Perimeter firewalls in most enterprises start strong, but in a number of assessments I found organisations not getting the full value of what they paid for. A few had intrusion prevention enabled only in monitor mode, others skipped SSL inspection altogether, some allowed servers to reach the internet as if they were laptops, and many carried forward undocumented rules that no one could fully explain. I also encountered firewalls without application-aware rules, IPv6 left enabled where the business did not support it, exposed management planes reachable from the internet, and VPN web portals like GlobalProtect that have been exploited repeatedly. Features such as user identification, which can provide valuable context, were often left unused. On their own, these gaps may seem manageable, but in combination they create blind spots and pathways that adversaries can exploit. The result is a firewall estate that looks modern and capable on paper yet delivers less defence than the investment should provide.