Firewalls Forum

Alvaro Picado
Systems Manager at a non-profit with 201-500 employees
Jul 15 2019
Which do you recommend? Cisco ASA 5516-X Security Appliance with FirePOWER Services or Fortinet  FG-100D-DBL?
Zaw AungI like both firewall but you should consider your team or yourself availability and resources to support the business. Cisco is better threw put, Fortigate is better interface management and easy to implementation than cisco. Hope it help.
Andreas Beuden@DataDeptMgr674 Sophos is the leader ? oh thats new for me. :) in real tests - we test all suppliers in front - Sophos failed every time. They have a big mouth.
Stuart BermanWe have migrated off of Cisco and Checkpoint over the last three years. We recently purchased a Fortigate 100E which is the model I would recommend as the 'D' series is older and less powerful. We use models that ranged from FG-60C (obsolete now) to series 3000. The 100E is great for our regional sites and provides IPS, VPN, A/V, web filtering and application control. These systems are both advanced and powerful as well as very affordable. We also use virtual images for our cloud (Azure and AWS) subscriptions as well as for internal firewalls on VMware. Additionally the Fortigate integrates well with their WAF (FortiWeb reverse proxy), RADIUS servers, logging and reporting servers as well as SIEM.
Ariel Lindenfeld
Sr. Director of Community
IT Central Station
Jun 18 2019
Let the community know what you think. Share your opinions now!
Simon CoombsComprehensive protection, reliability, straightforward administration, total cost of ownership over three to five years.
Stuart BermanThe state of the firewall has moved from IP and port filtering to combine these elements: 1) Application awareness (want to block Tor or Bit Torrent?) 2) User identity awareness (policies based on identity not just source IPs) 3) Policies based on device attributes (allow smartphones to access email without login) Forward thinking enterprises are looking at Unified Threat Management devices (or NGFW) to combine these functions along with IPS/IDS, malware filtering, AV gateway and other features.
it_user326514✓ Firewall ✓ Application control ✓ IPsec and SSL VPN ✓ IPS ✓ Web content filtering ✓ Anti-spam ✓ Data loss/leakage protection ✓ Anti-virus and anti-spyware protection ✓ IPv6 native support ✓ Traffic shaping/bandwidth control
Rhea Rapps
Content Specialist
IT Central Station
Is it required in your company to conduct a security review before purchasing a firewall? What are the common materials you use in the review? Do you have any tips or advice for the community? Any pitfalls to watch out for?
Chris LoehrIf you are a small shop, you need to trust your MSP, VAR or another reseller when purchasing a firewall. Don't just go online and buy direct. Resellers have trained people. Most mainstream vendors even have devices that can be deployed ahead of time to get a good idea of your firewall needs. In today's firewall world, it comes down to the software package that you license on your firewall. If you get a firewall without the security software, you are not getting an effective firewall. If you a midmarket or large company, there are tools such as ThreatCare that can help you test the effectiveness of the firewalls your are putting through proof-of-concept testing. They will test how well the capabilities are working, especially the ones that are in place to ensure confidential information does not go out of your network without authorization.
Dan StoltsYes, I recommend doing a security review regularly. Not necessarily before a firewall purchase unless you have not done one lately. Having the results of the review will help you understand what capabilities you need in a firewall. As an example, if you get a ton of login attempts from outside your country of origin but have no customers or partners outside the country you will want to have "country blocking" capabilities. There are a number of tools that can be used for evaluations. We currently use RMM and Security tools from SolarWinds. We have other tools as well. To perform a security review you have to have tools do the work. It simply is not possible for an individual to perform a thorough check without significant automation. We offer this as a service as well. Pro's: SolarWinds has a free version of some of the useful tools such as SIEM Security Information and Event Management (SIEM) Tool. You can rent some tools by going though a partner (such as us BayStateTechnology.com) Con's: Tools to purchase are a bit expensive. Performance checks that RMM uses is not accurate on large busy machines. Support leaves much to be desired.
Michael Majeski, Mba,Pmp,CsmIs it required in your company to conduct a security review before purchasing a firewall? Firewalls review are usually done annually and equipment is purchased to protect each network data point What are the common materials you use in the review? To verify the open ports, services, and applications of what is allowed and disallowed. Most companies are moving towards software like TUFIN to help continually perform these rule deployments and changes globally. Do you have any tips or advice for the community? Adapt to a common service platform to connect to service desk, deployments and regular review to reduce errors and service time to deploy FW changes. Any pitfalls to watch out for? Not being able to survey automatically current FW rules and settings could leave the company vulnerable to intrusion or failed services for internal stakeholders.
Terry Stokes
Information Technology Manager at a healthcare company with 51-200 employees
I have a web-based firewall solution from our telecom vendor which is not user friendly nor does it show you the traffic on the firewall.I have six geographically dispersed locations. What do you recommend for a corporate firewall implementation? 
it_user359346I would recommend Sophos UTM9. We've been using it for more than 2 years and it's stable. Although Sophos is already recommending their newest XG line the UTM9 version is very stable and still has a large community support. The UI is intuitive and features are up to par for your most demanding policy enforcement. Like all the posts before, you have to determine appropriately the scale and expected TPT for your traffic so that your organization can decide the appropriate device model for the task. Sophos also has a unified Management UI for managing all your firewalls in one place called Sophos Firewall Manager. Whether you like to deploy a full blown firewall appliance per site or RED devices, Sophos Firewall would most probably be one of your organizations top choice.
it_user3498pfSence will easily let you interconnect all 6 locations. It has a terrific GUI interface and fantastic tools for openvpn. The support guys are the best I have ever worked with. And once you master it, it is entirely free.
OsamaMunirGo for Fortinet Firewall, Its interface is very user friendly, multiple features and easy implementation low cost compared to other high-end firewalls and good technical support. At Corporate Headquarter analyze one of the following models. FG-200D FG-200E FG-300D FG-500D FG-600D At remote site following models are recommended FG/FWF-30E FG/FWF-50E FG/FWF-60D FG/FWF-60E FG-80D Specification can be compared on the following link. However please note the specs are for ideal situations. I recommend to analyze each specs by 1/3 factor for practical implementation. https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/Fortinet_Product_Matrix.pdf
Sign Up with Email