Firewalls Forum

Ad84c32d 0949 42fe 8748 9a7444b3a48b avatar
Content Specialist
IT Central Station
Feb 27 2018
On a scale from 1-10, how would you rate Palo Alto Networks VM-Series and why?
Ad84c32d 0949 42fe 8748 9a7444b3a48b avatar
Content Specialist
IT Central Station
Feb 26 2018
On a scale from 1-10, how would you rate Barracuda Networks NG Firewall and why?
Anonymous avatar x30
Nick StaicuI have not used Barracuda NG. I would stick with a Fortinet or - depending on the budget and what quotes you get - with a WatchGuard or Sophos (it may also depend on previous experience). I have started my comparison from the Gartner Magic Quadrant for Unified Threat Management and reduced my list to Fortinet, Check Point, Sophos, Cisco, SonicWALL. I selected the models based on needs (current and in the next 2-3 years) also with help from technical representatives of the respective manufacturer. Then based on cost (actual lowest offers) (with 3 years support the Check Point was 4 times more expensive than Fortinet!), I have eliminated Check Point and Cisco. My final 3 were Fortinet, a new model of SonicWALL and Sophos. Reading actual reviews, support forums (check for memory leak!), and even from pricing, my choice was a new Fortinet (from the newer E series), with the UTM bundle and 3 years of support and updates, with Sophos XG as runner-up. For SonicWALL I got quotes from partners and from Dell, there is a part number for a competitive upgrade which gives 2 years of support instead of 1, (but still it was - with 2 years of support - more expensive than the Fortinet or Sophos with 3 years of support). Pay attention to real-life performance [so with site-to-site SSL, SSL VPN, full Deep Packet Inspection (DPI) and IPS activated at the same time (see in the test results the lowest throughput for that model, some data was hard to find)], at support, at initial cost with 3 years of support/updates and at support renewal costs. In my case Fortinet was the best (and it even had the lowest Max Power consumption). Fortinet has extra reporting add-ons if needed (like FortiCloud, FortiAnalyzer and for further more enterprise reporting - FortiSIEM, all nicely integrated). I am just an IT Manager and using the products, I don't work for any manufacturer/supplier.
Dec 20 2017
Can I please get feedback on which of these three Firewall products are the best? Is there another product you would recommend?
Da3ee7f3 7241 4a69 a412 69dcc67c8265 avatar
Eric BurkeI've utilized both SonicWALL and Fortinet in many implementations over the years. Fortinet does a better job in large, multi-tenant deployments and has excellent stateful packet inspection throughput. If you're planning to do SSL decryption and inspection, SonicWALL is the way to go (and currently, the product we lead with). I've found SonicWALL to be easier to manage and have also found that if you're a GUI-oriented user, all of the features are there in the UI. On the Fortigate you'll often have to dig into the CLI to enable some features.
Anonymous avatar x30
reviewer215406Out of these three firewalls I would, and have chosen Fortinet. Checkout NSS Labs for real world comparisons. I have been using Fortigates for 2 years now in HA configurations and have only once had to use the cli. Also updates and firmware upgrades never bring the network or internet down. These firewalls get new features added at no extra cost and the throughput is amazing. Buying the UTM bundles gets you all of the features you need and more. I heard about support issues but evertime i call i get routed to someone who knows how the features work and actually helps. We added a fortianalyzer and now we can see logs from all of the firewalls in one console and hold them for a year. Fortinet doesn't just manage their antivirus products they are the developers. These firewalls decrypt data on the fly and scan for viruses before it gets to your email, desktops or servers. Within the first week it caught ransomware within a yahoo email before it could infect our systems. We replaced our websense URL filtering with the URL filtering within the fortigates and never looked back. I could go on and on but the real tilt in Fortinets favor was it was near half the cost of similar features and functions PA had quoted. Write down what you want and then ask if the vendors have these included in their firewalls or if they have separate appliances that can do them. Every appliance has a latency cost associated with it. You might find that all three can do what you want then it will come down to the management of the firewalls and cost. Good luck.
Anonymous avatar x30
Ian MothersillFortinet is a good option, the interesting thing with them is all the other bits you can add. Many of these such as email protection, Sandbox, edge device protection (anti-virus, VPN Connector for PCs), tokens (electronic or hardware), switches, Wireless Access Points all talk to each other so the Fortinet security umbrella covers them as well. Fortinet has a SIEM as well. Whatever you buy, get training on it. Also, evaluate the reseller's ability to do an install. Some folks just sell the product, other also know how to install - buy from the latter, and get some Pro Services for the installation. I have always thought Barracuda's marketing was better than the products (it is very good marketing) and SonicWALL R&D suffered under Dell, and I don't know that it is any better now they are owned by an Investment house.
Anonymous avatar x80
Systems Manager at a non-profit with 201-500 employees
Dec 14 2017
Which do you recommend? Cisco ASA 5516-X Security Appliance with FirePOWER Services or Fortinet  FG-100D-DBL?
0f856f41 22ea 4a40 ab75 624d792c5578 avatar?1442326546
Zaw AungI like both firewall but you should consider your team or yourself availability and resources to support the business. Cisco is better threw put, Fortigate is better interface management and easy to implementation than cisco. Hope it help.
9f0c3eb0 03bd 47a8 9732 0d5817bd3de8 avatar
Andreas Beuden@DataDeptMgr674 Sophos is the leader ? oh thats new for me. :) in real tests - we test all suppliers in front - Sophos failed every time. They have a big mouth.
Anonymous avatar x30
Alvaro PicadoHi, Andreas. Thanks for your answer. Which firewall do you recommend?
3bd573ec e94f 4908 bd98 5d95903f037f avatar
System and Network Administrator at a insurance company with 1,001-5,000 employees
Nov 02 2017
I am trying to pick between Palo Alto 5060 or Fortigate FG-1500D. Any input will be much appreciated. We have over 100 branches with non-PA, and non-FG firewalls and we are trying to pick 5 of those to act as a gateway to tunnel all branches of traffic to those firewalls.
Anonymous avatar x80
Technical Support Engineer with 11-50 employees
Nov 01 2017
Hello, I am new to Firewalls. Please give me a detailed comparison between Fortinate and Barracuda. 
E7ec04e8 9082 4e0c a5d2 5fe817c5f0d3 avatar
Admin - IT Infrastructure, Networking ,Communications & Security at a manufacturing company with 501-1,000 employees
Nov 01 2017
We are planning to procure UTM along with end point solution. Primarily we have selected the following brands and models by going thru different reviews. SOPHOS XG 210 HW & SOPHOS XG 135 HW. FORTIGATE FG 100E & FORTIGATE FG 60E. Ours is a medium size organization with 100 desktops and 10 windows servers. We are using Exchange 2010 as our mailing solution. Our major objective is to protect external and internal threats including RANSOMWARE which may come thru E-Mail, Internet , Pen Drive, External Hard Disk. From the cost perspective, SOPHOS is cheaper.  Please help us to decide about the UTM .
Ed002aed 918b 4329 9e9c 0d734ce0ab0a avatar
ramesh1923Here I would suggest your to go with Fortigate, The model 60E or 100 E is based on your throughput. 100 E is capable of handle 100 Mbps in realtime UTM traffic and 60E is capable of handle 40 Mbps UTM traffic. .
Anonymous avatar x30
Milenko JakovljevicCan't tell about Sophos, but we have Fortinet firewall, and we are very pleased with the service and efficiency.I thinkt that it is worth the money we spent to put this in place. We tried Cisco firewall first , but service was just awful, the cisco partner could not even install the device and could not make it work with our network (took less than 2 hrs for Fortinet to install and configure everything we needed). With Fortinet you have great tech support, a LOT of "how to" videos so i can say that i am very happy with Fortinet.
Anonymous avatar x30
Leko FordThe Gartner Magic Quadrant report for 2017 list the Fortigate much higher than the Sophos. The Fortigate is listed as a Leader with Palo Alto and Check Point. The Sophos is listed in Visonaries category which is third on the list. With that being said, we have been very happy with our decision to buy Fortigates. We bought two in failover mode.
Anonymous avatar x80
System Administrator
Nov 01 2017
What do you recommend for a firewall between Sonic Wall Tz500 and Fortinet FG-100E-BDL. I have two sites which are on different geographic locations and they are on two separate networks, one is production and the other is backup  and both are running web applications which are accessible to our clients through an ssl connection. We intend to develop a hot site to mirror production in order to minimize time for restoration of services in case of disaster. We are still going to keep our traditional backup site in spite of our intention to develop a private mini-cloud infrastructure. At the back of our minds we are thinking of creating a VPN for mirroring production to the hot site which will be located where our backup site infrastructure is currently housed.
Anonymous avatar x80
owner at a tech services company
Nov 01 2017
Can I use VPN, firewall and IPS on one device (the device being FirePower2100)?
0ef9c78a 7f33 4775 81fd 559e4ac80a8a avatar
Dennis Chow, MBAYes, but depends on your appliance. Sourcefire NGFW by itself is not a VPN device. It CAN serve as a traditional/L7 firewall + IPS. If you're using the new Cisco ASA modules + Sourcefire; you can do both but configuration is still separate. If you're looking for smaller deployments, perhaps a UTM may benefit you.
4167037e f783 4d65 969d f592d3ea9082 avatar
Business Analyst at
Oct 26 2017
I have tried deploying applications on BW 5.x using TIBCO Administrator 5.x and it works just fine. But with the newer versions, TIBCO Administrator does not work. What can be done?
Oct 04 2017
Which is the best and why? Comparisons would be appreciated.
52b84604 4fad 4d47 b3a9 7f286b21de76 avatar
Matthew TitcombeI have worked on PA, CP, & Fortinet. I found Fortinet to be the most capable and best common interface for overall usage. As stated above, I found PA's to be overpriced for what they give you. Based on my monitoring this sector, CP & PA are trying ot catch up to Fortinet's and Cisco's ecosystem approaches. Cisco's Ecosystem, since I brought it up, still requires a user to know too many different interfaces and leads to configuration issues. My recommendation is Fortinet.
Ced7fc90 c30f 493b 8624 32b80dc6c689 avatar?1455551175
John CrabtreeAre you limiting the results are a specific reason? The larger question here is what do they need? There is no one best, each one has a good pro and con list to compare. (do they need web filtering, geo ip blocking, layer 7 filtering, detail qos control, redundant link fail over, load balancing, client access, reports, automated reports, etc) There are a lot of open questions that can help anyone tailor what would be best to use. My personal experience with those mentioned is to go with Palo Alto. It has a good rock solid and stable OS and can be configured to most anything your client would need. Fortinet's: The OS has many issues with memory even when you over spec the unit. You will find yourself having to restart it pretty often. It does have a decent configuration gui. (My personal opinion unless it's a OS/Firmware upgrade the unit should never need rebooted). Check Point: At least the units I have had the wonderful time working with, have been very "finicky", granted the last one I seen was about two years ago now, which imo is a good thing. I was not impressed. Firewalls I did not see mentioned Cisco ASA/Firepower, Cisco Meraki, SonicWall, PFSense, Adtran. I do like the Cisco Units, though not for the faint of heart. Even the new ones you will find yourself in the shell often. That said there is a reason that most Datacenters use them, they have been around a long time and know how to build a good product. Meraki: These have surprised me. They are as good as the Palo Alto FWs and the recent (time is relative) acquisition of OpenDNS/Umbrella into their security stack is a good blend. Easy to configure, A good option if the client will be in the FW making changes. When Paired with other Meraki units the Single Pane of Glass configuration is a plus. The Reporting is a nice feature with the ability to alert on. The Layer 7 Filtering and QOS is super well thought out. Really, really easy to configure. I can walk most anyone through a setup. SonicWall: Just mentioning their name gives me headaches. Even after Dell purchased them the product isn't any better again just my opinion. They are easy to setup, and that is all I will give them. PFSense: I love OpenSource products, PFSense has a good plugin list and is easy to make your own. It is not for everyone. The recent last few firmware/OS upgrades introduced a better gui interface. Rock Solid (as long as you have good hardware.) They just work. You will however need to know the product well. Some configuration places can be confusing. Such as setting up Traffic Shaping is not as simple as in the others, "in a click of a button". Adtran: Adtran does not get mentioned enough. These units are good and do exactly what they are told. Never have to be rebooted unless you upgrading the firmware/os on the units. They are fast and as the phrase goes "they just work". The GUI is still a little dated when compared to others in the market, Once you get use to it though your golden. The Shell is near identical to the Cisco, so for Cisco guys it's an easy go between. They started out as a Voice vendor product, as you know voice is never allowed to go down and that is how their switches, routers, etc are. So to recap: It depends on what you want to do. In your original list, The Palo Alto is the winner. If you want to Expand it to the larger list I would say the Meraki if you want a good gui experience and support. If you just want it to work with a ton of no extra cost add-ons the PFSense is the next option if you're willing to put the effort into learning it inside and out, which only the hardcore guys seem to do.
Anonymous avatar x30
TeresaHi, It's very hard to compare brand name of firewalls and you did not clarify specific models. Normally, an IT is often using a firewall and suggest that brand name. Actually, it will depend on what bundle of service you choose in each brand name of firewall. Of course, Palo Alto - it's worth it. My suggestion is base on your requirement of security and your budget, then read the specs of each brand name and choose whether the firewall is right to your network.
774509c7 4825 4b74 812e d2f7d2f749d0 avatar
Managing Director at a tech vendor with 51-200 employees
We would like to integrate Meraki MX100 with Alcatel switches (which use command-line for configuration). Is it complicated? If you're experienced in Meraki MX solutions, please contact me soon. Thanks & Cheers.
810e535d 374a 419a 9e8b 615a5c1c3b89 avatar
Joel CastellanosWith a good diagram and keeping in mind the whole routing part, it is really simple configuration, I have no knowledge on Alcatel switches but you will not have any problems for compatibility ...
7909ab29 ac8e 4ff2 8999 abadf097e2d4 avatar
Information Technology Manager at a healthcare company with 51-200 employees
I have a web-based firewall solution from our telecom vendor which is not user friendly nor does it show you the traffic on the firewall.I have six geographically dispersed locations. What do you recommend for a corporate firewall implementation? 
Anonymous avatar x30
sgelbandpfSence will easily let you interconnect all 6 locations. It has a terrific GUI interface and fantastic tools for openvpn. The support guys are the best I have ever worked with. And once you master it, it is entirely free.
16801ec5 c7e3 4a52 9cb2 7d7bd3f07ca8 avatar?1450528545
Irvin GaerlanI would recommend Sophos UTM9. We've been using it for more than 2 years and it's stable. Although Sophos is already recommending their newest XG line the UTM9 version is very stable and still has a large community support. The UI is intuitive and features are up to par for your most demanding policy enforcement. Like all the posts before, you have to determine appropriately the scale and expected TPT for your traffic so that your organization can decide the appropriate device model for the task. Sophos also has a unified Management UI for managing all your firewalls in one place called Sophos Firewall Manager. Whether you like to deploy a full blown firewall appliance per site or RED devices, Sophos Firewall would most probably be one of your organizations top choice.
9cc30f74 9288 49cc 8267 c2f105353afa avatar
Cristian MenghiHi, I'm a big fan of opensource solution, now i'm very satisfied with pfsense ( you can use your own hw or buy some appliance from ( sponsor of pfsense) Other payed solution can be Mikrotik (is a linux base), Ubiquiti or Fortinet
Anonymous avatar x80
How has Ransomware been attacked(Source) and how it can be controlled? Give me the best solution.
Tell me which firewall is best. 
Anonymous avatar x80
Lead - Network and Security Operations with 5,001-10,000 employees
Currently I have Fortinet FortiGate at perimeter level. I am looking for enhanced security at perimeter level. Should I go with Fortinet FortiGate or Palo Alto Networks WildFire?
I have 500 users in my environment and my environment is MAC based mostly. Looking for a firewall that integrates well with directory services along with scalability and ease of use. 
Anonymous avatar x80
Director Human Resources with 201-500 employees
We only require Internet distribution for our students and staff.
86b25e27 b87c 44c5 bc5f 8e1c97e6f88c avatar
Systems Engineer at a tech services company with 51-200 employees
Hello, Is there an existing review about the Endian firewall community?
Anonymous avatar x80
I'm looking to hear about the advantages of Palo Alto over Cisco ASA FirePOWER.

Sign Up with Email