Advice From The Community

Read answers to top Firewalls questions. 430,745 professionals have gotten help from our community of experts.
Menachem D Pritzker
There are so many products in the market today. Who are we going to be talking about 3-5 years from now?
author avatarRony_Sklar
Community Manager

Would you mind elaborating on why you think Netscope and Zscaler are on the way up? What are they doing that sets them apart from other vendors?

author avatarStuart Berman
Real User

I doubt we will see a new firewall vendor, but I believe we will see new architectures that leverage the advanced capabilities of NGFW delivery through ISPs, think of it is a clean pipe for Internet access. The ISPs will use firewalls (virtualized and segmented by customers) to do the filtering before it hits your networks, just like we see with spam filtering.I also believe we will see more edge networking, 5G networking where the firewall function will be built into the network at the edge. We already are seeing early versions of the with things like Curiosity OS by Sprint working with Ericsson. I think they will easily add existing VM firewalls to their platform and not reinvent the wheel.

author avatarRony_Sklar
Community Manager

@Stuart Berman Interesting perspective. Thanks for sharing. Are there examples of companies working together like Ericsson and Sprint?

author avatarISRAEL DIAZ DOMINGUEZ
User

Those firewalls that allow extend the perimeter. Nowadays, there is a issue with the static perimeter and all is going to change in the next semesters. In my opinion, solutions like Netskope are offering this extended perimeter functionality and they could lead the market.

author avatarNehad Elkordi
Real User

Cisco Portfolio is focusing on total security inside and outside including cloud security,two factor authentication & SDWAN.
Forti Portfolio is focusing on total security too inside and outside including cloud security & two factor authentication.
both are working with Sandbox which is important for 0 day attack.
Therefore If R&D for both vendors will keep as they are today i think they'll be market leaders and away by far for the next 5 years 

author avatarRony_Sklar
Community Manager

@Nehad Elkordi Cisco and Fortinet are currently top players - are there other products that are less known that you think are going to compete with Cisco and Fortinet?

author avatarLipaz Hessel
Real User

Well with the SD-WAN raising it is common to see cloud firewall implementations, like ZScaler.
but as data center firewall, I don’t see any new player comes out unless it will come with a new surprising feature as the market have so many good vendors.

author avatarBrianCook
Reseller

I can think of 2 Firewalls that should be doing much better then they are, Kerio Control and ZyXEL ZyWall. Both have been around for a long time but have never gained the market share I feel they should have and I often find people have never heard of them. 

author avatarIan MacFarlane
Real User

Meraki / Fortinet / SonicWall

author avatarMukesh_Sharma
Real User

It,s totally depends on your security requirements.

B Putnam
I am the owner of a retailer company with 1-10 employees.  We host websites on Windows 2008 R2 servers and Norton Business Protection. We are looking for recommendations for the best network firewall. Thanks! I appreciate the help.
author avatarStuart Berman
Real User

Good commercial firewalls take a degree of expertise that small businesses rarely possess, for that reason, I would look for a managed security services provider that specializes in the SMB retail market. They should be able to do it affordably and with solid expertise. They should support Fortinet or Palo Alto Network firewalls which are the current gold standard for Next-Generation Firewall. You should also look at upgrading your Windows 2008 servers as they are end of life and tough to protect today.

author avatarGabriel Sicouret Villalobos
Real User

You should be looking at the Juniper's SRX300, which is a bundle of switching, security and routing. You'll have embedded PoE+ functionality with its 6 Gigabit Ethernet Ports, and 2 uplinks running at 10 Gbps, Industry best, high-performance IPsec VPN solution with 2 FREE SSL VPN licenses and able to purchase up to 48 more licenses for a total of 50 remote collaborators.

Check this out for more information: https://www.juniper.net/us/en/products-services/security/srx-series/datasheets/1000550.page

author avatarNguyen Nguyen
User

Priority as below:

1. Best choice: CISCO FirePower 1120 as it is a strong FW and not necessary to renew the subscription if you just need a firewall.
2. Powerful but expensive: Palo Alto Networks PA or Check Point: small series and you have to renew subscription yearly.
3. Multi-functions: FortiGate, ForcePoint, SonicWall, Watchguard, Sophos: Forti is popular and high ranking, the others are lower ranks, but all these ask to renew subscription yearly as well.
4. Opensource: I do not recommend as there is no one responsible for your system unless you are very pro in Linux and opensource.

author avatarDavid Hartt
Real User

I think you should be looking more into a WAF. For firewalls with ~ 10 users a small FotiGate should be sufficient but the opportunity I see of the 2008 R2 servers. You should have moved off of these systems as of 2019 but that is not relevant to your question. I would invest in protecting those systems with an appropriately sized WAF. For this I recommend a FortiWEB.... these are distinctly different products.

author avatarLuis Apodaca
User

1-10 employees., it's not that big, you should try the Unifi Platform from the Ubiquiti brand, it is a bargain for the price and resource you can manage, and the better for you is you don't have to pay licencing, you only pay the hardware an the IT for implement the solution.

author avatarMohamed Rashwan
Real User

FortiGate 60F will be a good and economical choice for you especially that you will host a website it will give you the best performance.

author avatarRias Majeed
Real User

Better go with FortiGate 60E.

author avatarFinis Ross
User

Fortinet

Charudatta Kulkarni
I work in a small organization in the educational sector.  We would like to extend firewall licenses, So we need to evaluate vendors. On what criteria/basis should we compare vendors and devices?
author avatarNawaaz Toonah
Real User

In the educational sector, the main challenge is to have control over all content that students or educators will be accessing.
We have many vendors that offer this service, a few examples will be Fortigate, Sonicwall, Cisco, and Sophos.
Now it will depend on what aspect of firewall that you want to focus on if you want content filtering I would recommend going for Sophos.
With Sophos, everything has been made simple to manage and not really need to be an expert to maintain this nice piece of technology.

author avatarBrad Nawrocki
User

I support about 100 employees with a WatchGuard Firebox. There easy to configure and support is great if you do need help. They make many models to fit you business.

author avatarCari Lahoz
Real User

For vendors, I think there are more options in the US but I would like to know how their support and expertise is in case you need assistance in configuring the firewall and pricing.

For devices, I think it depends on what your needs are because there are very basic firewalls and there are ones that have lots of modules. I would also consider the user interface and ease of configuring. Also, consider the cost of license renewal.

author avatarAdriano-Simao
Real User

As per you description situation, you can consider at least the following aspects.
Financial Aspect: What amount do you expect to spend for this device. If you have online payments, if the availability is one of your constraints so you will need two for failover and load balance;
Support Aspect: Its difficult to evaluate this point as allmost all vendors says that they have a good support methodology and expert teams, so you need to consider all aspect of the SLA, regarding what you company can pay;
Cybersecurity Aspect: So, if you need firewall means you have mail and web services at least. At this point you need to take a look at what vendors say about this ourdays problems, our they face it, where is the vendors on Gartner Quadrant. Most of the expensive one are not good enough but visionars and chanllenger can be considered. Of course you kind of service and kind of data your dealing with is one of aspects you must consider too.
You can design a table/check list with all aspects you need to consider, like throughtput you need, No. of VPN/Branch office and some other features you need to safe you environment and put values on it and some assumptions that you need to consider and at last you decide and i believe you will do the best.

author avatarChandanaPiyaratne
Real User

There are more than half a dozen of reliable vendor options are available for small organization.

Evaluation criteria need to align with the identified requirement; such as if the requirement is for.
* Secure the network from outside attacks?
* Control outgoing traffic?
* Remote network access?
* Integration with End devices?
* Network visibility?
* Added features such as; spam filtering, Data leakage prevention etc?

Once the requirement is identified, as with any other networking procurement evaluation, following criteria can be looked at for evaluation.
* How long the vendor has been in the industry
* Reviews by 3rd party evaluators such as Gartner
* Customer references related to the same industry
* Capacity criteria such as; number of interfaces, total throughput, session capacity
* Cost aspects such as; TCO for 3~5 years, warranty and replacement service levels, technical support levels

author avatarStanley Honour
User

I second those observations.

Ariel Lindenfeld
Let the community know what you think. Share your opinions now!
author avatarSimon Coombs
Real User

Comprehensive protection, reliability, straightforward administration, total cost of ownership over three to five years.

author avatarGirish Vyas
Real User

There are already some good answers about it but this is what I understand for a firewall. It is a luxury when compared in a networking domain. So basics first, we would need to suit your networking requirement. For this you need to settle down for Vendor whom you need to buy this firewall. From an organization level, Try to get a best deal.

Now from networking perspective, take that spec sheet out and look for the models they offer and see which one fits your network. I mean check the throughput of the firewall. Can it handle the load you are going to push it through ?

Ok so you got your vendor and the model but wait let's see that spec sheet again. Why? The features. Yes the features are also important as everyone already pointed it out. You need to compare the feature and see if it meets your organization policy. Most of the firewalls have all that is required for an organization. This includes but not limited to deployment mode, high availability, application visibility, custom application definition, central management (required if you have more than one firewall to standardize your policy), Throughput post going through IPS / URLF, SSL VPN capability (I don't want to spend more to get this new extra feature right), IPSEC VPN, and others. The core of deploying the firewall is the throughput. I don't know how to emphasize more on that.

Once you get this checklist complete. I believe you are good to purchase a firewall for your organization. I would request people to try these firewalls on the VM instance for demo and see how they function. Check with your vendor for demo. This is to ensure that your IT engineer is comfortable with the look and feel as he is the one going to handle your firewall right ?

All the best ! on getting a new firewall.

author avatarit_user339975 (Project Consultant at a tech consulting company)
Consultant

Awesome answers all around!

The most important aspect to look for is relative to one question:

How informed are you with the actual needs of your network?

Overall I think there are too many specific details to choose any one primary aspect when selecting a security appliance and/or firewall device based on functionality alone. Any company that is online and running with proven technology has offered a solution that meets the minimum standard for most situations and customers. However some do perform better than others in certain environments and this depends on the needs of the network and resources. Firewalls fulfill one general role in the network: the protection of key resources. This can be expanded upon in a number of ways but the idea is the same all the time; the protection of key resources and the inspection of traffic in and out of these resources. That being the case, it would require in depth research based on specific needs and see how that relates to the network in question when selecting a device.

The one aspect that will always matter regardless of the device capability is Integration and Administration. Although customer support from the vendor is extremely important, the first line of response will always be the in-house technical resource.

- How easily can I role this out?
- Am I replacing a pre-existing device or adding this in tandem?
- Do I have people who can manage this device currently and if not, can they be trained easily?
- If I have a single admin/engineer who manages this device and they leave the company, how easy is it to find another qualified person?

I think these aspects and questions matter a great deal. Regardless of specific strengths for a single device, if that device cannot be installed easily or managed easily, that equals more confusion and downtime which usually means a loss of money.

When considering a new firewall device or security appliance, I encourage my clients to review their short and long term goals before allowing too much time in debate over which device is better.

author avatarMiguel Angel Hernández Armas
Real User

1. Status inspection capabilities.
2. Ease of administration.
3. Performance.
4. Price.
5. Scalability.

author avatarreviewer863067 (IT at a real estate/law firm with 1-10 employees)
User

1. Protection
2. Throughput
3. Ease of use
4. Support
5. Price

I want to make sure it fits my needs and does what I need to do. Every environment and budget is different. Making sure you talk to people who know what they're doing so you get the product you need.

author avatarOwenmpk
Real User

1. I can figure out how to use it so it must have GUI interface.
2. Good support so when I need help I can get it.
3. Renewal fees are reasonable (not half the price of the unit).
4. Of course, that it does the job.

author avatarit_user815814 (IT Security Consultant at Cilnet)
Consultant

NGFW, Stability, Good vendor support, Good logging information, centralized management

author avatarit_user279666 (IT Security Consultant at Rodl Middle East)
Vendor

Firewall should be:
- with NGFW features
- Capable of Inspecting encrypted traffic without breaking or compromising the security of the traffic.
- Scalable
- Easy to manage and configure
- with Excellent vendor support

Sameer Mogale
Has anyone tested or is actively using the Seqrite range of UTM devices in production? I just wanted an honest opinion about their performance and reliability. www.seqrite.com
author avatarreviewer1232628 (Solutions Architect at a comms service provider with 501-1,000 employees)
Reseller

Without knowing much about Seqrite, I can offer this advice:

1. Request (2) loaners for you to test out. Any sales team worth their salt will agree to this simple request, especially if it's going to be 30 days or less.
2. Use a Penetration and Vulnerability tool so you can determine if bad operators can easily break in.

Keep this in mind for now and forever: If you sell a security service and your customer suffers from a number of attacks, any number at all, which leads to any kind of loss in productivity or intellectual property, they would consider it your fault, and you don't want that.

author avatarChiragPanchal
User

Seqrite is new entrant in the perimeter security. Hence not have much option on it, but yes Seqrite is doing good in EPP.

author avatarAhmed Khattab Khattab
User

Never heard about them.
I’m not into UTMs anyway except for small companies with few number of users and low outbound/ inbound traffic

author avatarAnge Marie TREY
User

I have never used this equipment, I can not really help. But if I base myself on the datasheets, it is an equipment which should function like Sophos or Fortinet

author avatarAbdullah El Deeb
Consultant

I dont know.

See more Firewalls questions »

Firewalls Articles

Danielle Felder
Senior Social Media and Content Manager at IT Central Station
For many enterprise organizations, firewalls are critical for protecting a company’s network and appliances from unauthorized incoming and outgoing access. According to IDC, this interest in firewalls is not declining anytime soon.   There are many firewalls to choose from in the industry, such… more»
Andrew S. Baker (ASB)Another question: -- How quickly does the vendor provide support and fixes?
reviewer690582That depends on the type of subscription that accompanies your device(s). You… more»
Andrew S. Baker (ASB)My suggested question is independent of the support packages. If you're paying… more»

What is Firewalls?

What is a firewall? Technically, a firewall definition could be that it’s the part of a system or network that blocks unauthorized access but permits outbound communications.  Most importantly, firewalls are intended to protect key IT assets from security threats such as denial of service attacks or data theft. Firewalls come in many varieties. What makes one better than other will depend on numerous organization-specific factors. 

Top firewall comparisons:

When IT Central Station users were asked about what makes the best firewall, they described a number of factors that will help anyone make the right choice. Some security professionals want to know what is the best free firewall? IT Central Station reviews suggest that this is a question that should asked only after one has assessed many basic requirements about usability and features first.

Visibility is offered as one of the most critical aspects of an effective firewall.  Users want global reports and traffic visibility as well as application visibility.  IT Central Station members also want the firewall to provide visibility into specific users’ behaviors.  Visibility as a key point of value cuts across different types of solutions, including Windows firewalls, firewall software and network firewalls.

Ease of use and simplicity of administration also rated as high priorities for firewall buyers. A firewall should be easy to manage and configure.  Easy installation is essential, as is integration.  According to IT Central Station reviewers, firewalls typically function in complex, heterogeneous security environments. In parallel, solid vendor support is important.  Reviewers noted that the first line of response to an issue with a firewall is almost always an in-house technical resource. That resource needs to be trained easily. If training is too cumbersome or if the firewall admin is a hard-to-find hire, the department will suffer.

Firewall users list many specific functions as “must haves.” These include intrusion protection (IPS), VPN, high throughput, data loss prevention, SSL, IPSEC, application control and web content filtering.  Some users want a firewall to easily integrate with an LDAP Server or Radius Server.  Anti-spam is desirable, as is anti-virus and anti-spyware protection.  Users emphasize the importance of IPv6 native support as well as traffic shaping and bandwidth control.

Find out what your peers are saying about Fortinet, Cisco, pfSense and others in Firewalls. Updated: July 2020.
430,745 professionals have used our research since 2012.