Pandemic Playbook: Renting Firewalls for Sudden Remote Workforces

Planned Scaling of Secure VPN and ZTNA Capacity in 2020

I’m at my desk — coffee number three — thinking back on 2020 (that year, gosh). If you told me in early March that overnight, we’d have to scale secure VPN or ZTNA capacity from a few hundred to a few thousand at such a time, without going through massive forklift upgrades, I’d say sounds like a vendor fantasy. But guess what? It happened. And we, the scrappy defenders of safe online connection, had to figure it out quickly.

2020 Lessons Learned

When I first started in 1993 as a network admin, managing voice and data over PSTN was my stock-in-trade. Fast forward to the early 2000s – Slammer worm strikes, and I get to see networks buckle under the pressure. What was learned then looks awfully similar to what occurred in 2020. Except this time around, the crisis was widespread — not only infected machines, but entire workforces pivoting to remote.

When the pandemic struck, that secure perimeter wasn’t a castle anymore — it was a constellation of floating islands (home networks). Firewalls were now going to have to reach far outside the walls of the office, which was no small order.

These and other recent projects of mine — for example, assisting three banks implementing zero-trust architectures on a challenging, fast-track schedule (think sprint not marathon) — have led me to this conclusion:

  • It’s no longer optional to plan for scalability. The old “build it once and it will last” mentality is archaic.
  • VPNs alone don’t cut it. Zero Trust Network Access (ZTNA) models are the future—but there’s not a switch that you can simply flip.

Temporary rental firewalls — yes, those short-term appliances you may have sneezed at — became life-savers.

Capacity Modeling

And the thing about unexpected volume spikes in remote work is, well, they’re unexpected. So when I received the call to scale the remote access capacity for three major banks by 5,000 users in 48 hours, I was both excited and skeptical.

How do you mold capacity for something you’ve never witnessed? All they had were a deadline and frantic staffers eager for secure access.

So I went back to basics:

  • Count how many VPN connections you currently have running at any given time, and add overhead( dont forget encryption and session persistence).
  • Calculate the average bandwidth required per user (voice, video, when documents are shared — you can probably picture a kitchen at full speed at the dinner peak).
  • Add protocol overhead (IPSec, SSL, or whichever you’re using).
  • Design with sufficient excess: usually at least 30% for peak loads.

The beauty of firewalls as an appliance it you can pile on capacity very quickly. No waiting for hardware or licenses. Require more GPU crunch for encryption? Hire a box that can do just that.

Zero-Touch Ship & Config

If you’ve ever managed a firewall deployment in a tranquil setting, you understand how it can require an all-hands-on-deck approach. But in a pandemic? Crabbed together around the console, no way to crowd in. And your administrators are doing it all remotely, possibly with a cold and definitely with the distractions of home.

Zero-touch provisioning became a lifesaver. Here’s how I’ve done it:

  • Pre-load images with our standard setups (VPN profiles, certs, policies) before shipping out to users.
  • Utilize cloud-based management portals that allow you to push updates and track devices remotely.
  • Use scripts (I prefer Ansible personally; enough with the nerding out) to end device bootstrapping entirely.

Frankly, I’ve witnessed too many organizations stumble at this step — resulting in long roll-outs and irate users. Zero-touch not only saves time, but also prevents your admins from going crazy.

Temporary Licenses

One dissenting view: boxing yourself into long-term licenses when you don’t yet know how long this boom will be. Not smart.

Internally rented firewalls that we could quickly license for a few days gave my customers the fast flexibility they needed. They could:

  • Either scale licenses up or down with real-time usage.
  • Buck big upfront capital costs for a better bottom line.
  • Try new technology stacks without being tied-in for the long term.

Some of the vendors haven’t quite let go of the “AI-powered, and forever subscription” spiel: I say, be wary. If your firewall claims to read your mind or predict the next zero-day using some black-box AI, ask for demos and proof — and don’t be afraid to fall back on the basics.

Spin-Down Strategy

And here’s where most people blow it. So after the initial rush, how do you manage it as your remote workforce stabilizes, or in some cases, even decreases?

Soon after the banks were stabilized, we put together a spin-down plan. It’s like shutting down the kitchen after dinner:

  • Gradually lower leased capacity as usage patterns drop.
  • Roll back configurations and policies to prevailed infrastructure.
  • Document takeaways in runbooks for next time.
  • Thoroughly wipe rented equipment before you ship it back (don’t count on vendors getting it right).

It saved them tens of thousands of dollars in unnecessary rental costs this time, and helped maintain the environment nimbly for the future disruptions they know they’re all likely headed for.

Quick Take

If you take only one thing away from this:

  • Firewalls as a rental ain’t no stopgap no more — it’s strategic.
  • Think about your capacity a bit like you’re running a high-stakes kitchen — you need buffers, and quick adaptation.
  • Automation is your friend; zero-touch deploys maintain your sanity.
  • Avoid long licenses you might not need.
  • Form a spin-down plan or you’re ordering pizza after it’s all over.

I just returned from DefCon—geeking out over the hardware hacking village—and can’t help but wonder how these IRL lessons will impact the way we adopt remote work security strategies moving forward.

Remote work security, however, is about more than just encryption and tunnels. It’s about agility, getting the timing right and knowing when to call in the cavalry (rental gear). So the next time you need to pivot in the blink of an eye, remind yourself: Sometimes all that we need to protect ourselves might be the firewall that you rent today and return tomorrow.

It is a journey rather than a product after all.

Sanjay Seth, from my desk @ P J Networks Pvt Ltd

Leave a Reply

Your email address will not be published. Required fields are marked *

This field is required.

This field is required.

sales@pjnetworks.com
(+91)9818361787
C-160 Mayapuri Ph II
Copyright © 2025 PJ Networks: Innovative Networking & Cybersecurity Experts, All Rights Reserved.