Firewalls Forum

B Putnam
Owner at a retailer with 1-10 employees
Apr 19 2021

I am the owner of a retailer company with 1-10 employees. 

We host websites on Windows 2008 R2 servers and Norton Business Protection. We are looking for recommendations for the best network firewall.

Thanks! I appreciate the help.

Stuart BermanGood commercial firewalls take a degree of expertise that small businesses rarely possess, for that reason, I would look for a managed security services provider that specializes in the SMB retail market. They should be able to do it affordably and with solid expertise. They should support Fortinet or Palo Alto Network firewalls which are the current gold standard for Next-Generation Firewall. You should also look at upgrading your Windows 2008 servers as they are end of life and tough to protect today.
Luis Apodaca1-10 employees., it's not that big, you should try the Unifi Platform from the Ubiquiti brand, it is a bargain for the price and resource you can manage, and the better for you is you don't have to pay licencing, you only pay the hardware an the IT for implement the solution.
JoshuaThumsFor your businesses that are under 50 employees but still require enterprise-class security, insight into traffic and ease of management, I usually point people to Cisco Meraki products. For businesses with relatively few users, these products are very simple to set up and usually do not require network admins or engineers to set up successfully and securely.
Vinoth Rajan
User at Viroka
Apr 01 2021

Hi, 

I'm looking for a technical comparison between Sophos XG550 and Fortinet FortiGate 600E.

Please assist,

Thanks 

Ariel Lindenfeld
Sr. Director of Community
IT Central Station
Mar 17 2021
Let the community know what you think. Share your opinions now!
Simon CoombsComprehensive protection, reliability, straightforward administration, total cost of ownership over three to five years.
it_user339975Awesome answers all around! The most important aspect to look for is relative to one question: How informed are you with the actual needs of your network? Overall I think there are too many specific details to choose any one primary aspect when selecting a security appliance and/or firewall device based on functionality alone. Any company that is online and running with proven technology has offered a solution that meets the minimum standard for most situations and customers. However some do perform better than others in certain environments and this depends on the needs of the network and resources. Firewalls fulfill one general role in the network: the protection of key resources. This can be expanded upon in a number of ways but the idea is the same all the time; the protection of key resources and the inspection of traffic in and out of these resources. That being the case, it would require in depth research based on specific needs and see how that relates to the network in question when selecting a device. The one aspect that will always matter regardless of the device capability is Integration and Administration. Although customer support from the vendor is extremely important, the first line of response will always be the in-house technical resource. - How easily can I role this out? - Am I replacing a pre-existing device or adding this in tandem? - Do I have people who can manage this device currently and if not, can they be trained easily? - If I have a single admin/engineer who manages this device and they leave the company, how easy is it to find another qualified person? I think these aspects and questions matter a great deal. Regardless of specific strengths for a single device, if that device cannot be installed easily or managed easily, that equals more confusion and downtime which usually means a loss of money. When considering a new firewall device or security appliance, I encourage my clients to review their short and long term goals before allowing too much time in debate over which device is better.
Girish VyasThere are already some good answers about it but this is what I understand for a firewall. It is a luxury when compared in a networking domain. So basics first, we would need to suit your networking requirement. For this you need to settle down for Vendor whom you need to buy this firewall. From an organization level, Try to get a best deal. Now from networking perspective, take that spec sheet out and look for the models they offer and see which one fits your network. I mean check the throughput of the firewall. Can it handle the load you are going to push it through ? Ok so you got your vendor and the model but wait let's see that spec sheet again. Why? The features. Yes the features are also important as everyone already pointed it out. You need to compare the feature and see if it meets your organization policy. Most of the firewalls have all that is required for an organization. This includes but not limited to deployment mode, high availability, application visibility, custom application definition, central management (required if you have more than one firewall to standardize your policy), Throughput post going through IPS / URLF, SSL VPN capability (I don't want to spend more to get this new extra feature right), IPSEC VPN, and others. The core of deploying the firewall is the throughput. I don't know how to emphasize more on that. Once you get this checklist complete. I believe you are good to purchase a firewall for your organization. I would request people to try these firewalls on the VM instance for demo and see how they function. Check with your vendor for demo. This is to ensure that your IT engineer is comfortable with the look and feel as he is the one going to handle your firewall right ? All the best ! on getting a new firewall.
Chandraprakash Pandey
User at Haribhakti & Co LLP
Mar 15 2021

Hi,

I am from an Auditing organization.

We are looking to have a firewall using which we can have the VPN for our users [currently WFH].

Please suggest the best firewalls currently in the market to choose from.

Javier MedinaYou need to know the apps and bandwith that your users will need to calculare the trhowoutput of the interfaces, that is more about sizing rather than brand, but the sophos vpn client is very light and easy to install
Javier MedinaIn addition i can tell that you can use 2FA for free with the sophos authenticator and enabling OTP for your vpn remote ssl users, also there are some other vpn awesome features like html5 and rdp over vpn so you dont need to publish or port forwarding makin  you network more secure.
Rias MajeedYou can use fortinet Firewall SSLVPN as well ipsec vpn.   If you tell me what are services need to accessed by remote users.  I suggest you the correct model.  nevertheless it has to be 600 Series or above.  And you need have enough upload speed.
Nirmal Unagar
Cyber Security Intern at ECS BIZTECH PRIVATE LIMITED
Mar 06 2021

I'm researching Firewalls. Which NGFW do you recommend between Fortinet Fortigate and Cisco Firepower NGFW?

Thanks!

Fedayi Uzun
Cyber Security Analyst at CyberNow Labs
Jan 27 2021

I'm researching firewall options. What are the differences between Palo Alto and Cisco Firewalls solutions in terms of advantages, disadvantages, usage and practices?

reviewer1461459There are some major differentiators that make Palo Alto more preferable. First of all Palo Alto's Hardware is FPGA based, which has no parallel. Due to this capability it supports SP3 technology which provides single pass parallel processing architecture. This means PA processes traffic through all the engines i.e. application, IPS and others simultaneously. This improves resiliency and provides exactly the same throughput which committed in PA data sheet. PA has been in the leaders magic quadrant of Gartner for the 7th consecutive time in a row, which shows its block capability is above power. Moreover, it is very user friendly and easy for configure. Palo  Alto provides all routing features plus IPsec tunnels without any license - license subscriptions are only required for security bundles. Palo Alto has on-box (without any additional license or cost) reporting capability that no other firewall has at the moment. On the contrary, Cisco Firewall and its management center is not stable and lacks user friendly operations.
Philippe PanardieWell they are two leaders, one from US, another from Israel. Checkpoint is the first well known firm to launch firewalls. Palo Alto is certainly now the leader, but could be expensive in strong configurations. It supports virtualization very well and is number one for reporting. Checkpoint NGFW is strong but under competition for high volumes when compared referred to a comparable appliance (Fortinet for instance). It needs perhaps more technical knowledge to administrate, in spite of an amazing choice of blades in the NGFW offering. The reliability depends on your partner or integrator and a good definition of needs to have a proper sizing of your equipment.
Kirtikumar PatelPalo Alto has more visibilities and control instead of Cisco Firewall.
Sirag Elnour
User at MASAD
Jan 27 2021

I'm researching Firewalls. Can anyone recommend NGFW solutions that are compatible with Azure?

Tilovi Snow
User at loopsnow
Jan 20 2021

I need help comparing firewall devices. Can anyone give me some advice on how to go about doing a comparison?

Thanks!

Rony_Sklar
IT Central Station
Jan 13 2021

There are many cybersecurity tools available, but some aren't doing the job that they should be doing. 

What are some of the threats that may be associated with using 'fake' cybersecurity tools?

What can people do to ensure that they're using a tool that actually does what it says it does?

SimonClark Dan Doggendorf gave sound advice. Whilst some of the free or cheap platforms will provide valuable information and protection, your security strategy has to be layered. Understand what you want to protect and from whom. At some point you will need to spend money but how do you know where to spend it? There are over 5,000 security vendors to choose from. There is no silver bullet and throwing money at it won’t necessarily fix what you are at risk from but at the same time free products are free for a reason. If your organisation doesn’t have a large team of security experts to research the market and build labs then you need to get outside advice. Good Cyber-advisors will understand your business and network architecture therefore will ask the right questions to help you to navigate the plethora of vendors and find the ones that are right for where your business is now and where you intend it to be in the future. Large IT resellers will sell you what they have in their catalogues based on what you ask for and give a healthy discount too but that may not fix the specific risks your business is vulnerable to. A consultative approach is required for such critical decisions. By the way, there are free security products and services that I recommend.
Dan DoggendorfThe biggest threat is risks you think you have managed are not managed at all so you and your executive team have a completely false sense of security.  This is even worse than not having any tool in place.  With no tool in place, you at least know you have a vulnerability. There several ways to ensure a tool is doing what it is supposed to do. 1. Product Selection - when selecting a tool, do not focus on what a tool can do.  Focus on what you want the tool to do.  You drive the direction of the sales demo, not the sales team. 2. Product Implementation - use professional services to implement and configure the solution.  Your team should be right there with them as a knowledge transfer session but the professional who installs and configures the product every day should drive the install, not someone who wants to learn. 3. Trusted Partners - find yourself a trusted partner(s) who can help guide you.  This should consist of product testing labs partners, advisors who live and breathe the space daily, and resellers with a strong engineering team.
Javier MedinaYou should build a lab, try the tools and analyze the traffic and behavior with a traffic analizer like wireshark and any sandbox or edr that shows you what the tools do, but all this should be outside your production environment, use tools that has been released by the company provider and not third party downloads or unknown or untrusted sources.
Rony_Sklar
IT Central Station
Jan 05 2021

There seems to be some controversy around whether or not SSL Inspection should be used by businesses. What is your opinion - should they be used, and if so when? Conversely, what are reasons for not using SSL inspection?

Bruce BennettI am a proponent of SSL inspection, as long as you have another function/service that is evaluating that traffic like URL filtering or DLP. The biggest reason I have seen is that all sites are going to https, so there is no granularity for URL filtering unless you are doing SSL inspection. Most URL filtering can categorize based on the full URI, but without SSL inspection you will only see the base. Example, without SSL your services will only see "www.itcentralstation.com" going to this page. With SSL inspection you will see the full URL, "www.itcentralstation.com/questions/when-should-companies-use-ssl-inspection?...", giving the URL filtering service more information to categorize. Another good example are blog sites. without the SSL inspection, all the blogs look the same, with inspection the ones that you want to block can be identified. Where not to use SSL inspection, in personal related destinations like health, banking and sites that fall into similar HIPA and PII categories.  One thing you will run into with SSL inspection is that some sites, especially security related sites, will have issues with the "man in the middle" generally used for SSL inspection, so you will run into issues where you have to bypass sites like this as well.
David StoreySSL Inspection is great for corporate/organizational security as it allows you visibility into the traffic going across the network. It can also break access to some sites as it is technically a man-in-the-middle. (Anything requiring certificate authentication.) If you're going to do it, you really need a login banner for your systems that advises users that their activities are being monitored. You'll also need to install certificates on people's PC's. This won't work for guest users. I wouldn't store decrypted content though as you will have to safeguard that data as it will contain sensitive information. (Is it really worth the risk?)
Phillip PeermanAs more Internet traffic is encrypted each day at some point the majority of Internet traffic will be encrypted. SSL inspection is needed when a business needs to audit what their users are doing on the Internet. Cost and complexity are the largest reasons to not perform SSL inspection, especially on the network edge. I'm not a huge proponent of performing SSL inspection at the network edge. Most solutions performance levels drops off the face of the planet when enabled and it is complex to setup and maintain. I think the better solution for SSL inspection is to perform it on endpoint devices. This will be cheaper and less complex overall and provide SSL inspection on laptops even when they are not in the office.
Rony_Sklar
IT Central Station
Jan 05 2021

What are the benefits and drawbacks of using a cloud firewall? 

In which scenarios is using a cloud firewall recommended?

When is it not advisable to use a cloud firewall?

Phillip PeermanCloud firewalls are most beneficial in that they can be securely managed from anywhere with just a browser.  Drawbacks are cost (usually subscription based) and also usually not a fully featured as some enterprise solutions that are managed locally. MSPs or enterprises with a lot of remote offices benefit the most from a cloud solution. Managing multiple devices all from the same interface is a huge plus and saves time for the persons managing the devices. Managing cost may be the largest factor to avoid a cloud solution. Some users seem to have an allergic reaction to the subscription licensing model for a firewall. Cloud solutions are also typically not as mature as cloud solutions so for some high end enterprise solutions a non-cloud solution would be better. 
Ravindra Kumar
TD at NIC
Dec 29 2020

I work in a Tech Services company with less than 1,000 employees. I'm looking for a firewall to replace Cyberoam 200ing. Any suggestions?

Thanks.

Shyam BiswasDepending on budget, Palo Alto 3000 series will be very helpful. If you want to discuss more on this, please contact me.
AnnDeryckereWe can recommend Watchguard as a worthy alternative. Don't hesitate to contact me for more information 
Basil DangeCheck Fortinet. It provides faster l3 processing. Also with NGFW firewall you can get SDWAN features as well.
Rony_Sklar
IT Central Station
Nov 02 2020

With remote work having become the norm for many, what security should businesses have in place? Do you have suggestions of specific products that businesses should look at?

Philippe PanardieThere is not a single answer. In our company, we use only company devices for workers at home and VPN appropriate clients to control the internet flows towards our company firewall. A behavioral endpoint product is recommended. This product is likely to cooperate with your corporate signature-based antivirus. Any good product could be used in that way. We chose well known Israel products, combined with our standard US products, at that time.
Letsogile BaloiSecurity is a multi-layered problem and as always the human end is the weak layer Increasingly I believe the human layer-layer8 needs more attention. This requires getting the basics right. How are we allowing external devices into our networks? DO we own these devices? VPN Tunnels? Or are creating a virtual working place and focus on IAM?  This is BYOD on steroids and multiplies the attack zone. A line has to be drawn and a Trust Zone created. Traditional devices have native encryption so we allow them as trusted devices and use their native encryption. Then other policies are made. Does the employee have access to good internet(In Africa this is an issue) or do they have to go to a coffee shop or some such place? A good behavioral endpoint product will help. In some cases a company intranet. Microsoft teams are proving very accessible in Africa.
Omer MohammedWearing a mask while accessing your service is not a joke hardening tunneling protocols and uses the most updated one it's kind of like wearing masks.
Menachem D Pritzker
Director of Growth
IT Central Station

There are so many products in the market today. Who are we going to be talking about 3-5 years from now?

Fortweb677Netscope, Zscaler if they continue route they are on now. FIrewalls needs great deal of automation on each end, datacenter and endpoint. In between you have branch office. So blending EPP and firewall on enduser machine + blending branch office with datacenter firewall will take place. Sophos is doing something on SMB side which may simplify operations. However, they are yet to put big box in to data center and I believe they are due next year. Fortinet has lost itself in so many products. CP, PA missing some key products in unified portfolio.  So, Sophos, Netscope or Zscaler if they blend with some traditional vendor and integrate. 
Lipaz HesselWell with the SD-WAN raising it is common to see cloud firewall implementations, like ZScaler. but as data center firewall, I don’t see any new player comes out unless it will come with a new surprising feature as the market have so many good vendors.
Nehad ElkordiCisco Portfolio is focusing on total security inside and outside including cloud security,two factor authentication & SDWAN. Forti Portfolio is focusing on total security too inside and outside including cloud security & two factor authentication. both are working with Sandbox which is important for 0 day attack. Therefore If R&D for both vendors will keep as they are today i think they'll be market leaders and away by far for the next 5 years 
Charudatta Kulkarni
Head - UICT and Associate Professor at MIT Pune

I work in a small organization in the educational sector. 

We would like to extend firewall licenses, So we need to evaluate vendors. On what criteria/basis should we compare vendors and devices?

Jim BachaudA Firewall is only one brick in your cyber-security wall, if you will, but an important one. Considerations - you have endpoints (laptops) that may travel in and out of network, connecting to the internet while not on your local network. They have the potential to bring problems with them when they come back into the network, especially if they have been infected with a cryptolocker virus and have shared network drives when they reconnect. A firewall, no matter how good it is, won't protect you from this. Are you willing and budgeting for paying for license renewals every year? How much CyberSecurity are you going to put on your firewall, vs offloaded to other systems - spam management for email is a good example of this. What other security solutions are you also using, such as Barracuda email essentials, OpenDNS (Umbrella), file and image-level backups at the endpoint, enterprise grade AV, etc> Are you protecting application servers? Do you have compliance requirements such as HIPAA or PCI you have to manage? You've asked a very generic question, so the answers you get as to the criteria required to evaluate an appropriate solution will be just as generic. In the world of security, Sophos and Fortinet are very good solutions if you want the best of the best, and those aren't always the best solution for the application - if there's no servers, the endpoints (desktops and laptops) are hardened, everything is backed up, and there's no critical data floating around, then a reasonable firewall with great throughput like a Ubiquiti UDM Pro could be a great solution that doesn't ransom you for an annual license fee. In other words, without being more specific about your application, you're not going to get a lot of really useful responses here.
Nawaaz ToonahIn the educational sector, the main challenge is to have control over all content that students or educators will be accessing. We have many vendors that offer this service, a few examples will be Fortigate, Sonicwall, Cisco, and Sophos. Now it will depend on what aspect of firewall that you want to focus on if you want content filtering I would recommend going for Sophos. With Sophos, everything has been made simple to manage and not really need to be an expert to maintain this nice piece of technology.
Frank TheilenYou should defer on what purpose you want to use the firewall and who is supporting it. Means: If you like to use a firewall to protect the computer users from accessing the internet, you should look for integration with your other security aspects like AV, IPS, EMail Protection, classification service catalog, integration in Cloud-based management or SIEM, life protection with isolation or network disruption, reporting to fulfill certification audits like SOX, remote management and location awareness, SSL VPN Clients, access security with 2.nd factor, Active directory integrated security groups, other security products from the same vendor to extend portfolio but keep management in one tool, VPN to other branches, multi-vendor VPNs, throughput with all FW features in place, how many physical network ports you can configure internal/external, multi internet provider network ports to get redundant provider setups, failover or both at the same time, traffic management features to limit the traffic is due to application or service using it (VOIP, Netflix, ...). Also, you should think of what part this firewall takes in due to your other chain of security. Does it fit to them? Do you want to change them in the future as well? Last but not least is the amount of knowledge and support/maintenance the firewall solution would need. DO you want to keep/have an expert just for that? Is it going to be integrated into other management services (AV/Data Gov./Compliance), can you provide compliance access to the reports without compromising internal security? Can you restrict access to browsing or user history but grant access to security alarms and actions? If you have a security concept it should be easy to find the right FW. If not, start with that.
Sameer Mogale
Owner (Senior Systems Engineer) at 3Kay Solutions

Has anyone tested or is actively using the Seqrite range of UTM devices in production?

I just wanted an honest opinion about their performance and reliability.

www.seqrite.com

ChiragPanchalSeqrite is new entrant in the perimeter security. Hence not have much option on it, but yes Seqrite is doing good in EPP.
reviewer1232628Without knowing much about Seqrite, I can offer this advice: 1. Request (2) loaners for you to test out. Any sales team worth their salt will agree to this simple request, especially if it's going to be 30 days or less. 2. Use a Penetration and Vulnerability tool so you can determine if bad operators can easily break in. Keep this in mind for now and forever: If you sell a security service and your customer suffers from a number of attacks, any number at all, which leads to any kind of loss in productivity or intellectual property, they would consider it your fault, and you don't want that.
Ahmed Khattab KhattabNever heard about them. I’m not into UTMs anyway except for small companies with few number of users and low outbound/ inbound traffic
Srinivas_K
Sr. Network Engineer at Medha

We need a hardware firewall for 750-1000 users to provide restricted Internet access, business email access, and remote access for 300 users. Please suggest suitable models.

Aleksandar JovanovicPalo Alto PA820 with URL filtering, threat prevention and wildfire subscriptions, HA pair or spare device optional. If remote workers uses linux or android, you'll need a Global Protect licence also.
Syed Khalid AliThere are variety of product options such Cisco, Fortinet, Sophos, Sangfor or Palo Alto. And you may also need to consider other factors including: 1- Total available bandwidth (Internet + WAN + or any other) 2- What other inspection engines will you use other than the basic firewalling. For example: IPS, AV (or Anti-malware), URL, Sandbox, SSL etc... 3- New Sessions Per Second 4- Total/Concurrent Session As a baseline, you can begin with: 1- Fortinet 300E 2- Cisco FPR2110 3- Sangfor M5200/5250 4- Sophos XG210/230 Consider All-In-One subscription license, as it will cost less compared to individual subscriptions.
Stuart BermanAt a minimum I would recommend a Fortinet FG-100F The "F" series is their latest ASIC and it outperforms the E series by x4 or better. I like to oversize the firewalls to get more life out of them, although we usually use virtual appliances (FG-VM02v or greater) If I had to choose an older model would go with FG-600E or higher depending upon discount. The next higher F model is FG-1800F which is a beast and overkill.
Rony_Sklar
IT Central Station

Why or why not? If so, which are the best providers for this configuration?

PrideChiezaThat is very good question, for SIP we highly recommend using SIP security on the firewall this prevent issues with SIP attacks resulting in unknown phone calls being made from your PBX causing a high phone call bill that you didn't generate however in some cases when working with the Fortigate firewall and older versions of PBX you may need to disable this function its called SIP ALG (Application Layer Gateway) this usually cause problems with SIP VoIP phones registration and call processing but you need to make sure you only allow the PBX to only communicate with the specific voip server for security. Regarding to NAT Traversal it is mostly used when you have devices that are not SIP aware and the firewall is then used to NAT the actual ip address of the SIP phone when communicating with the external ips or VoIP servers,with the use of security policy this can ensure that the voip traffic is also secured by the firewall.
Nawaaz ToonahNAT, ISP normally provides one public IP to subscribers and for many devices to connect on the internet this single public IP address is shared among them. Traversal technique is to do UDP encapsulation to allow traffic to reach the destination device which does not have a public address. SIP traversal is mainly used when we have SIP phones which are registered to a remote IPBX, to keep the connection live and keep signaling link between the phones and the sip registrar, SIP traversal comes into play. I have mainly used this SIP traversal option on Cyberoam / Sophos firewall and believe me it works like a charm.
Rupsan ShresthaSIP is a protocol used for session management in VoIP or video communication, On the other hand NAT Traversal is a technique used to maintain connectivity over networks where NAT is used. You are probably looking to implement VoIP in your network if I'm not mistaken. There is no choice here because some VoIP devices require the implicit use of SIP protocol, That is what they use to initiate, manage, and terminate sessions. While there are some vendors that use their proprietary protocol, SIP like protocol is necessary regardless. And about NAT traversal, if you have a NAT device or a firewall that implements NAT in between or as a gateway NAT traversal must be used to make sure your communication works because in VoIP communication the client also acts as a server, meaning the communication has to be both ways. When there is a NAT in between NAT masquerades the original IPso there is a probability that the communication may fail. However, some VoIP solutions have their own mechanism to bypass NAT and maintain communication while some require NAT Traversal to be configured on the firewall.
Mario Blanco
Jefe de telecomunicaciones at a financial services firm with 10,001+ employees

I work as the head of telecommunications for a large bank.

We are currently researching next-generation firewalls. Which is the best solution available? Which would you recommend?

Thanks! I appreciate your help. 

Menachem D Pritzker
Director of Growth
IT Central Station

Which are the best providers for either configuration?

reviewer1209270Firewalls are basically security devices that help you stop intrusion in your network. They can be deployed either on the host or in the network. The ones that are deployed on a host are generally software firewalls, the ones deployed in network are hardware firewalls. Hardware firewalls are always superior to software firewalls. On the other hand, NAT Traversal is basically a function that can be provided by a router or firewall. Some of the best vendors for hardware firewalls are Palo Alto, Checkpoint & FortiGate. Some of the best vendors for routers include Cisco & Juniper.
Philippe PanardieA Firewall is a security device, on which you can apply rules to defend your professional network: The best suppliers are Palo Alto, Checkpoint and Fortinet. Juniper is reserved for heavy configuration. Palo Alto is the leader. The accuracy of his reporting and the possibility of virtualizing the functionality is very interesting. Fortinet has a wide offering and uses very speed composants . A checkpoint is a historic player and has very keen equipment, especially for technical teams. Firewall NG embarks a lot of additional capabilities: antivirus, IPS, IDS, which make them attractive. Sometimes you d rather buy this equipment separately, not to overload your firewall. An important functionality is to buy a failover, if your activity is 24/24, in order to avoid failure of the first member of your infrastructure. An NAT is only masking the real internet address of your network. These equipements have fewer functionalities and have less interest except for specific needs.
Danut AgacheIf we refer to the functions of an Internet Gateway: * Firewall is that facility of protection, security and access control based on "access control lists" (ACLs) which can be of the "stateful" type (with the preservation of status information and the imposition of security policies based on this feature as well) or of the "stateless" type called "packet filter"; from an administrative point of view, a stateful firewall is necessary to allow one-way traffic (the rest is handled by the firewall), and in the case of stateless, the administrator must configure ACLs in both directions so that the traffic to be allowed. Stateful firewalls also have advanced inspection modules (DPI - Deep Packet Inspection) that can provide control and security up to level 7 (NGFW). * NAT Traversal is the ability by which an Internet Gateway ensures the change of IP addresses from Public to Private (and vice versa) in all places in a data packet (including the payload) thus ensuring end-to-end communication ( client-server like FTP communication in which data ports are dynamic) even if the real address of one or both communication partners is not known. In addition to the payload modification, the NAT Traversal function (at the gateway level) must also modify the DNS queries that are made through the firewall, so that each party benefits from the contactable IP address information. The NAT Traversal function (at the gateway level) has some limitations when we talk about the Internet Gateway, especially in the case of encrypted communications where changing the payload is difficult (or even impossible). In this way, the communication protocols used must have this capability. This is the example of IPsec communications in which, in case of crossing an Internet Gateway that does NAT, it detects the situation (using hash algorithms) and automatically switches to NAT Traversal mode (from ESP protocol to UDP 4500).
AnkitJain3
Sr. Manager - IT at Vehant Technologies Pvt Ltd

I work as a senior IT manager for a small software R&D company.

We need an opensource Linux-based firewall for our organization that is easy to manage. Which is the best option? Which would you recommend? 

Thanks! I appreciate the help. 

Student

How has Ransomware been attacked(Source) and how it can be controlled? Give me the best solution.

David BalabanI have recently written an article on removing ransomware from Mac - https://macsecurity.net/view/158-mac-ransomware-2020
Shermay Tan
Sales Director at TA Power Group Sdn Bhd

I work as a project engineer at a company with 201- 500 employees.

I am looking for recommendations for the best way to prevent DoppelPaymer Ransomware. Is there an action plan or solution you would recommend?

Thanks! I appreciate your help. 

 

Tarek MenshawyYou need an APT solution integrated with your endpoint solution, firewall, and email security gateways. I recommend Wedge Network and FireEye.
SSLIf you want absolute security, for any malware - not just the DoppelPaymer ransomware, I suggest you have a look at ThreatLocker. I do not work for them, but we started implementing this internally and will soon push this out to clients. It is a superb product, that goes about security in a different way - rather than layering antivirus (signature based or nextgen) on top of regular updates (Windows and 3rd party) - it implements application whitelisting and ring fencing. I suggest you have a look at their videos, and reach out to them. https://www.threatlocker.com/ No Firewall can protect you completely, even if it is UTM. Even if you close all ports (please do so for RDP or similar). These will help filtering URL, websites, and in some cases using AV signatures or ATP for attachments, but we noticed this is not very effective (especially with SonicWall). Having a nextgen A/V like Carbon Black, Crowdstrike, Cylance or SentinelOne will help as well. You also need a solid antispam solution that does sandboxing, and URL rewriting. Fortinet can certainly provide a solution there for you.
David BalabanMy old article from the dawn of ransomware outbreak back in 2016 is still good: https://www.tripwire.com/state-of-security/security-data-protection/cyber-security/22-ransomware-prevention-tips/