Only qualified personnel should be allowed to install and configure any protection measures that the business may require. This will ensure that the devices and software are installed correctly and reliably.
All protection measures should be customised to the businesses needs and not left as a default installation with “out-of-the-box” settings.
Only authorised staff with the adequate level of training should have access to configuration settings on the firewall.
Any changes made must be authorised in advance by senior staff. There should be a documented policy and process in place.