Is it required in your company to conduct a security review before purchasing a firewall? Also, do you need to perform reviews after (how often)?
What are the common materials you use in the review? Do you have any tips or advice?
Any pitfalls to watch out for?