Firewalls are required to protect the information resources of a corporate network. However, it can only provide the required security level when it is configured correctly. Installing of a firewall without previously testing its settings and eliminating the existing vulnerabilities in network protocols and services is an open invitation to any qualified hacker.
Installing network sensors with the intrusion detection system before and after the firewall allows you to test the efficiency of its settings by comparing the number of attacks detected before and after the firewall.