The Hidden Risks of Firewalls, VPNs, and Network Gateways—and What You Should Be Doing Instead

The Problem: Security Vulnerabilities in Network Appliances

Recent security flaws in SonicWall, Ivanti, and Fortigate appliances have once again highlighted a recurring issue—critical vulnerabilities being discovered in widely used firewalls, VPN gateways, and network security devices. These vendors are not alone; major players like Cisco and others have also suffered from the same fundamental problem.

The reality is this: any device exposed directly to the internet is a ticking time bomb

  • Undiscovered Vulnerabilities: Every internet-facing appliance likely has security flaws waiting to be found

  • Discovered Vulnerabilities: Once an exploit is made public, cybercriminals race to attack unpatched systems before fixes are deployed

  • The Patch Race: Vendors scramble to develop, test, and release patches, while IT teams rush to apply them—often causing disruptions or introducing new issues

  • Patch Reverse Engineering: Hackers compare patched and unpatched firmware to pinpoint vulnerabilities, then target organisations that haven’t updated yet

Simply put, the traditional ‘put a box on the edge of your network and hope for the best’ approach is no longer viable in today’s cyber threat landscape.

Real World Examples

Recent incidents have highlighted the significant risks associated with exposing network appliances directly to the internet. Notably, vulnerabilities in products from SonicWall, Ivanti, and Fortinet have been actively exploited by threat actors, leading to substantial security breaches.

SonicWall Vulnerabilities

In January 2025, a critical deserialization vulnerability (CVE-2025-23006) was identified in SonicWall’s SMA1000 series appliances. This flaw allowed remote, unauthenticated attackers to execute arbitrary OS commands, posing a severe risk to organisations utilising these devices.

Ivanti Breaches

Ivanti’s Pulse Connect Secure VPN devices have been a focal point of security concerns. In 2021, suspected state-sponsored actors exploited zero-day vulnerabilities in these devices, compromising multiple government agencies and financial institutions across the U.S. and Europe. The breaches persisted for months before detection, underscoring the dangers of unpatched, internet-facing appliances.

Fortinet Exploits

Fortinet has also faced challenges with vulnerabilities in its products. For instance, a critical authentication bypass vulnerability (CVE-2024-55591) was discovered in FortiOS and FortiProxy, which could allow unauthenticated attackers to gain super-admin privileges via crafted requests. Such vulnerabilities have been added to the CISA Known Exploited Vulnerabilities Catalog, emphasising their severity.

The Broader Implication

These incidents are not isolated. A detailed report by Sophos revealed a prolonged battle with Chinese hackers who persistently targeted firewall devices over five years. The adversaries exploited security flaws to gain access to Sophos and its customers’ systems, highlighting the broader issue of security devices themselves being vulnerable entry points for cyber attacks.

A Smarter Approach: Zero Trust & Reverse Proxies

Instead of exposing services directly to the internet, modern businesses should be adopting Zero Trust architectures and outbound-only proxies. Here’s how:

  • Use Reverse Proxies
    Solutions like Azure Application Proxy allow internal services to securely connect outbound to the internet, without exposing them directly. This means:

    • No open ports facing the public internet
    • No attack surface for automated scanners or botnets
    • Controlled access with authentication and security checks

  • Adopt a Zero Trust Model
    Entra ID (formerly Azure AD) and similar Zero Trust solutions ensure that:

    • Every access request is verified—users, devices, and applications
    • Least privilege access is enforced, minimising exposure
    • Multi-factor authentication (MFA) and continuous monitoring keep threats out

  • Eliminate On-Premises VPNs & Firewalls
    Traditional VPN appliances and perimeter firewalls are prime targets for attackers. By shifting to cloud-based security solutions, businesses can:

    • Reduce reliance on vulnerable hardware
    • Move authentication and access control to a secure cloud platform
    • Avoid emergency patching cycles and security panics

A Modern SME Should Plan for a Secure Future

If your business is still exposing services directly to the internet, it’s time to rethink your approach. The best way to dramatically reduce cyber risk is to eliminate attack surfaces rather than trying to patch them endlessly.

At Aegis Secure Technologies, we help businesses transition to Zero Trust security models and outbound-only architectures, keeping your organisation secure, efficient, and one step ahead of cyber threats.

Share This Information

LETS MAKE YOUR BUSINESS MORE SECURE

Tired of scrambling to patch vulnerabilities before hackers exploit them? Speak to our cybersecurity experts today and discover how to secure your business the modern way.