While shifting from one brand of any sort of network equipment to another can be trying, security experts say exchanging gateway firewalls is particularly challenging, the big problem being that vendors generally define access-control rules so differently that migrations need to be conducted largely on a manual basis.

So, many IT managers opt to stay with one brand of firewall simply because upgrading or going for rip-and-replace is too complicated.

Kevin Burnett, Gayndah Shire Council systems administrator said the council would rather change to a completely new firewall vendor than risk the pitfalls of importing rule sets and access controls.

Grahame Rule, University of Queensland senior technical officer, said the reasons for changing vendors generally far outweigh the complications of changing rule sets and access-control importations.

Exporting such rule sets is not a core issue in the decision to change firewall vendors, he said.