Neal Wise, director of Assurance Pty Ltd.'s Assurance.com.au, said making such a change is akin to switching from one ISP (Internet service provider) to another and if organizations do decide to change firewall vendors, very few have the skills in-house to help them get across.

"Usually firewall features change from version to version and an upgrade is very rarely a painless thing, but most commercial vendors now give some indication of the break points or change the way they do clustering. It is a big project with a lot of planning and work involved, but it is an opportunity to get a handle on firewall management," he said.

Bruce Munroe, security partner manager for Cisco Systems Inc., said access control lists and firewall rule sets cannot be migrated easily. In fact, Munroe said the task involves "a fair bit of brain power" and is definitely an issue for IT managers.

"Rules sets are high investments and it is enough of a challenge keeping up with vendors moving to new versions of product. Moving away from one vendor's set of products [to another's] is not something we see very often," Munroe said.

"The reality is that rule sets cannot be swapped and you would need a very experienced consultant to massage them. That aside, some major firewall manufacturers have conversion tools that do 80 to 90 percent of the necessary conversion between brand A and brand B, but you still need a clever person with their brain turned on to do the rest."