Skip to content
Network & Infrastructure · CCNP + OSCP led

Audit & harden your
Firewall Rules

FortiGate and security architecture reviews by a practitioner who holds CCNP, Fortinet, and OSCP together. We find the 30 – 200 stale or over-permissive rules hiding in your network and the segmentation gaps an attacker would exploit in minutes.

CCNP + Fortinet + OSCP combined lead Read-only review — zero downtime Free 30-day retest of high-severity fixes

0h Quote Turnaround
0d Typical Delivery
0d Free Retest
0+ Rules Reviewed Avg
Methodology NIST SP 800-53 NIST SP 800-207 (Zero Trust) CIS Controls v8 ISO 27001 Annex A PCI DSS Segmentation

Pricing — Four tiers

Pick your scope, lock the fee

From single-firewall audits for SMEs to multi-site DC + branch architecture reviews.

Starter

AED 12,000

Ideal for: Small UAE companies running a single small FortiGate (or equivalent).

  • Single small FortiGate review
  • Basic ruleset audit
  • High-priority misconfiguration findings
  • Remediation walkthrough call
  • Full configuration audit
  • Multi-firewall correlation

Designed for UAE SMEs under 30 employees. One-time engagement, no retest included.

Get a quote

Essentials

AED 18,000

Ideal for: Single-site companies that need a thorough firewall audit.

  • Single FortiGate review — full configuration audit
  • Ruleset hygiene + shadow rule analysis
  • Threat-feed and IPS profile review
  • VPN and remote-access posture
  • Prioritised remediation report
  • Network segmentation review
  • Multi-site / DC-to-branch design
Get a quote

Enterprise

AED 55,000–80,000

Ideal for: Multi-site organisations with DC, branch, and cloud edge.

  • Multi-site architecture review (DC + cloud + branch)
  • Hybrid edge + SD-WAN + cloud security gateway
  • Zero-trust segmentation roadmap
  • Disaster-recovery and failover validation
  • Quarterly architecture re-review for 12 months
  • OT/ICS environments (separate quote)
  • Hardware procurement & installation
Get a quote

Not sure which tier fits?

Book a 20-min scoping call

Year 2 — 2027 roadmap

Implementation services that build on Year-1 assessment work.

2027

Zero Trust Architecture Design

End-to-end ZTNA design — identity-driven, least-privilege, segmentation-first. For clients ready to replace VPN and flat networks.

2027

Network Segmentation Implementation

Hands-on segmentation delivery — VLAN redesign, microsegmentation, PCI zone carve-out. Built with your network team, documented for your auditor.

Why this matters for UAE

Flat networks. Stale rule sets. Perimeter trust.

Most UAE mid-market networks are flat, perimeter-trusting, and running firewall rule sets that haven't been reviewed in years. FortiGate is the dominant platform in the region — and most organisations we've seen have 30 – 200 stale or overly permissive rules that an attacker would exploit in minutes.

Paired with our penetration testing work, a firewall and architecture review gives you the full picture: how the network is designed vs. how an attacker would actually move through it. Two perspectives, one team, one coordinated program.

FAQ

Common questions

Will the review cause downtime or affect production traffic?
No. The review is read-only — we work from configuration exports, packet captures, and a read-only admin account on your firewall management. No rule changes happen without your explicit approval and a change-control window. Production traffic is unaffected.
Do you only review FortiGate, or other firewall vendors too?
FortiGate is our primary specialty (it's the dominant platform in UAE), but we also review Cisco ASA / Firepower, Palo Alto, Check Point, and SonicWall. The rule-set hygiene principles (least privilege, segmentation, deny-by-default) are vendor-neutral. Tell us what you have and we'll confirm coverage upfront.
What's the difference between a Firewall Review and an Architecture Review?
Firewall Review goes deep into your existing rules and configuration — shadowed rules, overly permissive ANY-ANY entries, missing logging, weak ciphers, outdated firmware. Tactical and immediate. Architecture Review steps back and asks if the network design itself is sound — segmentation strategy, DMZ posture, VPN boundaries, zero-trust readiness, target-state diagrams. Strategic and forward-looking. Most clients need both — we can bundle.
Will you implement the recommended changes, or just hand over a report?
Both options are available. The default deliverable is a risk-rated findings report with a prioritised remediation plan. If you prefer, we can co-implement the changes alongside your network team in a change-controlled window — knowledge transfer included so your engineers own the result, not us.
How does this work pair with penetration testing?
Excellently. A firewall + architecture review tells you how your network is *supposed* to behave; an internal pen test tells you how an attacker would *actually* move through it. Running them together (or sequentially in the same engagement) gives you the highest-fidelity view of network risk — and we coordinate findings so nothing falls between the gaps.
Will this support our ISO 27001, NESA, or PCI DSS compliance work?
Yes. Findings are mapped to ISO 27001 Annex A (8.20–8.23 network controls), UAE IA V2, ADHICS v2, and PCI DSS Requirement 1 (network security) on request. The remediation evidence we produce is suitable for auditor review. PCI segmentation testing is available as an add-on if your CDE needs it.

When did someone last review your firewall rules?

Book a free 30-minute scoping call. We'll scope the review, deliver a risk-rated findings report, and walk your network team through every change we recommend.

Book a Free Scoping Call
Book a Free Scoping Call