Your firewall is running. We make sure it's actually protecting you.
24x7 monitoring, threat response, device management, and bi-annual security audits — delivered by certified Security Engineers for your existing Fortinet, Palo Alto, Cisco Firepower, or Cisco Meraki firewall.
Designed for SMBs with a single firewall and under 300 endpoints. Fixed scope, 36-month term, one point of contact.
While it sits unmanaged
Is anyone monitoring your firewall's security events around the clock, or only when something breaks?
Has your firewall firmware been updated in the last 90 days, and do you have a patching schedule?
Have your firewall rules been audited against industry best practices in the last 6 months?
Are your VPN access policies documented, enforced, and actively managed for your remote users?
What's Included
Four managed components. One monthly rate.
Monitoring, threat response, device management, and a bi-annual audit — all included in the recurring service fee.
24x7 Monitoring
Round-the-clock prevention and detection of threats against your firewall environment — hardware health, availability, performance, VPN tunnels, capacity, and security event correlation.
Hardware health, availability, and performance monitoring
VPN tunnel monitoring
Capacity monitoring
Security event monitoring and correlation
Quarterly reporting of security events and remediation steps
Threat Response
Resolution or mitigation of risk when a vulnerability is discovered or a security event occurs — our certified Security Engineers and Analysts own the response.
Security event response — resolution or risk mitigation
Vulnerability discovery and remediation coordination
Custom runbook — customer-tailored rules for triggered events
Certified Security Engineers and Analysts on every response
Device Management
Customer-requested and provider-recommended changes — firewall rules, NAT rules, remote VPN configuration, DNS filtering, policy audits, patch management, and device backups.
Remote VPN configuration and management
Firewall rules and NAT rules — changes on request
Web DNS filtering whitelisting and policy audits
Firmware patching and updates (valid vendor support license required)
Device configuration backup and change monitoring
Firewall Audit
A bi-annual audit of all firewall rules and policies — reviewed against industry best practices with documented recommendations to reduce your attack surface over time.
Bi-annual full firewall rule and policy review
Industry best practice comparison and gap identification
Documented recommendations delivered after each audit
Change control coordination for any remediation actions
Supported Platforms
Specific models. No guesswork on eligibility.
This service covers the following firewall models. If your device isn't on this list, contact us before quoting — eligibility is confirmed case by case.
Fortinet
Palo Alto Networks
Cisco Firepower
Cisco Meraki
Don't see your model? Contact us. If your firewall isn't on this list — whether it's a different model, a different vendor (Check Point, SonicWall, WatchGuard, Sophos, pfSense, and others), or a newer platform — we scope managed firewall engagements on a case-by-case basis. The standard list isn't the limit of what we can manage.
How It Works
From kickoff to live operations in 4–6 weeks.
A defined five-phase engagement — planning and implementation first, then ongoing monitoring and management for the duration of the 36-month term.
Planning
A Security Engineer collaborates with you to define the standard configuration and security policies. If replacing an existing firewall, the engineer reviews the current configuration and plans the migration for a seamless transition.
Security policy definition
Migration plan (if replacing existing firewall)
Standard configuration baseline
Implementation
Up to 5 networks or zones, 50 policies, and 3 vendor integrations are configured as part of the setup. All work performed remotely during agreed business hours.
Up to 5 networks or zones configured
Up to 50 policies implemented
Up to 3 vendor integrations
Documentation
A network diagram specifying the physical and logical location of the device is produced. A project completion report is delivered at close.
Network diagram (physical and logical)
Project completion report
Monitoring & Management
24x7 monitoring goes live — hardware health, VPN tunnels, capacity, and security events. Device management begins: configuration changes, backups, firmware patching, and change management coordination.
24x7 monitoring active
Device management operational
Change management process established
Ongoing Operations
Quarterly security event reporting, bi-annual firewall audit, and continuous device management. Term is 36 months. Any out-of-scope changes require a Change Order agreed by all parties.
Quarterly security event reports
Bi-annual firewall rule audit
Ongoing change management and patching
Who This Is For
Real environments. Real gaps.
Businesses with a supported firewall and no dedicated security team to manage it actively.
Professional Services Firm
50-person firm handling sensitive client data — one Fortinet firewall, no dedicated security staff, and clients starting to ask about security posture.
Fortinet 60F brought under 24x7 managed monitoring. Security policies defined and enforced. VPN for remote staff configured and managed. Quarterly reports available for client security reviews.
Medical Practice
Multi-physician clinic with a single Cisco Meraki MX — HIPAA-adjacent network with no active security monitoring or policy management.
Meraki MX75 enrolled in managed firewall service. Network segmentation defined for clinical vs. admin traffic. 24x7 monitoring active. Bi-annual audit produces documentation for HIPAA compliance reviews.
Growing Retail Business
Retail operation with a Palo Alto PA-400 — POS systems, guest Wi-Fi, and back-office all on the same firewall with factory-default policies and no ongoing management.
PA-400 enrolled. Firewall rules restructured — POS, guest, and back-office traffic separated with appropriate policies. NAT rules cleaned up. DNS filtering configured. Firmware patching on schedule.
Financial Advisory Office
Independent financial advisory firm with a Palo Alto PA-220 — regulatory environment requires documented security controls but no internal IT security expertise.
PA-220 under managed service. Custom runbook built for security events. Bi-annual audit produces policy documentation. Quarterly reports available for regulatory review. Remote VPN managed for advisors.
Light Manufacturing
Small manufacturer with a Cisco Firepower 1120 — operational technology and corporate IT on the same network segment, no active threat monitoring.
Firepower 1120 enrolled. Security event monitoring and correlation active 24x7. Network zones defined to separate OT from corporate. VPN tunnel monitoring added for remote access.
Law Firm
10-attorney firm handling sensitive client communications, case files, and financial records — one Fortinet firewall with factory-default policies and no active security monitoring.
Fortinet firewall enrolled under managed service. Firewall rules restructured to protect privileged client data. 24x7 monitoring active. Quarterly security reports available to satisfy client confidentiality obligations and cyber insurance requirements.
Responsibility Model
We manage the firewall. You run the business.
Ownership confirmed and signed at kickoff — no ambiguity about what we own and what stays with your team.
Zent
We own and execute
Shared
Both teams involved
Customer
You own or provide
Monitoring & Response
24x7 visibility and security event response.
24x7 firewall and security event monitoring
Hardware, VPN tunnels, capacity, and security events
Threat response and risk mitigation
We own the response when an event is triggered
Custom runbook maintenance
Tailored rules and actions for your environment
Quarterly security event reports
We produce — you review
Escalation contacts and business priorities
You define — we act within those parameters
Device Management
Configuration changes, patching, and backups.
Firewall rules and NAT rule changes
Customer-requested or provider-recommended
Remote VPN configuration
Setup, changes, and ongoing management
Firmware patching and updates
Valid vendor support license required — customer provides
Device configuration backups
Automatic — maintained continuously
Vendor support license maintenance
Customer responsibility to keep current
Audits & Change Control
Bi-annual audit, change management, and customer responsibilities.
Bi-annual firewall rule and policy audit
Full review against industry best practices
Change management coordination
All changes tracked through agreed process
Physical deployment and hardware
Not included — customer or separate field engagement
Hardware and software procurement
Customer responsibility prior to engagement
Maintenance window approval
You approve — we schedule within agreed windows
Common Questions
Before you ask — we've answered it.
Your firewall should be working for you, not sitting unmanaged.
24x7 monitoring, threat response, policy management, and bi-annual audits. All managed on a fixed 36-month term.
Covers Fortinet, Palo Alto, Cisco Firepower, and Cisco Meraki MX. Single firewall, under 300 endpoints.