate Security from Connectivity
The firewall should focus on securityānot WAN optimization and SD-WAN routing. By separating SD-WAN and firewall functions, businesses can:
ā Improve SD-WAN reliability by having dedicated tools for networking, path selection, and failover
ā Reduce complexityāinstead of overloading firewalls with functions they werenāt designed for
ā Enhance securityāby letting the firewall do what it does best
Wrapping up | Time to Restore SD-WANās Reputation
SD-WAN isnāt the problem. Firewall vendors selling SD-WAN to security professionals without networking expertise is.
Itās time for businesses to stop expecting security admins to be network engineers and start recognizing that SD-WAN is a networking discipline, not a firewall add-on.
By bridging the knowledge gap, investing in proper SD-WAN solutions, and separating security from connectivity, businesses can finally experience SD-WAN as it was meant to beāpowerful, resilient, and transformational. š
