To help with your enterprise firewall comparison, IT Central Station ranked them based on hundreds of real user reviews. These reviews cover all of the best solutions from top firewall vendors, based on user reviews from our esteemed community of enterprise technology professionals. You'll find comparisons, based on pricing, performance, features, stability and many other criteria. Read below to find out what your peers have to say about firewall vendors such as Fortinet, Cisco, Sophos and others.
The total ranking of a product, represented by the bar length, is based on a weighted aggregate score.
The score is calculated as follows: The product with the highest count in each area gets the highest available score.
(20 points for Reviews; 16 points for Views, Comparisons, and Followers.)
Every other product gets assigned points based on its total in proportion to the #1 product in
that area. For example, if a product has 80% of the number of reviews compared to the product
with the most reviews then the product's score for reviews would be 20% (weighting factor) *
80% = 16. For Average Rating, the maximum score is 32 points awarded linearly based on our
rating scale of 1-10. If a product has fewer than ten reviews, the point contribution
for Average Rating is reduced (one-third reduction in points for products with 5-9 reviews;
two-thirds reduction for products with fewer than five reviews). Reviews that are more than 24 months old,
as well as those written by resellers, are completely excluded from the ranking algorithm.
What is a firewall? Technically, a firewall definition could be that it’s the part of a system or network that blocks unauthorized access but permits outbound communications. Most importantly, firewalls are intended to protect key IT assets from security threats such as denial of service attacks or data theft. Firewalls come in many varieties. What makes one better than other will depend on numerous organization-specific factors.
When IT Central Station users were asked about what makes the best firewall, they described a number of factors that will help anyone make the right choice. Some security professionals want to know what is the best free firewall? IT Central Station reviews suggest that this is a question that should asked only after one has assessed many basic requirements about usability and features first.
Visibility is offered as one of the most critical aspects of an effective firewall. Users want global reports and traffic visibility as well as application visibility. IT Central Station members also want the firewall to provide visibility into specific users’ behaviors. Visibility as a key point of value cuts across different types of solutions, including Windows firewalls, firewall software and network firewalls.
Ease of use and simplicity of administration also rated as high priorities for firewall buyers. A firewall should be easy to manage and configure. Easy installation is essential, as is integration. According to IT Central Station reviewers, firewalls typically function in complex, heterogeneous security environments. In parallel, solid vendor support is important. Reviewers noted that the first line of response to an issue with a firewall is almost always an in-house technical resource. That resource needs to be trained easily. If training is too cumbersome or if the firewall admin is a hard-to-find hire, the department will suffer.
Firewall users list many specific functions as “must haves.” These include intrusion protection (IPS), VPN, high throughput, data loss prevention, SSL, IPSEC, application control and web content filtering. Some users want a firewall to easily integrate with an LDAP Server or Radius Server. Anti-spam is desirable, as is anti-virus and anti-spyware protection. Users emphasize the importance of IPv6 native support as well as traffic shaping and bandwidth control.
Best Enterprise Firewall Solutions
Read reviews of Firewalls that are trending in the IT Central Station community:
Your trust is our top concern, so companies can't alter or remove reviews.
Barracuda has a very simple interface, very good security, all the features of the best firewalls in the market, but with a very friendly interface. Something that we've seen that Barracuda, and some other brands also, have. When you program the firewall to detect certain kinds of attacks, Barracuda can detect that kind of attack and automatically insulate, or... more»
The problem we found was with the issue of configuration. Our engineers are working with some other brands, they have knowledge of other brands. With Barracuda it's a matter of translating the comments. So maybe one company calls something a "black box" and with Barracuda they call "black" "dark." So it's a matter of getting to know it.
I like that you can run a packet capture from within SonicWall and configure it to automatically upload the packet captures to an FTP server. This is useful when trying to troubleshoot an intermittent issue. It can capture for as long as you... more»
We are more aware of security issues since SonicWall can be configured to send e-mail alerts. Server-side Outlook rules and Exchange transport rules (more informational subject lines) can be helpful in sorting and making sense of the many... more»
I am not sure if SonicWall has finally addressed this issue but a major area for improvement would be being able to export the settings file in a non-binary readable and editable format. It is not possible to export, make changes and then... more»
Live monitoring of what is happening inside and with the interfaces, either ingress or egress - this is a good feature of the device. Secondly, most people use enterprise applications remotely, and there is no license for SSL VPN, or in other... more»
I'm a network and cyber security consultant. This is not only for my offices, I have deployed it for many large enterprises where customers are remotely accessing their applications. We can define user application-level access, so our... more»
It's a little bit complex in terms of handling. If you implement a change, there is a specific point where you have to commit it. It's not like you just push a button and it's always committed. If you don't know to check whether your commit... more»
The most valuable to features are: Web Application Firewall, Sophos UTM Manager, IDS/IPS, Remote Access, and RED. * WAF: This is excellent for hardening web servers. The firewall will reverse proxy your web servers, eliminating the need to... more»
The UTM product has definitely improved the way our organization functions. We have set a standard across clients and engineers. Everyone is trained on the product and knows how to manage the devices. UTM is probably the most complete... more»
* It has allowed us to have one solution for our AWS needs. * It allows our developers to be able to securely log into servers to deploy and manage software. * It has allowed us to design a bespoke cloud space for our clients, while still... more»
You per availability, zone, and per VPC. It should offer an account-based solution. When you buy a Sophos license, you have to buy a license for each location. We have clients in the US. We have clients in Ireland. We have clients in the UK.... more»
Stability issues. I built out this firewall in a cluster, and I had stability issues day one. Needs to be rebooted frequently. Tunnels need to be bounced frequently. Their hardware compatibility guide, when I built out the servers to host... more»
The granularity which is used to confirm applications based in users. When you have VMware NSX, it is easy to deploy this virtual firewall because it is fully integrated with the VM solution. If I want to segment any type of network inside... more»
When talking about the VM or the virtual firewall, it is mostly about the sessioncapacities that it can handle. In the early version of the firewall, the session or traffic that it could inspect was low. In quite a few releases, they have... more»
The reporting. There are various reports that come with the box or with VMware, but you can only run them daily. If you want to generate a report from this week or the past month, you have to create a custom report. It is not that difficult,... more»
The proxy based policy in Policy Manager is the best feature. It helps me: * Create many different firewall policies for different networks and services * In tracking problems in the policy rule in the traffic monitor of Firebox System Manager
With this product, I can easily block group websites with its WebBlocker based on predefined categories such as: Social Network, Sex Material, and Video Streaming We can also use Application Control to block some applications based on... more»
1. It is difficult to configure WatchGuard with your internet settings. Actually, a normal internet setting/configuration is easy. However, I had a problem with multi WAN and multi LAN. I have a few different LAN subnet and two WAN. What I... more»
The UTM/SG platform starts off with the basic functionality of being a good Firewall, adding the additional modules opens up the products set and allows for full web filtering and application control, reverse proxy, APT detection, IPS, VPNs,... more»
The Sophos UTM planform has allowed us to improve or implement the following security practices: * Details Web filtering and user access Control * SaaS QoS * Network segmentation with firewall and IPS * WiFi protection * Web Application Proxy... more»
At Enterprise level the SUM (UTM Manager) needs to be updated to reflect all of the capabilities At the Reporting level for user internet browsing the On-box Reporting is very basic and even adding the Sophos iView only give you limited... more»
We're discussing a family of UTM (Unified
Threat Management) appliances. FortiGate is a term which includes a wide range of products,
starting with small ones dedicated to small offices, and developing into devices which are able to grant security and networking for large companies. The
family includes physical devices and
virtual machines, which grant network security on different layers using a
single point of control. FortiGate is optimized
to avoid bottlenecks or delays while the various controls are performed. High availability is also part of the available
features with various solutions to avoid single points of failure.
In the following short list, I will list
some interesting points about the FortiGate solution.
If you are...
Threat management. That is very important, obviously. There has been a lot of press about hacking, virus vulnerabilities, the cron bug, etc. It is very important that we detect these as soon as it happens, so we can implement measures before... more»
We now have a lot more details about what our users are doing on the network. Whereas before, we did not know certain things they were accessing, websites they were going to, and what vulnerabilities were potentially being introduced into our... more»
The interface, maybe. It is all Java-based and I would prefer an HTML5 interface. It would make things a bit quicker. It is not that it is really bad once you are in, it is just another Java-based application that is not amazing. I am not... more»
It's a complete solution. You can purchase switches and you don't need to do anything with them. You just put in the firewall and the switches get all the policies and rules that you already have in the firewall. That's a very nice feature... more»
The first benefit is the cost. It is very affordable. Also, it's very easy to set up, it's very easy to make policies and, for an organization, that means you don't need IT expert in firewalls. You just need to have somebody who knows a... more»
If you compare it with other products, other firewall products in the market, at this moment, it doesn't have that many features, no impressive feature in it, in fact. The one thing I like about the product is the logging features, the way it logs, the way it forwards the logs in Syslog. It generates the particular Syslog. Compared to other products, that is the... more»
It doesn't have a proper GUI to do troubleshooting, so most people have to rely on the command line. Its a sort of legacy product nowadays. The firewalls which are the next generation have loads of features added to them, and they are all in one box. It should have packets, deep level inspections and controls, like the features which other IPS solutions have. It... more»
The ability to have a site to site VPN, yet have the users use their local internet rather than sending all traffic back to our main site is crucial to their day to day operations. Remote VOIP phone system routing through the VPN we have... more»
We have issues with IPS and DoS attacks taking down a couple of our sites. I've changed the IPs of the external interfaces yet the attacks still happen and the Firewall will disconnect the VPN connection as well as stop all internal traffic... more»
For me, the most important thing is content management and, obviously, the firewall because we have some servers. We have different levels of users. Some users, we are just giving them email access. For some users, working sites only. For... more»
Before, I was using TMG, and it was very difficult, back in 2010. A lot of things, like HTTP filtering and HTTPS filtering, were a problem for me at the time. If someone asked me to block YouTube for example, I was able to do so in TMG but... more»
They have some issues with email filtering. Sometimes, I have found emails that have passed through the firewall, so I contacted Cyberoam. They said, "Okay, we are going to update the signature in the next update you, you will not get it like... more»
The web filter and the ATP (Advanced Threat Protection) are great and easy to manage, and the integrated WAF (Web Application Firewall) allows the administrator to seamlessly protect HTTP/S services without having to pay thousands of dollars.... more»
Our datacenter cloud services such as email, and web services for internal and external use, had to be protected with different systems and the web services where left really unprotected, since we used an standard IPS/IDS to protect ourselves... more»
Sophos UTM has many improvements that I would suggest, but the main one is for the Application Control to be managed with users as well, and with timeframes (schedules) for the administrator to allow certain apps outside an specific... more»
Before using the Sophos appliance, we consistently struggled with users clicking on things they shouldn't be. This led to virus/malware infections that seemed to propagate through the network at an alarming speed. Since we incorporated the... more»
I wish the internet failover worked better. As it stands right now, when we have an internet failure on WAN1, it takes several minutes before our WAN2 connection picks up the traffic, with many things not working until I manually fail over to... more»
Cisco ASA has a well-written command-line interface. Cisco’s AnyConnect SSL VPN is by far the best client VPN technology I’ve ever had to deploy and manage. Upgrades are a breeze. Failovers between units are flawless. FirePower add-ons deepen... more»
Cisco is a huge name in the networking world. Having a solution that includes their firewall technology adds value from an operability and support perspective. Cisco, although sometimes considered to be "behind the times" with firewall... more»
When running multiple firewalls in your network, you need someone to manage them from a central point. Cisco’s answer is Cisco Security Manager (CSM). Unfortunately, this is a suite of applications that is in much need of an overhaul. It is... more»
The most valuable feature, according to the setup we have at our work place here, is the flexibility of the system or the firmware that's running the appliance. It's so flexible, performing multiple rules with different configurations. According to the set up here, we need to implement several firewalls with different access levels, because we have a variety of... more»
It is performing well. However, the only challenges that we are facing are the effectiveness with blocking the proxy and tuneling applications, aside from proxy and similar applications. So the application filter on the product is not really performing 100%. Every now and then there are some updates that are happening on such applications, and it takes time... more»
The ASA 55-x range is a solid and reliable firewall. It secures the traffic for normal purposes. If you ask how a firewall can improve our business: It can’t. It is securing our business IT network. But if you want to know what the ASA5520... more»
Firewalls, in general, were not really designed for normal IT personnel, but for firewall and network experts. Therefore, they missed a lot of options and did not provide any good reporting or improvement options. For example, to update or... more»
For many enterprise organizations, firewalls are critical for protecting a company’s network and appliances from unauthorized incoming and outgoing access. According to IDC, this interest in firewalls is not declining anytime soon, with worldwide vendor revenues for security appliances... more»
What are the top five firewalls of 2017?
IT Central Station’s crowdsourced user review platform helps technology decision makers around the world to better connect with peers and other independent experts, who provide advice without vendor bias.
Our users rank their top firewalls of 2017... more»
Network Engineer with a proven track record of problem resolution and implementation success. I treat every challenge uniquely and from start to finish am fully engaged. I enjoy coming to work every day because I know there will be a new challenge waiting for me, allowing me the freedom to work... more>>
A highly driven IT Professional, possessing more than 8 years of experience in various aspects of Security Management, Vulnerability Assessment, deployment, and security, of large enterprise networks. Possessing a wide range of technical proficiencies, in Telecommunication and Real time... more>>
Security Consultant -Team lead at Accenture
Sr Engineer - Security management at Wipro
Service delivery consultant at HP
Sr Engineer network and security at Tulip telecom
Information security policies and procedures
Security compliance, Governance
Firewall (Check point, Cisco,... more>>
A dedicated and innovative Information Technology management professional with demonstrated abilities and contributions in management, team, and individual environments. A highly skilled briefer to diverse audiences. Brings a proven record in progressively responsible and challenging... more>>
An ambitious, optimistic and self‐motivated business development professional with 15+ years of experience in first‐rate Management, Commercial and Technical skills field of Data Communication, Data Centers, IoT and Services Lifecycle – from solution designing & products development through... more>>
A successful Multi-talented system administrator with good all-round technical skills and the ability to develop and maintain close working relationships with both customers and collegues. Quick and eager to learn new things and always looking to improve my knowledge.
Senior Technical Consultant - Network and Security
7+ years of Experience in IT industry with major skills in Networking and security of enterprise networks. Provided solutions to the leading enterprises in UAE for the best IT architecture(Network, Security and wireless solutions), Performed Network audits on the enterprise networks.
Network Engineer Certified Ethical Hacker, CHFI, MS ISA @ WGU March 2013 with a diverse skill set to bring about control and change to an existing infrastructure. Documentation of current configurations and teaching others. Focus is information security assurance with expected graduation... more>>
Specialties: Fortinet design and deployment, Wireless network design and deployment, Apple network integration, Cisco switch deployment and integration, Exchange 2010/2013 deployment, Server 2012 design and deployment.
I also work extensively with vSphere 5, designing and deploying solutions... more>>
I'm a friendly, intelligent, passionate and very curious human being. A self-motivated worker, I enjoy finding any area of a workflow or process that needs improvement and working to empower that to a higher potential. Be it a technical matter involving a network of devices or working to... more>>
I have worked in the IT industry for the past 10 years initially with a primary focus on technology implementation and security administration. I have a strong background in both physical and logical security and have worked in both areas.
I am very interested in information security,... more>>
I'm a highly driven IT Professional with over a decade of experience in the industry. I have acquired a tremendous amount of hands on technical knowledge dealing with all areas of IT. The areas I'm focusing on is Networking, Storage, Virtualisation & Microsoft Technologies.