Firewall & Network Security Consultant Berlin | IT Experts Berlin

Firewall & Network Security Berlin

Your network perimeter is the first line of defence — and the most common point of misconfiguration. I provide firewall consulting across seven enterprise platforms, with hands-on experience from financial services, aviation, and international organisations. Platform-agnostic — I work with the firewall you already have, or recommend the right fit for your environment. No vendor partnerships. No influenced recommendations.

Platforms

PlatformPrimary use case
Palo Alto NetworksEnterprise NGFW, Panorama centralised management, Zero Trust architecture
Check PointFinancial services, regulated industries, enterprise policy management
Cisco ASALegacy enterprise environments, hybrid ASA/FTD migrations
Microsoft Azure FirewallCloud-native firewall policy, Azure hub-spoke, Firewall Manager
FortiGateSMB/mid-market UTM, site-to-site VPN, IPS, web filtering
Sophos XG/XGSSMB UTM, Synchronized Security, endpoint + firewall integration
Cisco Meraki MXMulti-site cloud-managed networking, SD-WAN, dashboard simplicity

What’s Included

  • New firewall deployment and full policy configuration
  • Migration from legacy platforms (ASA → FTD, on-prem → Azure Firewall)
  • Security policy review and hardening — identifying overly permissive rules and compliance gaps
  • Site-to-site VPN and SSL VPN design and implementation
  • Network segmentation and Zero Trust architecture
  • Ongoing firewall management and rule lifecycle maintenance
  • Incident response and forensic policy analysis

Compliance Alignment

CIS benchmark baselines as standard. Scope can extend to DSGVO, ISO 27001, financial services (BaFin-adjacent), healthcare-adjacent, and legal sector requirements.

Who This Is For

  • Businesses deploying a firewall for the first time
  • Organisations running an ageing ASA or on-premise appliance and considering migration
  • Companies that have a firewall but have never had the policy properly reviewed
  • IT teams managing multi-site environments across Berlin, Germany, or the EU
  • Regulated businesses in finance, healthcare, or legal needing documented compliance alignment

How I Work

Engagements typically start with a policy review (1–2 days) to understand what you have, followed by a remediation or deployment scope. Fixed-price projects available for standard deployments.

Hourly rate: €150 / hour (Enterprise Firewall — Palo Alto, Check Point, Azure Firewall, Cisco ASA)

Hourly rate: €120 / hour (Security & Compliance — FortiGate, Sophos, Meraki)

Fixed-price option: Firewall deployment (FortiGate / Sophos / Meraki): from €590

Book a Free Consultation

Book Free Consultation →

Frequently Asked Questions

Which firewall vendors do you work with?

Fortinet FortiGate, Cisco Meraki, Palo Alto Networks, Check Point, SonicWall, Sophos, and pfSense/OPNsense. For Berlin SMBs, Meraki MX and FortiGate are the most common deployments — Meraki for organisations already in the Cisco ecosystem and FortiGate for those that need more granular policy control or have compliance requirements around next-gen firewall logging. Recommendations are vendor-neutral and based on your environment, team capability, and budget.

Our FortiGate/SonicWall hasn’t been updated in years. How serious is that?

Potentially very serious. Both vendors have had critical RCE (remote code execution) and authentication bypass CVEs in the past two years that are actively exploited. If your firewall is internet-facing and running firmware more than 12 months out of date, it’s a realistic attack surface. The risk assessment starts with a firmware CVE check against your current version — this takes less than 30 minutes and will tell you immediately whether you’re exposed to any known exploited vulnerabilities.

Can you help us design network segmentation, not just configure existing equipment?

Yes — network segmentation design is a core part of most firewall engagements. This includes VLAN architecture (separating user, server, guest, IoT, and management traffic), inter-VLAN ACL design to enforce least-privilege between segments, and validating that segmentation is actually enforced rather than misconfigured to pass all traffic. For Meraki environments, the most common finding is that ‘site-to-site VLANs’ are configured but the inter-VLAN ACLs default to allow-all.

Book a Free Consultation →

Further reading: FortiGate vs Meraki comparison for Berlin SMBs.