Many companies think of security as "buying a firewall." In reality, modern enterprise network security is a system: a firewall protecting the perimeter, segmentation limiting internal risk, encrypted VPN connecting branches, and high availability keeping work uninterrupted. This article explains those pieces in plain language, through projects ONYX has actually delivered.
Firewall: The Network's First Line of Defense
A firewall is the gatekeeper between networks: it permits legitimate traffic and blocks the suspicious. Next-generation firewalls go beyond blocking ports — they inspect traffic (DPI), decide at the application layer, cut off malicious and phishing sites, and enforce policy by antivirus and user identity.
One example from ONYX projects: a non-bank credit organization in Baku migrated from legacy Cisco ASA to Fortinet FortiGate (FG-201), with security policies reconfigured for greater visibility and tighter control. For small offices and branches, ONYX's own Onyx Firewall offers a simpler option; larger networks run on platforms such as Fortinet, Palo Alto and Huawei.
Segmentation: Isolation and Control
A flat, unsegmented network is a single point of risk — if one machine is infected, the whole network is exposed. VLAN segmentation divides the network into logical zones: office staff, servers, guest Wi-Fi — each separate. Traffic between zones passes through firewall rules, so a problem in one zone does not spread easily to another.
In the Judo Federation project, ONYX configured 45 Layer-2 switches and 8 Layer-3 switches with VLAN segmentation across 120 access points — isolating administrative, application and guest networks from one another.
VPN: Connecting Branches Securely
Segmentation works within one office. When branches are remote, site-to-site VPN comes in — building an encrypted tunnel between branches over the internet and making them appear as one network. In the MobilGroup project (120 users, 5 branches), ONYX deployed S2S VPN so every branch worked on one network with the central office.
High Availability: A Network That Doesn't Stop
In critical networks, the failure of one device must not stop the business. High availability (HA) deploys key devices in pairs — when one fails, the other carries on.
Firewall Clustering
Two firewalls run identical configuration and synchronize state. If one fails, the other takes over instantly — users never notice.
Health Checking
Devices continuously check one another; if a response is missing, failover happens automatically and service continues.
Real Project: Judo Federation
ONYX deployed 4 Huawei firewalls (2 for security, 2 for internal edge) in cluster and HA mode — with load sharing and automatic failover.
A Unified Ecosystem: Aselsan and Gazprom
In large networks, a single vendor's ecosystem simplifies integration. At Aselsan Azerbaijan, ONYX built the Checkpoint firewall, Active Directory and data-center network as one whole. At Gazprom Azerbaijan, the network was built on Cisco switches/routers and Cisco IP telephony. One platform means simpler management and faster support.
Let's Build Your Network Security as One System
From a compact Onyx Firewall to large Fortinet, Palo Alto, Huawei and Cisco deployments, ONYX delivers network and security from audit through execution and support. See our solutions or contact us.