Firewalls that pass Cyber Essentials.
Boundary firewalls and internet gateways are the first of the five Cyber Essentials controls. IP Four reviews, configures, and documents your firewall estate so it meets the standard and passes assessor scrutiny first time.
100%
First-Time Pass Rate
4-6 Wks
Average Certification Time
500+
UK Businesses Certified
5
Controls Covered End-to-End
Firewall capabilities for Cyber Essentials compliance.
Boundary Firewall Review
Assess existing perimeter firewalls against Cyber Essentials requirements and identify gaps in rule sets and zone configurations.
Internet Gateway Configuration
Configure internet-facing gateways to block inbound connections that are not explicitly required for business operations.
Default Deny Policy
Implement default-deny inbound rules so only approved services and ports are reachable from the internet.
Host-Based Firewall Deployment
Enable and configure host-based firewalls on all in-scope devices including laptops, desktops, and servers.
Firewall Rule Documentation
Produce a documented firewall rule set with business justification for each permitted inbound service, ready for assessor review.
Change Management Process
Establish a lightweight change management process for firewall rules to maintain compliance after certification.
Our firewall compliance process.
Scope Definition
Identify all devices and network segments in scope for Cyber Essentials, including cloud services and remote workers.
Current State Review
Audit existing firewall configurations, rule sets, and gateway settings against the Cyber Essentials technical requirements.
Gap Identification
Produce a prioritised gap report listing every firewall control that does not currently meet the standard.
Remediation
Implement required changes to boundary firewalls, internet gateways, and host-based firewalls across all in-scope devices.
Evidence Gathering
Capture screenshots, configuration exports, and policy documents required to evidence compliance during assessment.
Assessor Submission
Submit firewall evidence as part of the full Cyber Essentials application and support the assessor through any queries.
Firewall compliance delivered across the UK.
Challenge: A 60-person law firm had no documented firewall rules and multiple unnecessary inbound ports open on their internet gateway.
Outcome: IP Four closed all unnecessary ports, documented the remaining rule set, and enabled host-based firewalls on all devices. The firm passed Cyber Essentials first time.
Challenge: A health tech company needed Cyber Essentials to supply to NHS trusts but had cloud infrastructure with overly permissive security groups.
Outcome: IP Four reviewed and tightened AWS security groups, configured host-based firewalls on all endpoints, and produced assessor-ready documentation within two weeks.
Challenge: An engineering firm had a mix of on-premise and remote workers with inconsistent firewall configurations across devices.
Outcome: IP Four standardised host-based firewall policies via Group Policy, reviewed the perimeter firewall, and delivered a compliant configuration across all 45 devices.
Ready to meet the firewall control and get certified?
We start with a free review of your current firewall configuration and tell you exactly what needs to change. No jargon, no unnecessary work, just a clear path to certification.