Over 254,040 professionals have used IT Central Station research.
Compare the best Firewalls vendors based on product reviews, ratings, and comparisons.
All reviews and ratings are from real users, validated by our triple authentication process.
The total ranking of a product, represented by the bar length, is based on a weighted aggregate
score. For Views, Comparisons, Reviews, and Followers the score is calculated as follows: The
product with the highest count in each area gets the highest available score of 17.5 points.
Every other product gets assigned points based on its total in proportion to the #1 product in
that area. For example, if a product has 80% of the number of reviews compared to the product
with the most reviews then the product's score for reviews would be 17.5% (weighting factor) *
80% = 14. For Average Rating, the maximum score is 30 points awarded linearly based on our
rating scale of 1-10. If a product has fewer than ten reviews, the point contribution
for Average Rating is reduced (one-third reduction in points for products with 5-9 reviews;
two-thirds reduction for products with fewer than five reviews). Reviews that are more than 24 months old,
as well as those written by resellers, are completely excluded from the ranking algorithm.
What is a firewall? Technically, a firewall definition could be that it’s the part of a system or network that blocks unauthorized access but permits outbound communications. Most importantly, firewalls are intended to protect key IT assets from security threats such as denial of service attacks or data theft. Firewalls come in many varieties. What makes one better than other will depend on numerous organization-specific factors.
When IT Central Station users were asked about what makes the best firewall, they described a number of factors that will help anyone make the right choice. Some security professionals want to know what is the best free firewall? IT Central Station reviews suggest that this is a question that should asked only after one has assessed many basic requirements about usability and features first.
Visibility is offered as one of the most critical aspects of an effective firewall. Users want global reports and traffic visibility as well as application visibility. IT Central Station members also want the firewall to provide visibility into specific users’ behaviors. Visibility as a key point of value cuts across different types of solutions, including Windows firewalls, firewall software and network firewalls.
Ease of use and simplicity of administration also rated as high priorities for firewall buyers. A firewall should be easy to manage and configure. Easy installation is essential, as is integration. According to IT Central Station reviewers, firewalls typically function in complex, heterogeneous security environments. In parallel, solid vendor support is important. Reviewers noted that the first line of response to an issue with a firewall is almost always an in-house technical resource. That resource needs to be trained easily. If training is too cumbersome or if the firewall admin is a hard-to-find hire, the department will suffer.
Firewall users list many specific functions as “must haves.” These include intrusion protection (IPS), VPN, high throughput, data loss prevention, SSL, IPSEC, application control and web content filtering. Some users want a firewall to easily integrate with an LDAP Server or Radius Server. Anti-spam is desirable, as is anti-virus and anti-spyware protection. Users emphasize the importance of IPv6 native support as well as traffic shaping and bandwidth control.
Read reviews of Firewalls that are trending in the IT Central Station community:
Your trust is our top concern, so companies can't alter or remove reviews.
Barracuda has a very simple interface, very good security, all the features of the best firewalls in the market, but with a very friendly interface. Something that we've seen that Barracuda, and some other brands also, have. When you program the firewall to detect certain kinds of attacks, Barracuda can detect that kind of attack and automatically insulate, or... more»
The problem we found was with the issue of configuration. Our engineers are working with some other brands, they have knowledge of other brands. With Barracuda it's a matter of translating the comments. So maybe one company calls something a "black box" and with Barracuda they call "black" "dark." So it's a matter of getting to know it.
I like that you can run a packet capture from within SonicWall and configure it to automatically upload the packet captures to an FTP server. This is useful when trying to troubleshoot an intermittent issue. It can capture for as long as you... more»
We are more aware of security issues since SonicWall can be configured to send e-mail alerts. Server-side Outlook rules and Exchange transport rules (more informational subject lines) can be helpful in sorting and making sense of the many... more»
I am not sure if SonicWall has finally addressed this issue but a major area for improvement would be being able to export the settings file in a non-binary readable and editable format. It is not possible to export, make changes and then... more»
Live monitoring of what is happening inside and with the interfaces, either ingress or egress - this is a good feature of the device. Secondly, most people use enterprise applications remotely, and there is no license for SSL VPN, or in other... more»
I'm a network and cyber security consultant. This is not only for my offices, I have deployed it for many large enterprises where customers are remotely accessing their applications. We can define user application-level access, so our... more»
It's a little bit complex in terms of handling. If you implement a change, there is a specific point where you have to commit it. It's not like you just push a button and it's always committed. If you don't know to check whether your commit... more»
The most valuable to features are: Web Application Firewall, Sophos UTM Manager, IDS/IPS, Remote Access, and RED. * WAF: This is excellent for hardening web servers. The firewall will reverse proxy your web servers, eliminating the need to... more»
The UTM product has definitely improved the way our organization functions. We have set a standard across clients and engineers. Everyone is trained on the product and knows how to manage the devices. UTM is probably the most complete... more»
* It has allowed us to have one solution for our AWS needs. * It allows our developers to be able to securely log into servers to deploy and manage software. * It has allowed us to design a bespoke cloud space for our clients, while still... more»
You per availability, zone, and per VPC. It should offer an account-based solution. When you buy a Sophos license, you have to buy a license for each location. We have clients in the US. We have clients in Ireland. We have clients in the UK.... more»
The proxy based policy in Policy Manager is the best feature. It helps me: * Create many different firewall policies for different networks and services * In tracking problems in the policy rule in the traffic monitor of Firebox System Manager
With this product, I can easily block group websites with its WebBlocker based on predefined categories such as: Social Network, Sex Material, and Video Streaming We can also use Application Control to block some applications based on... more»
1. It is difficult to configure WatchGuard with your internet settings. Actually, a normal internet setting/configuration is easy. However, I had a problem with multi WAN and multi LAN. I have a few different LAN subnet and two WAN. What I... more»
The UTM/SG platform starts off with the basic functionality of being a good Firewall, adding the additional modules opens up the products set and allows for full web filtering and application control, reverse proxy, APT detection, IPS, VPNs,... more»
The Sophos UTM planform has allowed us to improve or implement the following security practices: * Details Web filtering and user access Control * SaaS QoS * Network segmentation with firewall and IPS * WiFi protection * Web Application Proxy... more»
At Enterprise level the SUM (UTM Manager) needs to be updated to reflect all of the capabilities At the Reporting level for user internet browsing the On-box Reporting is very basic and even adding the Sophos iView only give you limited... more»
Threat management. That is very important, obviously. There have been a lot of press about hacking, virus vulnerabilities, the cron bug, etc. It is very important that we detect this stuff as soon as it happens, so we can implement measures... more»
We now know a lot more detail about what our users are doing on the network. Whereas before, we did not have an idea of certain things they were accessing, websites they were going to, and what vulnerabilities were being potentially... more»
The interface, maybe. It is all Java-based. I would prefer an HTML5 interface. It would make things a bit quicker. It is not that it is really bad once you are in. It is just another Java-based application that is not amazing. I am not really... more»
We're discussing a family of UTM (Unified
Threat Management) appliances. FortiGate is a term which includes a wide range of products,
starting with small ones dedicated to small offices, and developing into devices which are able to grant security and networking for large companies. The
family includes physical devices and
virtual machines, which grant network security on different layers using a
single point of control. FortiGate is optimized
to avoid bottlenecks or delays while the various controls are performed. High availability is also part of the available
features with various solutions to avoid single points of failure.
In the following short list, I will list
some interesting points about the FortiGate solution.
If you are...
Navigation through options and configure them is just two mouse clicks away. Lots of information without need of an external tool. * Site-to-Site VPN * Easy configuration * Really easy and user friendly GUI * Stability * AD integration *... more»
We had several routers in our environment, including Linux firewalls and Cisco PIX for user and site-to-site VPN connections, all of them were replaced by Kerio Control. The improvement was instant as now we have a better overview of all our... more»
The VPN configuration because if you need specific VPN parameters you have to configure them through the CLI of the appliance. These options are not available in the GUI. The intrusion prevention system is good, but it could be better and you... more»
Currently we use Juniper products, SSG and SRX firewalls in about a 50/50 mix both standalone and in HA clusters. We also use their NSM for device management and logging. The SSG models are mostly EOL and are being replaced with new “Next... more»
I can’t really say a firewall improves anything other than security, but we have been able to solve a lot of extranet connectivity issues with these firewalls that the bigger name devices didn’t handle so well. It is bomb proof as seen by the... more»
While the OS supports a pretty full UTM option, we found in testing that the hardware was not powerful enough to run with all the bells and whistles turned on for the amount of traffic we process. So we use other hardware for those services... more»
If you compare it with other products, other firewall products in the market, at this moment, it doesn't have that many features, no impressive feature in it, in fact. The one thing I like about the product is the logging features, the way it logs, the way it forwards the logs in Syslog. It generates the particular Syslog. Compared to other products, that is the... more»
It doesn't have a proper GUI to do troubleshooting, so most people have to rely on the command line. Its a sort of legacy product nowadays. The firewalls which are the next generation have loads of features added to them, and they are all in one box. It should have packets, deep level inspections and controls, like the features which other IPS solutions have. It... more»
The ASA 55-x range is a solid and reliable firewall. It secures the traffic for normal purposes. If you ask how a firewall can improve our business: It can’t. It is securing our business IT network. But if you want to know what the ASA5520... more»
Firewalls, in general, were not really designed for normal IT personnel, but for firewall and network experts. Therefore, they missed a lot of options and did not provide any good reporting or improvement options. For example, to update or... more»
The ability to have a site to site VPN, yet have the users use their local internet rather than sending all traffic back to our main site is crucial to their day to day operations. Remote VOIP phone system routing through the VPN we have... more»
We have issues with IPS and DoS attacks taking down a couple of our sites. I've changed the IPs of the external interfaces yet the attacks still happen and the Firewall will disconnect the VPN connection as well as stop all internal traffic... more»
The web filter and the ATP (Advanced Threat Protection) are great and easy to manage, and the integrated WAF (Web Application Firewall) allows the administrator to seamlessly protect HTTP/S services without having to pay thousands of dollars.... more»
Our datacenter cloud services such as email, and web services for internal and external use, had to be protected with different systems and the web services where left really unprotected, since we used an standard IPS/IDS to protect ourselves... more»
Sophos UTM has many improvements that I would suggest, but the main one is for the Application Control to be managed with users as well, and with timeframes (schedules) for the administrator to allow certain apps outside an specific... more»
Before using the Sophos appliance, we consistently struggled with users clicking on things they shouldn't be. This led to virus/malware infections that seemed to propagate through the network at an alarming speed. Since we incorporated the... more»
I wish the internet failover worked better. As it stands right now, when we have an internet failure on WAN1, it takes several minutes before our WAN2 connection picks up the traffic, with many things not working until I manually fail over to... more»
Cisco ASA has a well-written command-line interface. Cisco’s AnyConnect SSL VPN is by far the best client VPN technology I’ve ever had to deploy and manage. Upgrades are a breeze. Failovers between units are flawless. FirePower add-ons deepen... more»
Cisco is a huge name in the networking world. Having a solution that includes their firewall technology adds value from an operability and support perspective. Cisco, although sometimes considered to be "behind the times" with firewall... more»
When running multiple firewalls in your network, you need someone to manage them from a central point. Cisco’s answer is Cisco Security Manager (CSM). Unfortunately, this is a suite of applications that is in much need of an overhaul. It is... more»
* The VPN and the firewall. They are reliable and easy to manage. * The VPN is valuable for setting up secure remote connections to our network. * pfSense has the OpenVPN package which is a well-supported VPN software. * The "OpenVPN Client... more»
Network monitoring and device inventory could use some improvements. I'm using SpiceWorks for this because it never really worked in pfSense. Network monitoring is a big topic and I realize there is plenty of software out there like... more»
The UTM (application control) features have been very important, because they have solved many issues that other firewall providers have not developed as Fortinet has. A clear example of this feature advantages is blocking and allowing the... more»
They could improve performance with all the UTM features working. Sometimes, we have seen that when you enable the antivirus sensor, customers report slow web browsing. We know this is normal, but we would like to know if it is possible to... more»
The features we see and use the most are the SD-WAN, auto failover for dual ISP connections, auto failover for our VPN connections and the bandwidth monitoring are the main features. Alerting and monitoring are the next feature we see as... more»
As the only network admin in the company, I have to monitor nine remote sites (production and shipping facilities) and 12 remote VPN connections from various smaller facilities. Each location is a processing facility, which, when in season,... more»
For many enterprise organizations, firewalls are critical for protecting a company’s network and appliances from unauthorized incoming and outgoing access. According to IDC, this interest in firewalls is not declining anytime soon, with worldwide vendor revenues for security appliances... more»
What are the top five firewalls of 2017?
IT Central Station’s crowdsourced user review platform helps technology decision makers around the world to better connect with peers and other independent experts, who provide advice without vendor bias.
Our users rank their top firewalls of 2017... more»
Network Engineer with a proven track record of problem resolution and implementation success. I treat every challenge uniquely and from start to finish am fully engaged. I enjoy coming to work every day because I know there will be a new challenge waiting for me, allowing me the freedom to work... more>>
Security Consultant (Team lead) in Accenture
Leveraged service delivery (Wipro)
Worked for Bank client .(HP)
Worked on Government Tax dept.(Tulip telecom)
• Firewall (Check point, Cisco, Palo Alto, Fortinet, Juniper)
• IPS/IDS (Cisco, Checkpoint, IBM, McAfee)
• Proxy (Bluecoat,... more>>
A dedicated and innovative Information Technology management professional with demonstrated abilities and contributions in management, team, and individual environments. A highly skilled briefer to diverse audiences. Brings a proven record in progressively responsible and challenging... more>>
Senior Technical Consultant - Network and Security
7+ years of Experience in IT industry with major skills in Networking and security of enterprise networks. Provided solutions to the leading enterprises in UAE for the best IT architecture(Network, Security and wireless solutions), Performed Network audits on the enterprise networks.
An ambitious, optimistic and self‐motivated business development professional with 15+ years of experience in first‐rate Management, Commercial and Technical skills field of Data Communication, Data Centers, IoT and Services Lifecycle – from solution designing & products development through... more>>
A successful Multi-talented system administrator with good all-round technical skills and the ability to develop and maintain close working relationships with both customers and collegues. Quick and eager to learn new things and always looking to improve my knowledge.
Throughout my work experience, I developed self-learning skills. Having to support the technical documentation and working tools such as firewall, IPS, network switches, vmware, I have managed to acquire knowledge for its management,
whether for project recommendation and implementation and... more>>
Specialties: Fortinet design and deployment, Wireless network design and deployment, Apple network integration, Cisco switch deployment and integration, Exchange 2010/2013 deployment, Server 2012 design and deployment.
I also work extensively with vSphere 5, designing and deploying solutions... more>>
I'm a friendly, intelligent, passionate and very curious human being. A self-motivated worker, I enjoy finding any area of a workflow or process that needs improvement and working to empower that to a higher potential. Be it a technical matter involving a network of devices or working to... more>>
I have worked in the IT industry for the past 10 years initially with a primary focus on technology implementation and security administration. I have a strong background in both physical and logical security and have worked in both areas.
I am very interested in information security,... more>>
I'm a highly driven IT Professional with over a decade of experience in the industry. I have acquired a tremendous amount of hands on technical knowledge dealing with all areas of IT. The areas I'm focusing on is Networking, Storage, Virtualisation & Microsoft Technologies.