For years, firewalls have been the de facto perimeter security device in enterprise networks. With the rise of SD-WAN, firewall vendors saw an opportunity to expand their offerings, positioning their devices as all-in-one security and networking solutions.

There’s just one problem: most firewall administrators are trained in security, not networking.

And when you take an SD-WAN solution that requires a deep understanding of routing, traffic engineering, and connectivity, then hand it to someone who has only ever configured security rules… well, it’s a recipe for disaster.

The result? Botched deployments, unstable networks, and a growing perception that SD-WAN “doesn’t work.” But the real issue isn’t SD-WAN itself—it’s the fact that firewall vendors are selling a networking product to security professionals who often lack the fundamental networking knowledge to implement it correctly.

Let’s unpack why this is a problem—and how to fix it.

Firewalls | The Swiss Army Knife That No One Knows How to Use

Firewalls have evolved into complex, multifunctional devices. They offer deep packet inspection, intrusion prevention, VPN termination, traffic shaping, and even SD-WAN.

But here’s the kicker: if your administrators don’t know how to properly use these tools, they’re not helpful—they’re dangerous.

Imagine giving someone a Swiss Army knife who doesn’t even know how to open it. They might:

🔹 Use the wrong tool for the job – Configuring SD-WAN like a firewall rule set, leading to poor traffic management
🔹 Not know what each blade does – Failing to understand BGP, OSPF, path selection, and QoS
🔹 Panic when things go wrong – Resorting to trial-and-error troubleshooting instead of methodical network analysis

The same is happening with firewall-based SD-WAN. Security admins, trained to think in terms of rules and policies, are suddenly expected to configure routing, link bonding, packet loss mitigation, and failover policies.

The outcome? Broken implementations, frustrated businesses, and SD-WAN being blamed for the failures.

Security vs. Connectivity | The Missing Knowledge Gap

Most firewall admins are brilliant at security—but many lack a solid foundation in networking and telecommunications.

🔥 What Firewall Admins Know Well:

✔ Writing and managing firewall rules
✔ Threat detection and response
✔ VPN configuration
✔ Application-layer security policies

🌍 What They Often Struggle With:

🚧 BGP, OSPF, and dynamic routing protocols
⚡ QoS, packet prioritization, and traffic shaping
📡 WAN architecture and transport technologies
🔀 Link bonding, SD-WAN path selection, and failover mechanisms

This knowledge gap is the Achilles’ heel of firewall-based SD-WAN deployments.

Firewall vendors assume that their customers understand networking, when in reality, most firewall admins have spent their careers focusing on security policy enforcement—not network engineering.

This leads to:

❌ Poorly designed SD-WAN deployments that don’t fully utilize path diversity, traffic steering, or redundancy
❌ Misconfigured failover policies, causing unnecessary downtime or inefficient link utilization
❌ Over-reliance on static policies, because admins don’t understand dynamic network behaviors
❌ Blame shifting—when things break, instead of diagnosing the real issue, the entire SD-WAN concept gets written off

How Firewall-Based SD-WAN Damages the Market

Because so many firewall-based SD-WAN deployments fail, the entire SD-WAN industry suffers a credibility problem.

🚨 “SD-WAN doesn’t work!”
🚨 “We tried SD-WAN, and it made things worse.”
🚨 “We went back to MPLS because SD-WAN was a disaster.”

These complaints aren’t about SD-WAN as a concept—they’re about poor implementations driven by a lack of understanding.

And unfortunately, firewall vendors have made it worse by:

🔹 Overpromising ease-of-use – Claiming SD-WAN is as simple as “turning it on”
🔹 Overcomplicating deployments – Requiring vendor-specific approaches that don’t follow best practices
🔹 Failing to address the skills gap – Selling networking solutions to security admins without proper training

SD-WAN is not just another firewall feature. It’s a comprehensive network architecture shift—and treating it as a bolt-on function leads to failure.

How Do We Fix This?

If businesses want to successfully deploy SD-WAN, they need to recognize that it isn’t a security tool—it’s a networking solution.

✅ 1. Stop Treating SD-WAN Like a Firewall Feature

SD-WAN requires network engineering expertise, not just security rule management. Organizations should stop expecting firewall admins to handle SD-WAN without proper training.

📚 2. Invest in Networking Education for Firewall Teams

If firewall teams must manage SD-WAN, they need proper networking training. Topics should include:
✔ WAN architecture and how different transports behave
✔ Dynamic routing (BGP, OSPF) and how it impacts SD-WAN
✔ Traffic engineering, QoS, and packet prioritization
✔ Path selection algorithms and active failover policies

🔄 3. Consider SD-WAN-Specific Solutions

Businesses shouldn’t default to a firewall vendor’s SD-WAN just because they already own the hardware. Pure-play SD-WAN vendors, like Fusion Broadband South Africa, focus on networking-first designs with:

✅ Simplified SD-WAN deployment—avoiding unnecessary security complexities
✅ Better automation and visibility—so networking teams can monitor performance easily
✅ True transport independence—optimizing performance across all link types

🎯 4. Separate Security from Connectivity

The firewall should focus on security—not WAN optimization and SD-WAN routing. By separating SD-WAN and firewall functions, businesses can:

✔ Improve SD-WAN reliability by having dedicated tools for networking, path selection, and failover
✔ Reduce complexity—instead of overloading firewalls with functions they weren’t designed for
✔ Enhance security—by letting the firewall do what it does best

Wrapping up | Time to Restore SD-WAN’s Reputation

SD-WAN isn’t the problem. Firewall vendors selling SD-WAN to security professionals without networking expertise is.

It’s time for businesses to stop expecting security admins to be network engineers and start recognizing that SD-WAN is a networking discipline, not a firewall add-on.

By bridging the knowledge gap, investing in proper SD-WAN solutions, and separating security from connectivity, businesses can finally experience SD-WAN as it was meant to be—powerful, resilient, and transformational. 🚀

🔥Firewall Vendors Have Given SD-WAN a Bad Name – It’s Time to Address the Gap🧱