Firewall and Network Security

Your network needs a perimeter

A firewall sits at the boundary between your internal network and the internet, enforcing rules about what traffic is allowed in and out. A simple firewall blocks obvious threats. An enterprise firewall does much more: it inspects the content of traffic for malware, enforces policies on what applications can access the network, prioritises critical business traffic during congestion, and logs everything for audit and forensics.

Sentire deploys firewalls matched to your business size and security requirements. For SMEs in Nairobi, that typically means a Sophos XGS or Mikrotik appliance configured with the policies your business needs.

Sophos XGS firewalls

Sophos XGS appliances range from small (suitable for offices with 20 to 50 users) to large (suitable for multi-hundred-user deployments). We configure them with threat protection including antivirus scanning of outbound traffic, ransomware detection, and intrusion prevention. They integrate with Sophos's managed detection and response platform so that detections on your firewall can trigger incident response. If you're also using Sentire's cybersecurity services, a Sophos firewall gives you unified visibility and faster response.

Mikrotik routers and firewalls

Mikrotik is a popular choice in East Africa for cost-sensitive deployments. RouterOS (Mikrotik's operating system) is powerful and flexible, with excellent VLAN support and sophisticated traffic control. A Mikrotik device typically costs significantly less than a Sophos XGS of equivalent performance. We configure Mikrotik firewalls with appropriate security policies, though Mikrotik doesn't include the advanced threat inspection that Sophos does. For businesses needing pure network control and lower cost, Mikrotik is a solid choice. For businesses needing advanced malware detection, Sophos is better.

VPN for remote and branch office access

Site-to-site VPN

If you have multiple offices. Nairobi HQ plus a branch in Mombasa. a site-to-site VPN tunnels traffic between the two firewalls over the internet. Users in either office access servers and files in either location as if they're on the same network. We configure the VPN with strong encryption and authentication, and set up failover so that if the primary ISP link goes down, the backup link takes over automatically.

Remote access VPN

Employees working from home or travelling can connect to the office VPN, gaining secure access to internal resources without exposing them directly to the internet. We configure this with multi-factor authentication so that a stolen password alone can't compromise access. During and after COVID, remote access VPN became essential infrastructure. Properly configured, it's both secure and reliable.

VLAN segmentation for network isolation

A VLAN (virtual local area network) is a way to divide a physical network into multiple logical segments. For example, you might put your finance department on one VLAN and your operations team on another. Traffic between VLANs is routed through a firewall where you can enforce rules about what's allowed. This isolates sensitive data (like financial records) from casual network access. It also limits the spread of malware. if a laptop on the operations VLAN gets compromised, it can't directly access finance servers.

We design VLAN layouts that match your business structure. typically separating management, staff, guests, and servers onto different segments. This adds a layer of security that's especially valuable in Nairobi's growing threat environment.

Firewall policies and ongoing management

Once a firewall is deployed, policies define the rules it enforces. What traffic is allowed to exit your network? What inbound connections are blocked? What applications can your staff use? We set sensible baseline policies and then tune them based on your business needs. As part of ongoing managed IT support, we review firewall logs, tune policies if necessary, and coordinate with Sentire's cybersecurity team if threats are detected.