1. leader badge
    The solution is extremely reliable.It is a safe product.
  2. leader badge
    The interface is straightforward and easy to use.The intrusion detection feature is the most valuable. It is an open-source firewall, so there is a lot of material on it. I also find the open VPN capability very nice. It is pretty customizable. The clustering and the high availability are the two biggest things to be able to get out of a firewall.
  3. Find out what your peers are saying about Fortinet, Netgate, Cisco and others in Firewalls. Updated: January 2021.
    455,164 professionals have used our research since 2012.
  4. leader badge
    To be honest, all of the features that are provided, all the other vendor will also have. One feature we did find valuable was the CLI, it is more accurate. Additionally, I was happy with the customization, dashboards, access lists and interface.
  5. The most valuable feature is stability.You do not have to do everything through a command line which makes it a lot easier to apply rules.
  6. There are also additional features, compared to a Layer 4 or Layer 3 firewall, such as AV signatures and devices, which are very helpful for securing the company's network.
  7. The reporting needs to be improved. It is hard to get a domain. The firewall appliance itself is the most valuable feature.
  8. report
    Use our free recommendation engine to learn which Firewalls solutions are best for your needs.
    455,164 professionals have used our research since 2012.
  9. If you want to install antivirus and firewalling on endpoints, then Sophos is the best option.I recommend the solution due to its ease of use and pricing.
  10. Flexible and integrates well with apps and other security tools.The interface is very nice. We generally like the UI the product offers.

Advice From The Community

Read answers to top Firewalls questions. 455,164 professionals have gotten help from our community of experts.
There are many cybersecurity tools available, but some aren't doing the job that they should be doing.  What are some of the threats that may be associated with using 'fake' cybersecurity tools? What can people do to ensure that they're using a tool that actually does what it says it does?
author avatarSimonClark

Dan Doggendorf gave sound advice.

Whilst some of the free or cheap platforms will provide valuable information and protection, your security strategy has to be layered. Understand what you want to protect and from whom. At some point you will need to spend money but how do you know where to spend it? There are over 5,000 security vendors to choose from.

There is no silver bullet and throwing money at it won’t necessarily fix what you are at risk from but at the same time free products are free for a reason.

If your organisation doesn’t have a large team of security experts to research the market and build labs then you need to get outside advice. Good Cyber-advisors will understand your business and network architecture therefore will ask the right questions to help you to navigate the plethora of vendors and find the ones that are right for where your business is now and where you intend it to be in the future.

Large IT resellers will sell you what they have in their catalogues based on what you ask for and give a healthy discount too but that may not fix the specific risks your business is vulnerable to. A consultative approach is required for such critical decisions.

By the way, there are free security products and services that I recommend.

author avatarDan Doggendorf

The biggest threat is risks you think you have managed are not managed at all so you and your executive team have a completely false sense of security.  This is even worse than not having any tool in place.  With no tool in place, you at least know you have a vulnerability.

There several ways to ensure a tool is doing what it is supposed to do.

1. Product Selection - when selecting a tool, do not focus on what a tool can do.  Focus on what you want the tool to do.  You drive the direction of the sales demo, not the sales team.

2. Product Implementation - use professional services to implement and configure the solution.  Your team should be right there with them as a knowledge transfer session but the professional who installs and configures the product every day should drive the install, not someone who wants to learn.

3. Trusted Partners - find yourself a trusted partner(s) who can help guide you.  This should consist of product testing labs partners, advisors who live and breathe the space daily, and resellers with a strong engineering team.

author avatarDanny Miller

Tools are not necessarily bogus. Sometimes they are just 'legacy' tools that have been around for too long and no longer fit the problem they were designed to solve, simply because IT infrastructure, organizational needs, and cybersecurity threat complexity have evolved. 

author avatarreviewer1266459 (Network Security Engineer at a performing arts with 201-500 employees)
Real User

Refrain from free products

Delete products and traces of product after evaluation

Always know what you want from the cybersecurity solution. Can identify illegal operations of the products if different from its stipulated functions.

Work with recognised partners and solution providers

Download opensource from reputable sites

author avatarDoctor Mafuwafuwane (Altron Systems Integration )
Real User

Open Source or Free products need proper management. Based on my experience I have found that many people who uses open source don't bother to patch them and attackers then utilize such loopholes.

One of the great example one client was using free vulnerability management plus IP scanner. And they got hit with ransomware. During the investigation I realise the attacker utilized the same tool to affect other devices on the network. The attack took his time at least 2 months unnoticed. 

author avatarBasil Dange
Real User

One should 1st have details understanding of what he/she is looking to protect within environment as tool are specially designed for point solution. Single tool will not able to secure complete environment and you should not procure any solution without performing POC within your environment 

As there is possibility that tool which works for your peer organisation does not work in similar way for yours as each organisation has different components and workload/use case

author avatarJavier Medina
Real User

You should build a lab, try the tools and analyze the traffic and behavior with a traffic analizer like wireshark and any sandbox or edr that shows you what the tools do, but all this should be outside your production environment, use tools that has been released by the company provider and not third party downloads or unknown or untrusted sources.

author avatarAlan
Real User

Bogus cybersecurity tools might bring about the data exfiltration, trojan horse 

Ravindra Kumar
I work in a Tech Services company with less than 1,000 employees. I'm looking for a firewall to replace Cyberoam 200ing. Any suggestions? Thanks.
author avatarAbdul Faheem
Real User

Fortinet’s FortiGate E or F series or Sophos XG range - either of those are easy to manage and scalable..

author avatarRias Majeed
Real User

I recommend Fortinet High-End F-Series firewalls. Fortinet Fortigate is a robust firewall and security device. They have different models depending upon number of users on the network, internet speed, UTM security & throughput needed. All their models are unlimited users license.

author avatarRakesh Gupta

I would suggest you go with an enterprise-class firewall where you get advance security signature and policy configuration options. Don't forget to check the firewall offers you redundancy, application control, sandboxing and other common feature required to protect your work environment.

author avatarRueburn Liang
Real User

There are various notable firewall brands to consider such as Fortinet, Sophos, and Palo Alto. Depending on your budget and requirements, you might want to reach out to a managed service provider to discuss further. Try to look for a brand agnostic service provider to give an unbiased view. :)

author avatarreviewer1344861 (Security Systems Analyst at a retailer with 5,001-10,000 employees)
Real User

I would also recommend the Palo Alto 3000, not knowing what your budget is. Fortinet is good but they are a little complicated to learn if you don't have a lot of experience with Fortigate.

author avatarBasil Dange
Real User

Check Fortinet. It provides faster l3 processing. Also with NGFW firewall you can get SDWAN features as well.

author avatarAnnDeryckere
Real User

We can recommend Watchguard as a worthy alternative. Don't hesitate to contact me for more information 

author avatarShyam Biswas

Depending on budget, Palo Alto 3000 series will be very helpful. If you want to discuss more on this, please contact me.

With remote work having become the norm for many, what security should businesses have in place? Do you have suggestions of specific products that businesses should look at?
author avatarPhilippe Panardie
Real User

There is not a single answer.

In our company, we use only company devices for workers at home and VPN appropriate clients to control the internet flows towards our company firewall.

A behavioral endpoint product is recommended. This product is likely to cooperate with your corporate signature-based antivirus.

Any good product could be used in that way. We chose well known Israel products, combined with our standard US products, at that time.

author avatarOmer Mohammed
Real User

Wearing a mask while accessing your service is not a joke hardening tunneling protocols and uses the most updated one it's kind of like wearing masks.

author avatarLetsogile Baloi

Security is a multi-layered problem and as always the human end is the weak layer

Increasingly I believe the human layer-layer8 needs more attention. This requires getting the basics right. How are we allowing external devices into our networks? DO we own these devices? VPN Tunnels?

Or are creating a virtual working place and focus on IAM? 

This is BYOD on steroids and multiplies the attack zone. A line has to be drawn and a Trust Zone created. Traditional devices have native encryption so we allow them as trusted devices and use their native encryption. Then other policies are made. Does the employee have access to good internet(In Africa this is an issue) or do they have to go to a coffee shop or some such place? A good behavioral endpoint product will help. In some cases a company intranet. Microsoft teams are proving very accessible in Africa.

B Putnam
I am the owner of a retailer company with 1-10 employees.  We host websites on Windows 2008 R2 servers and Norton Business Protection. We are looking for recommendations for the best network firewall. Thanks! I appreciate the help.
author avatarStuart Berman
Real User

Good commercial firewalls take a degree of expertise that small businesses rarely possess, for that reason, I would look for a managed security services provider that specializes in the SMB retail market. They should be able to do it affordably and with solid expertise. They should support Fortinet or Palo Alto Network firewalls which are the current gold standard for Next-Generation Firewall. You should also look at upgrading your Windows 2008 servers as they are end of life and tough to protect today.

author avatarGabriel Sicouret Villalobos

You should be looking at the Juniper's SRX300, which is a bundle of switching, security and routing. You'll have embedded PoE+ functionality with its 6 Gigabit Ethernet Ports, and 2 uplinks running at 10 Gbps, Industry best, high-performance IPsec VPN solution with 2 FREE SSL VPN licenses and able to purchase up to 48 more licenses for a total of 50 remote collaborators.

Check this out for more information: https://www.juniper.net/us/en/products-services/security/srx-series/datasheets/1000550.page

author avatarNguyen Nguyen

Priority as below:

1. Best choice: CISCO FirePower 1120 as it is a strong FW and not necessary to renew the subscription if you just need a firewall.
2. Powerful but expensive: Palo Alto Networks PA or Check Point: small series and you have to renew subscription yearly.
3. Multi-functions: FortiGate, ForcePoint, SonicWall, Watchguard, Sophos: Forti is popular and high ranking, the others are lower ranks, but all these ask to renew subscription yearly as well.
4. Opensource: I do not recommend as there is no one responsible for your system unless you are very pro in Linux and opensource.

author avatarDavid Hartt
Real User

I think you should be looking more into a WAF. For firewalls with ~ 10 users a small FotiGate should be sufficient but the opportunity I see of the 2008 R2 servers. You should have moved off of these systems as of 2019 but that is not relevant to your question. I would invest in protecting those systems with an appropriately sized WAF. For this I recommend a FortiWEB.... these are distinctly different products.

author avatarLuis Apodaca

1-10 employees., it's not that big, you should try the Unifi Platform from the Ubiquiti brand, it is a bargain for the price and resource you can manage, and the better for you is you don't have to pay licencing, you only pay the hardware an the IT for implement the solution.

author avatarMohamed Rashwan
Real User

FortiGate 60F will be a good and economical choice for you especially that you will host a website it will give you the best performance.

author avatarRias Majeed
Real User

Better go with FortiGate 60E.

Menachem D Pritzker
There are so many products in the market today. Who are we going to be talking about 3-5 years from now?
author avatarStuart Berman
Real User

I doubt we will see a new firewall vendor, but I believe we will see new architectures that leverage the advanced capabilities of NGFW delivery through ISPs, think of it is a clean pipe for Internet access. The ISPs will use firewalls (virtualized and segmented by customers) to do the filtering before it hits your networks, just like we see with spam filtering.I also believe we will see more edge networking, 5G networking where the firewall function will be built into the network at the edge. We already are seeing early versions of the with things like Curiosity OS by Sprint working with Ericsson. I think they will easily add existing VM firewalls to their platform and not reinvent the wheel.


Those firewalls that allow extend the perimeter. Nowadays, there is a issue with the static perimeter and all is going to change in the next semesters. In my opinion, solutions like Netskope are offering this extended perimeter functionality and they could lead the market.

author avatarNehad Elkordi
Real User

Cisco Portfolio is focusing on total security inside and outside including cloud security,two factor authentication & SDWAN.

Forti Portfolio is focusing on total security too inside and outside including cloud security & two factor authentication.

both are working with Sandbox which is important for 0 day attack.

Therefore If R&D for both vendors will keep as they are today i think they'll be market leaders and away by far for the next 5 years 

author avatarLipaz Hessel
Real User

Well with the SD-WAN raising it is common to see cloud firewall implementations, like ZScaler.

but as data center firewall, I don’t see any new player comes out unless it will come with a new surprising feature as the market have so many good vendors.

author avatarLuisCastro
Real User

1- Pfsense

2- Kerio Control

3- Fortinet

4- Cisco solutions

author avatarVaisakh Tr (Prophaze)

Prophaze WAF,  having a disruptive technology that eliminates false positive and false negatives. Visioned for the future as it's built on the Kubernetes platform. The key thing about the product is, it can do auto profiling and can learn typical user behaviour as part of its ML algorithm . 

author avatarBrianCook

I can think of 2 Firewalls that should be doing much better then they are, Kerio Control and ZyXEL ZyWall. Both have been around for a long time but have never gained the market share I feel they should have and I often find people have never heard of them. 

See more Firewalls questions »

Firewalls Articles

IT Central Station
Sep 29 2020

Members of the IT Central Station community are always happy to help other users by answering questions posted on our site. These answers are not only helpful to the person asking the question, but also to other users who are doing product research.

In this Q&A round-up, we’ll take a look at answers from our users about: the most important aspects to consider when evaluating firewalls, and firewall recommendations for a small retailer.

When evaluating Firewalls, what aspect do you think is the most important to look for?

You’ve been tasked with selecting a Firewall for your company. You’ve started researching different solutions, and the options are endless. What aspects of firewalls are most important when choosing one?

IT Central Station users have given their opinions of what is the most important aspect to take into account when evaluating firewalls. With a wide variety of opinions in the answers, one thing is clear – there isn’t one single aspect that can determine what’s the best firewall.

it_user339975 emphasized that the first step in selecting the right firewall starts with knowing what your network needs are: “The most important aspect to look for is relative to one question: How informed are you with the actual needs of your network? Overall I think there are too many specific details to choose any one primary aspect when selecting a security appliance and/or firewall device based on functionality alone.” He further explained that each individual case requires in-depth research depending on one’s specific network needs.

Bearing in mind that there are many considerations, here’s a snapshot of a few of the aspects that users mentioned:

  • Stability

  • Performance

  • Extensive logging

  • Price

  • Good support

  • Scalability

  • Good reporting abilities

Which is the best network firewall for a small retailer?

One of our users wanted recommendations for the best network firewall for a small retailer. As always, users were really helpful and gave product recommendations. Some recommendations included Fortinet, Sophos XG, Palo Alto, pfSense, Cisco FirePower, SonicWall, and Check Point.

In addition to some good recommendations, some users also offered some advice about selecting a firewall in general. Mike Hancock noted that opinions on what is the “best” firewall differ widely, and that Firewalls and firewall vendors as well as the people that implement them are very partial to what they are familiar with. He suggested that the right question to ask is, ”What are you looking for and need in a firewall?” 

Another user, Ray Kingdon, pointed out that the most important considerations for selecting a firewall are budget and the person managing the firewall: “If you spend £40k on a firewall and have an idiot configure it and administer it – the firewall is next to useless, what ever Vendors product you buy!!”

More Firewall recommendations from our user community

If you’re researching Firewalls, there’s a wealth of information on our site that can guide you in your research. You can read in-depth reviews of firewall solutions, and also explore the other questions and answers about firewalls from our user community.

If you don’t find the exact answers that you’re looking for, you can also post a question and get answers from your peers.

IT Central Station is here for you, to learn and help your peers. In a market full of vendor hype, we enable you to get real, unbiased information from people like you.

Danielle Felder
Senior Social Media and Content Manager at IT Central Station

For many enterprise organizations, firewalls are critical for protecting a company’s network and appliances from unauthorized incoming and outgoing access. According to IDC, this interest in firewalls is not declining anytime soon.  

There are many firewalls to choose from in the industry, such as Fortinet FortiGate, Cisco ASA, Palo Alto Networks WildFire, Sophos UTM and pfSense, among others. Each solution has its own benefits and valuable features, which can make choosing the right solution for your company all the more daunting.

To help with this process, we have turned to the IT Central Station community for their advice. Here are five questions that our users commonly ask in their own searches for business intelligence software.

1. “How much visibility does it offer?”

For many IT Central Station users, this is one of the most essential features that they pay attention to when searching for their company’s firewall. In large corporations that utilize many types of applications and platforms on a daily basis, visibility is ultimately what determines whether or not a firewall will be effective.

Kiarash B., Security Designer at ODI

“You can extend your visibility in network infrastructure for monitoring. You can absolutely give your users a better experience. When you use .1X for user authentication, users login just one time and you can control all user access to the Internet, data center resources, and across the network.”

Luis F., Senior Systems Administrator/Network Engineer at a retailer

“[This solution offers] much more visibility during an attack lifecycle; found a lot of infected hosts and vulnerabilities. It IS a bit expensive, but I think you get what you pay for. Value is there.”

Simon C., ICT Solutions Engineer at an aerospace/defense firm

“You can create multiple virtual domains (VDOMs) which are treated as separate firewall instances. The reporting you get out of this appliance is excellent and you don't need an external management system.”

2. “How easy is it to manage?”

According to many IT Central Station users, firewalls function typically in complex, heterogenous security environments. Therefore, a firewall that is easy to manage by people in the company with varying skill levels will have an immediate advantage over other solutions in the market.

Davide M., Senior Security Consultant at a tech services company

“Customers have more time to focus on security because maintaining the firewalls is completely hassle-free. It has complete and cost-effective next-generation firewall features with app identification, and IPS and URL filtering with SSL inspection.”

Jinlong Y., HTS Engineering - Heat Transfer Solutions at a construction company

“Any new hire straight out of school who has network knowledge is able to operate the software without the complication of a CLI.”

Carlos E., IT Manager at a government agency

“The most important features are performance and ease of management. The solution helped in the identification and categorization of access and provided a high index of traffic analysis.”

3. “Are these firewalls flexible enough to handle my company’s needs?”

Flexibility is another highly valuable feature for firewalls, especially when operating in large companies that have many different uses for such a solution. With a flexible firewall, users can ensure better control of their network according to its specific needs.

Alin P., Network Security Administrator at a tech company

“It helped us and our customers implement more granular and flexible connections to and from our/their environments, building a trust relation between all of us, having the confidence that our exchanged information is occurring in a highly secure manner.”

Dragan P., Head of IT at a construction company

“After migrating to Sophos XG and the new XG OS, things got easier, more secure, and more interesting. Specifically, we had the ability to generate different reports for different protection types, different end users, or different services. With the new XG OS, I have better control of my network and I can easily detect malicious and unnecessary traffic.”

4. “What kind of security features does it have?”

At its foundation, firewalls are important because they protect key IT assets from security threats. So if you’re looking into firewalls, this should be a question that you are asking during the search process.

Brent A., Senior Network and Security Engineer

“WildFire has been instrumental in blocking a number of new threats, before common desktop anti-virus tools were able to detect them. When Wannacry first came out, wildfire was detecting it and dropping incoming threats within seconds. We were dropping over 10,000 files per day with no additional firewall load at all.”

Adriana Y., IT Infrastructure Engineer at a tech company

“Routing and security policies, central management and all of the other features help us to improve network performance and implement organizational policies.”

Jeff B., Network Engineer at a legal firm

“Before using the Sophos appliance, we consistently struggled with users clicking on things they shouldn't be. This led to virus/malware infections that seemed to propagate through the network at an alarming speed. Since we incorporated the appliance into our network, we don't have to worry as much since it does in-line virus checking, and if a computer does get infected the Sophos appliance lets us know via its Advanced Threat Protection so we can get a much faster response time.”

5. “What do other people in my industry think about these tools?”

Aside from these initial questions, the IT Central Station community also recommends continuously searching for user feedback. Learning more about your colleagues’ personal experiences with a wide array of firewalls is invaluable, and will help give you the important information that you need to ultimately make that investment.

If you have any questions, ask in our firewall community forum.

Andrew S. Baker (ASB)Another question: -- How quickly does the vendor provide support and fixes?
reviewer690582That depends on the type of subscription that accompanies your device(s). You… more »
Andrew S. Baker (ASB)My suggested question is independent of the support packages. If you're paying… more »

What is Firewalls?

What is a firewall? Technically, a firewall definition could be that it’s the part of a system or network that blocks unauthorized access but permits outbound communications.  Most importantly, firewalls are intended to protect key IT assets from security threats such as denial of service attacks or data theft. Firewalls come in many varieties. What makes one better than other will depend on numerous organization-specific factors. 

Top firewall comparisons:

When IT Central Station users were asked about what makes the best firewall, they described a number of factors that will help anyone make the right choice. Some security professionals want to know what is the best free firewall? IT Central Station reviews suggest that this is a question that should asked only after one has assessed many basic requirements about usability and features first.

Visibility is offered as one of the most critical aspects of an effective firewall.  Users want global reports and traffic visibility as well as application visibility.  IT Central Station members also want the firewall to provide visibility into specific users’ behaviors.  Visibility as a key point of value cuts across different types of solutions, including Windows firewalls, firewall software and network firewalls.

Ease of use and simplicity of administration also rated as high priorities for firewall buyers. A firewall should be easy to manage and configure.  Easy installation is essential, as is integration.  According to IT Central Station reviewers, firewalls typically function in complex, heterogeneous security environments. In parallel, solid vendor support is important.  Reviewers noted that the first line of response to an issue with a firewall is almost always an in-house technical resource. That resource needs to be trained easily. If training is too cumbersome or if the firewall admin is a hard-to-find hire, the department will suffer.

Firewall users list many specific functions as “must haves.” These include intrusion protection (IPS), VPN, high throughput, data loss prevention, SSL, IPSEC, application control and web content filtering.  Some users want a firewall to easily integrate with an LDAP Server or Radius Server.  Anti-spam is desirable, as is anti-virus and anti-spyware protection.  Users emphasize the importance of IPv6 native support as well as traffic shaping and bandwidth control.

Find out what your peers are saying about Fortinet, Netgate, Cisco and others in Firewalls. Updated: January 2021.
455,164 professionals have used our research since 2012.