Does an office without a server really need a firewall?

Many companies are faced with the question: ‘Is a firewall necessary if no servers are operated at the site, but only switches, access points and printers are available?’
The clear answer is: Yes – and with good reason.

A firewall is more than just server protection

Firewalls are often associated with server protection. In reality, however, a firewall fulfils a much more comprehensive function: it is the central control point for all network communication.

Firewalls control, segment and protect all devices in the network – regardless of whether a server is present or not.

Securely manage network devices

Even in an office without a server, there are still a number of network elements that need to be protected and managed:

• Switches
• Access points
• Printers
• End devices such as notebooks and desktops

Without a firewall, the following are missing:

• Control over incoming and outgoing traffic
• Ability to segment into VLANs
• Centralised management of security rules
• Visibility in the form of logs and monitoring

The firewall provides policy management for network access, which is essential in heterogeneous environments.

BYOD – Protection for mixed devices

Private devices (BYOD) are widespread in modern working environments. Without a controlling authority such as a firewall, company and private devices are located in the same network segment. This poses risks:

• Uncontrolled access to internal resources
• Lack of isolation between business and private traffic
• Lack of enforcement of security policies

With a firewall, device classes can be specifically separated, permissions defined and unwanted access blocked – a clear added value for security and overview.

Firewalls often replace internet routers

Many providers supply routers that offer limited configuration options and often lack a genuine set of security features. A firewall takes over and extends this functionality:

• Routing & NAT
• Firewall rules, traffic control
• VPN functionality (site-to-site, remote access)
• Content filtering, intrusion prevention
• Central logging

This allows the provider router to be set to bridge mode and replaced by the firewall. This reduces hardware complexity and increases security at the same time.

This blog article offers a deeper look at a modern firewall platform such as OPNsense: https://www.open-circle.ch/en/opnsense/

Printers as underestimated risk factors

Multifunction devices such as network printers continuously store data, have their own operating systems and offer web interfaces for configuration. These devices often have the following characteristics:

• Local hard drives with user data
• Web management interfaces
• Protocols such as SMB, IPP, SMTP
• Rarely regular security updates

Without the protection of a firewall, these devices remain potential gateways. A firewall enables:

• Segmentation into dedicated VLANs
• Strict service and protocol rules
• Outgoing defined connections
• Blocking of unwanted inbound access

Summary of network risks and firewall benefits