Top 5 Firewalls 2017

What are the top five firewalls of 2017?

IT Central Station’s crowdsourced user review platform helps technology decision makers around the world to better connect with peers and other independent experts, who provide advice without vendor bias.

Our users rank their top firewalls of 2017 according to their valuable features; discussing which solutions they've used previously, as well as how their current tool of choice could improve in the future. 

You can read user reviews for the top firewalls of 2017 here.

#1 Fortinet FortiGate

Fortinet FortiGate is ranked by our users as the number one tool of 2017, but what do users really think of the solution?

Michael Anderson, Superintendent, Process Automation and Safety at a pharma/biotech company with 5,001-10,000 employees, lists several valuable features for Fortinet FortiGate:

  • Flexible enough to handle everything we could want.

  • Configuration layout is easily understandable.

  • Allows for firewall rules to be programmed and named in a way that makes it “readable”.

  • VPN support and some anti-virus protection.

David Molteni, Senior Security Consultant, at a tech services company with 501-1,000 employees, suggests features that would improve Fortinet FortiGate:

 “Grouping/tabbing (not only by interface) in the policy table of the web GUI would be a great addition.”


#2 Cisco ASA

 Cisco ASA is ranked by our users as the number two firewall of 2017.

Alberto E. Luna Rodriguez, Senior Communications Analyst at a energy/utilities company with 501-1,000 employees, describes Cisco ASA as a “great platform”;

 “Outstanding NGFW capabilities, Site to site VPNs and High Availability. Also, the integration of FirePOWER services (Web Filtering/IPS/Malware Protection) is a huge step forward for an already great platform.”

Rodriguez elaborates on how his company has utilized these particular Cisco ASA features:

“We purchased a pair of ASAs to handle all perimeter traffic in and out of our network.  These devices enabled us to secure all our perimeter traffic, WAN connections, Internet connectivity and Internet facing services. 

FirePOWER services enabled better control and visibility over the traffic traversing our perimeter. High Availability helped us greatly improve the availability of the services by reducing downtime caused by both Incidents and planned maintenance operations.” 

Christina Phillips, Principal Network Engineer at a tech services company with 51-200 employees, believes that Cisco ASA could improve its remote VPN and site to site VPN tunnels;

“People tend to think of firewalls as firewalls and routers as routers.  Going by the book, I had to create a number of static routes in the firewall so it could reach the various subnets in my client's internal network. I decided to turn on OSPF routing to simplify my deployment. This resolved a lot of issues with remote VPN and site to site VPN tunnels. “


#3 Palo Alto Networks WildFire

IT Central Station users rank Palo Alto Networks WildFire as the number three solution of 2017.


Brent Addis, a Senior Network and Security Engineer, points to WildFire’s dynamic analysis feature as one of its most valuable; 

“WildFire has been instrumental in blocking a number of new threats before common desktop anti-virus tools were able to detect them. 

When Wannacry first came out, wildfire was detecting it and dropping incoming threats within seconds. We were dropping over 10,000 files per day with no additional firewall load at all.”

Luis Fuentes, Senior Systems Administrator/Network Engineer at a retailer with 1,001-5,000 employees, mentions that WildFire’s GUI would benefit from a faster response rate

“The GUI is better in 8.0, but I still feel it lacks the fast response most of us desire. Logs are much quicker.”


#4 pfSense

pfSense is ranked by our users as the number four solution of 2017.

Winston Barbosa, Infrastructure Manager, at an engineering company with 501-1,000 employees, lists several of pfSense’s valuable features:

“Among the most valuable features I have found in pfSense are: Easy to deploy and easy to use, traffic graphics are excellent and tools that can be included as squid, snort, squidguard, ntop, pfblogNG, support wonderfully the purpose of generating pfSense.”

Dania Seun, Helpdesk Support Analyst at an energy/utilities company with 501-1,000 employees, points to pfSense’s load balancing feature as one that could use improvement:

“The load balancing can be improved as it uses tier levels to balance. For it to function most effectively, you often need to have the same bandwidth on the ISPs.”


#5 Sophos UTM

IT Central Station users rank Sophos UTM as the number five firewall solution of 2017.

Juan C. Sanchez Pignalosa, CEO And Founder at Advisor Consulting Group Corp, writes about his positive experience with Sophos UTM;

“The web filter and the ATP (Advanced Threat Protection) are great and easy to manage, and the integrated WAF (Web Application Firewall) allows the administrator to seamlessly protect HTTP/S services without having to pay thousands of dollars. They just introduced Sandstorm system for protection, which is awesome as well.” 

Pignalosa also suggests several improvements be made to Sophos UTM;

“Sophos UTM has many improvements that I would suggest, but the main one is for the Application Control to be managed with users as well, and with timeframes (schedules) for the administrator to allow certain apps outside a specific timeframe, or vice versa.”


Read more of the latest firewall reviews from Q2 2017 on IT Central Station.

Related Categories: Firewalls

author avatarPre Sales Engineer at a manufacturing company with 501-1,000 employees

there are many advantages of sophos firewall like Optimized three-clicks-to-anywhere navigation, New unified policy model enabling all business, user and network policies to be managed on a single screen with powerful filtering and search options, Sophos Security Heartbeat connecting Sophos endpoints with the Firewall to share health status and telemetry to enable instant identification of unhealty or compromised endpoints, Policy support for Sophos Security Heartbeat to automatically isolate or limit network access to compromised endpoints,Patent-pending SPX encryption for one-way message encryption,Dual-antivirus engines,

author avatarRichard Benfatto
Top 5User

I am not surprised for a minute ! I took out the ASA 5506 FX and replaced with Fortigate. Fortinet has got a product !!!!!!!!!!! No questions asked, just brutal !!!!!!!

author avatarICT Specialist at a financial services firm with 51-200 employees

I have used squid from the PC Based Distro to the Commercial Firewall and find it very robust on IDS (Snort) and OpenVPN. Great Firewall for modest price.