Firewalls are easy to misconfigure. While the security consequences of such errors may be acceptable for some firewalls, the accumulated risks of misconfigured firewalls in a defense-in-depth OT network architecture are generally unacceptable. We explore eight common mistakes that firewall administrators make and describe how these mistakes can compromise ICS network security. The lesson here though is not 'stop making mistakes. ' The lesson is to choose appropriate technology for the need. We explore technology alternatives to 'OT firewalls that eliminate the potential for online attacks as a result of misconfiguration.