Firewalls Forum

Content Specialist
IT Central Station
May 11 2018
One of the most popular comparisons on IT Central Station is Fortinet FortiGate vs Sophos UTM. One of the users on our site says about Fortinet FortiGate, "A strong point of FortiGate is that the graphical interface is complete and easy to use, especially if we think there is a list of operations that we are able to perform inside." Another user says about Sophos UTM, "Brings greater visibility into the network traffic coming inside and passing away from the company." In your opinion, which is better and why? Thanks!
Maher AbdelshkourSophos and FortiGate are good solutions, but you need to know the advantages and disadvantages for each. Sophos is great as a visionary company, keeping up with IT Managers' requests for features within their products (specially Sophos SG Appliances and XG NGFWs). Their hardware addresses a constant situation where many competitors fail; they are scalable, and tough (SSDs Hard Drives, and Intel latest generation processors is about it). Sophos offers HIGH AVAILABILITY with just 1 license. While other vendors, try to squeeze the companies for every penny, Sophos address that issue, and is honest about it: They deliver High Availability in Active/Passive mode, with two identical hardware options, with just one license. ((Pros.)) 1 • Scalability, if you needed HA in Active/Passive Mode, but need more throughput during certain periods when the parameters change (i.e. number of users, or Internet bandwidth growth) you can always license the second one and it will behave as a Cluster in Active/Active mode in just 2 minutes, with no downtime. 2 • Delivers great WebGUI management, which is easily understandable by every IT Professional 3 • Worldwide RMA, gosh! If you have any kind of issue with your hardware, Sophos will deliver it to your business door, at no cost, with a return label for you to ship the damaged or faulty device back. No questions asked. 4 • Constant visionary technology, with out of this world new features. ((Cons.)) 1• Better standard support, it used to be great, now, not so much (for paying customers, that only aquired the Hardware) 2• Better wireless solution, there is always room for that, now that everybody needs robust wifi, even at home! 3• Faster and more robust wireless Access Points, or different vendor-like compatibility. Fortinet FortiGate needs a very low maintenance and easy to upgrade and its rich feature set and robust monitoring have made this product almost fun to use. ((Pros.)) 1 • VPN client is easy to use and can be customized for your organization. 2 • All features are enabled on the firewall with little to no impact on performance. 3• Easy to configure interface on the firewall but also has a command line available for high level admins. 4• Excellent technical support department - very quick response time. 5• Pricing was amazing compared to peers. ((Cons.)) 1 • Prepare for terrible support, hour long hold time for Level 1, and next-day call backs for Level 2 • Sales team is lacking information (type of licensing, hardware model, etc). Make sure you ask lots of questions. Now you have better information about both solutions and you decide which one is better for your needs.
reviewer175356I would like to strongly recommend for Fortinet products because of following reason. 1. if you go on Gartner Magic Quadrant for comparing the Security firewalls, you can easy get Fortinet is among leaders for maintaining network security features. Sophos does not come in picture. 2. there are multiple flavours of Fortinet products in market available. 3. Fortinet TAC support is good and having experienced TAC engineers to resolve issues. 4. Fortinet firewall comes with nextgen firewall features which can amplify security posture. 5. Security updates received from Fortinet much better and they release as soon as any outbreak noticed.
Jeff StutzmanI have no real experience with Sophos, but can comment on Fortigate. I'm a huge fan of both Meraki and Fortigate. Meraki is used for more hands-off approaches while Fortigate is used for those times when I need greater granularity in control. The boxes are priced out about the same, but while both machines are packed with features, the Fortigates offer more control.
Apr 25 2018
Can I please get feedback on which of these three Firewall products are the best? Is there another product you would recommend?
reviewer230721Looks like WatchGuard is doing a really bad job in it's marketing, as it's in many aspects superior to other firewall vendors - when you are really into security and not just to have a box, that you will set up and forget. The biggest mistake in firewalling and security is that everyone just looks to have things as simple as possible, set them up and than never look back at them. Firewalls are not L2 switches! Still many would like to handle them as such. Big mistake. But there is no 'best' firewall. All good ones have advantages and disadvantages. It's pretty much like there is no 'best car'. You just have more and less popular ones and such that spend tons of money for marketing, to give you a fake sense of how good they are. Today it's easy to get demo/eval appliances. Instead of asking what others like, everyone should evaluate the different products out there and find out, what HE likes. Others don't have the same environment as you have, neither they have the same requirements, skills, experience. All this is critical for choosing the right firewall solution for your needs. There is a Gartner MQ released every year and there is the NSS Labs report. Should not be too difficult to find out, what solutions are worth to be evaluated. But please don't others let decide for you, what firewall you should be using!
Eric BurkeI've utilized both SonicWALL and Fortinet in many implementations over the years. Fortinet does a better job in large, multi-tenant deployments and has excellent stateful packet inspection throughput. If you're planning to do SSL decryption and inspection, SonicWALL is the way to go (and currently, the product we lead with). I've found SonicWALL to be easier to manage and have also found that if you're a GUI-oriented user, all of the features are there in the UI. On the Fortigate you'll often have to dig into the CLI to enable some features.
reviewer215406Out of these three firewalls I would, and have chosen Fortinet. Checkout NSS Labs for real world comparisons. I have been using Fortigates for 2 years now in HA configurations and have only once had to use the cli. Also updates and firmware upgrades never bring the network or internet down. These firewalls get new features added at no extra cost and the throughput is amazing. Buying the UTM bundles gets you all of the features you need and more. I heard about support issues but evertime i call i get routed to someone who knows how the features work and actually helps. We added a fortianalyzer and now we can see logs from all of the firewalls in one console and hold them for a year. Fortinet doesn't just manage their antivirus products they are the developers. These firewalls decrypt data on the fly and scan for viruses before it gets to your email, desktops or servers. Within the first week it caught ransomware within a yahoo email before it could infect our systems. We replaced our websense URL filtering with the URL filtering within the fortigates and never looked back. I could go on and on but the real tilt in Fortinets favor was it was near half the cost of similar features and functions PA had quoted. Write down what you want and then ask if the vendors have these included in their firewalls or if they have separate appliances that can do them. Every appliance has a latency cost associated with it. You might find that all three can do what you want then it will come down to the management of the firewalls and cost. Good luck.
Admin - IT Infrastructure, Networking ,Communications & Security at a manufacturing company with 501-1,000 employees
Apr 25 2018
We are planning to procure UTM along with end point solution. Primarily we have selected the following brands and models by going thru different reviews. SOPHOS XG 210 HW & SOPHOS XG 135 HW. FORTIGATE FG 100E & FORTIGATE FG 60E. Ours is a medium size organization with 100 desktops and 10 windows servers. We are using Exchange 2010 as our mailing solution. Our major objective is to protect external and internal threats including RANSOMWARE which may come thru E-Mail, Internet , Pen Drive, External Hard Disk. From the cost perspective, SOPHOS is cheaper.  Please help us to decide about the UTM .
Justin Twiss Hi guys, Not familiar with the Sophos units but definitely am with the Fortigates. For that size environment (100 users) – I’d recommend the 100E over the 60E especially if you’re looking at using the NGFW functionality (ie, UTM, Web Filtering, IPS and the like) – Additional head room in CPU and memory may not be important at the moment but it will be when the unit’s approaching end-of-life. We’ve found 60E’s are good for upto about 70 medium-to-heavy users – 100D’s (and now the 100E’s) are good for 100-200 users. Like all NGFW solutions – The total cost isn’t “the appliance” itself – Always look at the overall cost over the lifetime of the unit (3-5 years at most) inclusive of maintenance, bundling and the like. Specifically, units like the Palo Alto’s have a cheap upfront price, but when your annual renewal is >50% of the cost of a replacement unit, it very quickly adds up over the lifetime of the unit (especially if you need to bundle individual components separately like Web Filtering and IPS. (I’m looking at you Cisco!) Hope that helps, -JT
ramesh1923Here I would suggest your to go with Fortigate, The model 60E or 100 E is based on your throughput. 100 E is capable of handle 100 Mbps in realtime UTM traffic and 60E is capable of handle 40 Mbps UTM traffic. .
Milenko JakovljevicCan't tell about Sophos, but we have Fortinet firewall, and we are very pleased with the service and efficiency.I thinkt that it is worth the money we spent to put this in place. We tried Cisco firewall first , but service was just awful, the cisco partner could not even install the device and could not make it work with our network (took less than 2 hrs for Fortinet to install and configure everything we needed). With Fortinet you have great tech support, a LOT of "how to" videos so i can say that i am very happy with Fortinet.
Content Specialist
IT Central Station
Feb 27 2018
On a scale from 1-10, how would you rate Palo Alto Networks VM-Series and why?
Content Specialist
IT Central Station
Feb 26 2018
On a scale from 1-10, how would you rate Barracuda Networks NG Firewall and why?
Nick StaicuI have not used Barracuda NG. I would stick with a Fortinet or - depending on the budget and what quotes you get - with a WatchGuard or Sophos (it may also depend on previous experience). I have started my comparison from the Gartner Magic Quadrant for Unified Threat Management and reduced my list to Fortinet, Check Point, Sophos, Cisco, SonicWALL. I selected the models based on needs (current and in the next 2-3 years) also with help from technical representatives of the respective manufacturer. Then based on cost (actual lowest offers) (with 3 years support the Check Point was 4 times more expensive than Fortinet!), I have eliminated Check Point and Cisco. My final 3 were Fortinet, a new model of SonicWALL and Sophos. Reading actual reviews, support forums (check for memory leak!), and even from pricing, my choice was a new Fortinet (from the newer E series), with the UTM bundle and 3 years of support and updates, with Sophos XG as runner-up. For SonicWALL I got quotes from partners and from Dell, there is a part number for a competitive upgrade which gives 2 years of support instead of 1, (but still it was - with 2 years of support - more expensive than the Fortinet or Sophos with 3 years of support). Pay attention to real-life performance [so with site-to-site SSL, SSL VPN, full Deep Packet Inspection (DPI) and IPS activated at the same time (see in the test results the lowest throughput for that model, some data was hard to find)], at support, at initial cost with 3 years of support/updates and at support renewal costs. In my case Fortinet was the best (and it even had the lowest Max Power consumption). Fortinet has extra reporting add-ons if needed (like FortiCloud, FortiAnalyzer and for further more enterprise reporting - FortiSIEM, all nicely integrated). I am just an IT Manager and using the products, I don't work for any manufacturer/supplier.
Systems Manager at a non-profit with 201-500 employees
Which do you recommend? Cisco ASA 5516-X Security Appliance with FirePOWER Services or Fortinet  FG-100D-DBL?
Zaw AungI like both firewall but you should consider your team or yourself availability and resources to support the business. Cisco is better threw put, Fortigate is better interface management and easy to implementation than cisco. Hope it help.
Andreas Beuden@DataDeptMgr674 Sophos is the leader ? oh thats new for me. :) in real tests - we test all suppliers in front - Sophos failed every time. They have a big mouth.
Alvaro PicadoHi, Andreas. Thanks for your answer. Which firewall do you recommend?
System and Network Administrator at a insurance company with 1,001-5,000 employees
I am trying to pick between Palo Alto 5060 or Fortigate FG-1500D. Any input will be much appreciated. We have over 100 branches with non-PA, and non-FG firewalls and we are trying to pick 5 of those to act as a gateway to tunnel all branches of traffic to those firewalls.
Technical Support Engineer with 11-50 employees
Hello, I am new to Firewalls. Please give me a detailed comparison between Fortinate and Barracuda. 
System Administrator
What do you recommend for a firewall between Sonic Wall Tz500 and Fortinet FG-100E-BDL. I have two sites which are on different geographic locations and they are on two separate networks, one is production and the other is backup  and both are running web applications which are accessible to our clients through an ssl connection. We intend to develop a hot site to mirror production in order to minimize time for restoration of services in case of disaster. We are still going to keep our traditional backup site in spite of our intention to develop a private mini-cloud infrastructure. At the back of our minds we are thinking of creating a VPN for mirroring production to the hot site which will be located where our backup site infrastructure is currently housed.
owner at a tech services company
Can I use VPN, firewall and IPS on one device (the device being FirePower2100)?
Dennis Chow, MBAYes, but depends on your appliance. Sourcefire NGFW by itself is not a VPN device. It CAN serve as a traditional/L7 firewall + IPS. If you're using the new Cisco ASA modules + Sourcefire; you can do both but configuration is still separate. If you're looking for smaller deployments, perhaps a UTM may benefit you.
Business Analyst at
I have tried deploying applications on BW 5.x using TIBCO Administrator 5.x and it works just fine. But with the newer versions, TIBCO Administrator does not work. What can be done?
Which is the best and why? Comparisons would be appreciated.
Matthew TitcombeI have worked on PA, CP, & Fortinet. I found Fortinet to be the most capable and best common interface for overall usage. As stated above, I found PA's to be overpriced for what they give you. Based on my monitoring this sector, CP & PA are trying ot catch up to Fortinet's and Cisco's ecosystem approaches. Cisco's Ecosystem, since I brought it up, still requires a user to know too many different interfaces and leads to configuration issues. My recommendation is Fortinet.
John CrabtreeAre you limiting the results are a specific reason? The larger question here is what do they need? There is no one best, each one has a good pro and con list to compare. (do they need web filtering, geo ip blocking, layer 7 filtering, detail qos control, redundant link fail over, load balancing, client access, reports, automated reports, etc) There are a lot of open questions that can help anyone tailor what would be best to use. My personal experience with those mentioned is to go with Palo Alto. It has a good rock solid and stable OS and can be configured to most anything your client would need. Fortinet's: The OS has many issues with memory even when you over spec the unit. You will find yourself having to restart it pretty often. It does have a decent configuration gui. (My personal opinion unless it's a OS/Firmware upgrade the unit should never need rebooted). Check Point: At least the units I have had the wonderful time working with, have been very "finicky", granted the last one I seen was about two years ago now, which imo is a good thing. I was not impressed. Firewalls I did not see mentioned Cisco ASA/Firepower, Cisco Meraki, SonicWall, PFSense, Adtran. I do like the Cisco Units, though not for the faint of heart. Even the new ones you will find yourself in the shell often. That said there is a reason that most Datacenters use them, they have been around a long time and know how to build a good product. Meraki: These have surprised me. They are as good as the Palo Alto FWs and the recent (time is relative) acquisition of OpenDNS/Umbrella into their security stack is a good blend. Easy to configure, A good option if the client will be in the FW making changes. When Paired with other Meraki units the Single Pane of Glass configuration is a plus. The Reporting is a nice feature with the ability to alert on. The Layer 7 Filtering and QOS is super well thought out. Really, really easy to configure. I can walk most anyone through a setup. SonicWall: Just mentioning their name gives me headaches. Even after Dell purchased them the product isn't any better again just my opinion. They are easy to setup, and that is all I will give them. PFSense: I love OpenSource products, PFSense has a good plugin list and is easy to make your own. It is not for everyone. The recent last few firmware/OS upgrades introduced a better gui interface. Rock Solid (as long as you have good hardware.) They just work. You will however need to know the product well. Some configuration places can be confusing. Such as setting up Traffic Shaping is not as simple as in the others, "in a click of a button". Adtran: Adtran does not get mentioned enough. These units are good and do exactly what they are told. Never have to be rebooted unless you upgrading the firmware/os on the units. They are fast and as the phrase goes "they just work". The GUI is still a little dated when compared to others in the market, Once you get use to it though your golden. The Shell is near identical to the Cisco, so for Cisco guys it's an easy go between. They started out as a Voice vendor product, as you know voice is never allowed to go down and that is how their switches, routers, etc are. So to recap: It depends on what you want to do. In your original list, The Palo Alto is the winner. If you want to Expand it to the larger list I would say the Meraki if you want a good gui experience and support. If you just want it to work with a ton of no extra cost add-ons the PFSense is the next option if you're willing to put the effort into learning it inside and out, which only the hardcore guys seem to do.
TeresaHi, It's very hard to compare brand name of firewalls and you did not clarify specific models. Normally, an IT is often using a firewall and suggest that brand name. Actually, it will depend on what bundle of service you choose in each brand name of firewall. Of course, Palo Alto - it's worth it. My suggestion is base on your requirement of security and your budget, then read the specs of each brand name and choose whether the firewall is right to your network.
Managing Director at a tech company with 51-200 employees
We would like to integrate Meraki MX100 with Alcatel switches (which use command-line for configuration). Is it complicated? If you're experienced in Meraki MX solutions, please contact me soon. Thanks & Cheers.
Joel CastellanosWith a good diagram and keeping in mind the whole routing part, it is really simple configuration, I have no knowledge on Alcatel switches but you will not have any problems for compatibility ...
Information Technology Manager at a healthcare company with 51-200 employees
I have a web-based firewall solution from our telecom vendor which is not user friendly nor does it show you the traffic on the firewall.I have six geographically dispersed locations. What do you recommend for a corporate firewall implementation? 
sgelbandpfSence will easily let you interconnect all 6 locations. It has a terrific GUI interface and fantastic tools for openvpn. The support guys are the best I have ever worked with. And once you master it, it is entirely free.
Irvin GaerlanI would recommend Sophos UTM9. We've been using it for more than 2 years and it's stable. Although Sophos is already recommending their newest XG line the UTM9 version is very stable and still has a large community support. The UI is intuitive and features are up to par for your most demanding policy enforcement. Like all the posts before, you have to determine appropriately the scale and expected TPT for your traffic so that your organization can decide the appropriate device model for the task. Sophos also has a unified Management UI for managing all your firewalls in one place called Sophos Firewall Manager. Whether you like to deploy a full blown firewall appliance per site or RED devices, Sophos Firewall would most probably be one of your organizations top choice.
Cristian MenghiHi, I'm a big fan of opensource solution, now i'm very satisfied with pfsense ( you can use your own hw or buy some appliance from ( sponsor of pfsense) Other payed solution can be Mikrotik (is a linux base), Ubiquiti or Fortinet
How has Ransomware been attacked(Source) and how it can be controlled? Give me the best solution.
Tell me which firewall is best. 
Lead - Network and Security Operations with 5,001-10,000 employees
Currently I have Fortinet FortiGate at perimeter level. I am looking for enhanced security at perimeter level. Should I go with Fortinet FortiGate or Palo Alto Networks WildFire?
I have 500 users in my environment and my environment is MAC based mostly. Looking for a firewall that integrates well with directory services along with scalability and ease of use. 
Director Human Resources with 201-500 employees
We only require Internet distribution for our students and staff.
Systems Engineer at a tech services company with 51-200 employees
Hello, Is there an existing review about the Endian firewall community?

Sign Up with Email