Top 8 Firewalls Tools

Fortinet FortiGatepfSenseCisco ASA FirewallCheck Point NGFWCisco Firepower NGFW FirewallSophos XGCheck Point CloudGuard NetworkPalo Alto Networks NG Firewalls
  1. leader badge
    Some of the valuable features are the firewall, IPS, web filter, and gateway capabilities. Additionally, it is easy to use and flexible.Overall, the pricing of the solution is very good. The product offers good value.
  2. leader badge
    I'm the expert when it comes to Linux systems, however, with the pfSense, due to the web interface, the rest of the staff can actually make changes to it as required without me worrying about whether they've opened up ports incorrectly or not. The ease of use for non-expert staff is very good.
  3. Find out what your peers are saying about Fortinet, Netgate, Cisco and others in Firewalls. Updated: April 2021.
    501,499 professionals have used our research since 2012.
  4. leader badge
    The most valuable feature we have found to be the VPN because we use it often.Even in very big environments, Cisco comes in handy with configuration and offers reliability when it comes to managing multiple items on one platform.
  5. leader badge
    Remote access with a secure workspace provides a clear separation between the client and corporate network. One of the most valuable features is performance improvement, wherewith ClusterXL and CoreXL, you can improve performance.
  6. leader badge
    One of the nice things about Firepower is that you can set it to discover the environment. If that is happening, then Firepower is learning about every device, software operating system, and application running inside or across your environment. Then, you can leverage that discovery intelligence to get Firepower to select the most appropriate intrusion prevention rules to use for your environment rather than picking one of the base policies that might have 50,000 IPS rules in it, which can put a lot of overhead on your firewall. If you choose the recommendations, as long as you update them regularly, you might be able to get your rule set down to only 1,000 or 1,500, which is a significant reduction in a base rule set. This means that the firewall will give you better performance because there are less rules being checked unnecessarily. That is really useful.
  7. Dashboard is easy to use and the reporting offers a lot of detail.Sophos XG is a stable product.
  8. report
    Use our free recommendation engine to learn which Firewalls solutions are best for your needs.
    501,499 professionals have used our research since 2012.
  9. SSL/TLS traffic inspection features are used for advanced threat prevention against secure SSL traffic. Check Point has pretty simple solutions, like the virtual appliance which you just download and it is imported into VMware and you just start using it.
  10. Mechanically, all firewalls work in a similar fashion, but what makes Palo Alto different is that it also has some of the threat hunt capabilities. It is a little bit better than other vendors.

Advice From The Community

Read answers to top Firewalls questions. 501,499 professionals have gotten help from our community of experts.
Ariel Lindenfeld
Let the community know what you think. Share your opinions now!
author avatarSimon Coombs
Real User

Comprehensive protection, reliability, straightforward administration, total cost of ownership over three to five years.

author avatarGirish Vyas
Real User

There are already some good answers about it but this is what I understand for a firewall. It is a luxury when compared in a networking domain. So basics first, we would need to suit your networking requirement. For this you need to settle down for Vendor whom you need to buy this firewall. From an organization level, Try to get a best deal.

Now from networking perspective, take that spec sheet out and look for the models they offer and see which one fits your network. I mean check the throughput of the firewall. Can it handle the load you are going to push it through ?

Ok so you got your vendor and the model but wait let's see that spec sheet again. Why? The features. Yes the features are also important as everyone already pointed it out. You need to compare the feature and see if it meets your organization policy. Most of the firewalls have all that is required for an organization. This includes but not limited to deployment mode, high availability, application visibility, custom application definition, central management (required if you have more than one firewall to standardize your policy), Throughput post going through IPS / URLF, SSL VPN capability (I don't want to spend more to get this new extra feature right), IPSEC VPN, and others. The core of deploying the firewall is the throughput. I don't know how to emphasize more on that.

Once you get this checklist complete. I believe you are good to purchase a firewall for your organization. I would request people to try these firewalls on the VM instance for demo and see how they function. Check with your vendor for demo. This is to ensure that your IT engineer is comfortable with the look and feel as he is the one going to handle your firewall right ?

All the best ! on getting a new firewall.

author avatarit_user339975 (Project Consultant at a tech consulting company)
Consultant

Awesome answers all around!

The most important aspect to look for is relative to one question:

How informed are you with the actual needs of your network?

Overall I think there are too many specific details to choose any one primary aspect when selecting a security appliance and/or firewall device based on functionality alone. Any company that is online and running with proven technology has offered a solution that meets the minimum standard for most situations and customers. However some do perform better than others in certain environments and this depends on the needs of the network and resources. Firewalls fulfill one general role in the network: the protection of key resources. This can be expanded upon in a number of ways but the idea is the same all the time; the protection of key resources and the inspection of traffic in and out of these resources. That being the case, it would require in depth research based on specific needs and see how that relates to the network in question when selecting a device.

The one aspect that will always matter regardless of the device capability is Integration and Administration. Although customer support from the vendor is extremely important, the first line of response will always be the in-house technical resource.

- How easily can I role this out?
- Am I replacing a pre-existing device or adding this in tandem?
- Do I have people who can manage this device currently and if not, can they be trained easily?
- If I have a single admin/engineer who manages this device and they leave the company, how easy is it to find another qualified person?

I think these aspects and questions matter a great deal. Regardless of specific strengths for a single device, if that device cannot be installed easily or managed easily, that equals more confusion and downtime which usually means a loss of money.

When considering a new firewall device or security appliance, I encourage my clients to review their short and long term goals before allowing too much time in debate over which device is better.

author avatarJonathan Maresky
Real User

Security is the most important aspect. You are not buying a Firewall to play Candy Crush so user experience is not the most important aspect (even though it is important). It needs to provide the most advanced security to protect your organization from threats.

author avatarreviewer1401408 (User)
User

A firewall that allows us to set parameters on where our users can go and which gives us the ability ton block certain sites or ads if we need or want to.

author avatarreviewer1378275 (User)
User

Logging And Reporting. Some new toy firewalls (like Fortigate)  have them on Cloud, but suppose there is a problem in WAN connections or VPN. The Easy Way to see logs for troubleshooting, that is the best firewall

author avatarreviewer1232628 (Solutions Architect at a comms service provider with 501-1,000 employees)
MSP

There is no single-most important aspect, but here are a few to consider as being absolute requirements.

Intrusion protection: I've seen break-ins from bad actors on the outside, who stole intellectual property for whatever purpose, including, but not limited to the sale of said property to competitors.
Internal threats: We've seen shady employees stealing information, and BYOD infected and then brought to work. Good endpoint security is a great add-on, but if the level from a firewall is not where you need it to be, then a separate solution for such service should be evaluated. A firewall at the perimeter that offers malware protection in both directions adds an extra layer of security.
The reason for simplicity is not just that your job will be easier to build the network, but to navigate the threats and quickly bring new security professionals up to speed on your platform.
Application Identification: This is not a luxury, it's a flat-out requirement.
Ease of replacement: Does the vendor offer a plan to replace faulty hardware in a day or less, or do you choose instead to go HA at all locations, especially in countries where bringing hardware through customs can be a nightmare

author avatarMiguel Angel Hernández Armas
Real User

1. Status inspection capabilities.
2. Ease of administration.
3. Performance.
4. Price.
5. Scalability.

B Putnam
I am the owner of a retailer company with 1-10 employees.  We host websites on Windows 2008 R2 servers and Norton Business Protection. We are looking for recommendations for the best network firewall. Thanks! I appreciate the help.
author avatarStuart Berman
Real User

Good commercial firewalls take a degree of expertise that small businesses rarely possess, for that reason, I would look for a managed security services provider that specializes in the SMB retail market. They should be able to do it affordably and with solid expertise. They should support Fortinet or Palo Alto Network firewalls which are the current gold standard for Next-Generation Firewall. You should also look at upgrading your Windows 2008 servers as they are end of life and tough to protect today.

author avatarLuis Apodaca
User

1-10 employees., it's not that big, you should try the Unifi Platform from the Ubiquiti brand, it is a bargain for the price and resource you can manage, and the better for you is you don't have to pay licencing, you only pay the hardware an the IT for implement the solution.

author avatarGabriel Sicouret Villalobos
MSP

You should be looking at the Juniper's SRX300, which is a bundle of switching, security and routing. You'll have embedded PoE+ functionality with its 6 Gigabit Ethernet Ports, and 2 uplinks running at 10 Gbps, Industry best, high-performance IPsec VPN solution with 2 FREE SSL VPN licenses and able to purchase up to 48 more licenses for a total of 50 remote collaborators.

Check this out for more information: https://www.juniper.net/us/en/products-services/security/srx-series/datasheets/1000550.page

author avatarNguyen Nguyen
User

Priority as below:

1. Best choice: CISCO FirePower 1120 as it is a strong FW and not necessary to renew the subscription if you just need a firewall.
2. Powerful but expensive: Palo Alto Networks PA or Check Point: small series and you have to renew subscription yearly.
3. Multi-functions: FortiGate, ForcePoint, SonicWall, Watchguard, Sophos: Forti is popular and high ranking, the others are lower ranks, but all these ask to renew subscription yearly as well.
4. Opensource: I do not recommend as there is no one responsible for your system unless you are very pro in Linux and opensource.

author avatarDavid Hartt
Real User

I think you should be looking more into a WAF. For firewalls with ~ 10 users a small FotiGate should be sufficient but the opportunity I see of the 2008 R2 servers. You should have moved off of these systems as of 2019 but that is not relevant to your question. I would invest in protecting those systems with an appropriately sized WAF. For this I recommend a FortiWEB.... these are distinctly different products.

author avatarMohamed Rashwan
Real User

FortiGate 60F will be a good and economical choice for you especially that you will host a website it will give you the best performance.

author avatarRias Majeed
Real User

Better go with FortiGate 60E.

Shermay Tan
I work as a project engineer at a company with 201- 500 employees. I am looking for recommendations for the best way to prevent DoppelPaymer Ransomware. Is there an action plan or solution you would recommend? Thanks! I appreciate your help.   
author avatarTarek Menshawy
Real User

You need an APT solution integrated with your endpoint solution, firewall, and email security gateways. I recommend Wedge Network and FireEye.

author avatarSSL
User

If you want absolute security, for any malware - not just the DoppelPaymer ransomware, I suggest you have a look at ThreatLocker. I do not work for them, but we started implementing this internally and will soon push this out to clients. It is a superb product, that goes about security in a different way - rather than layering antivirus (signature based or nextgen) on top of regular updates (Windows and 3rd party) - it implements application whitelisting and ring fencing. I suggest you have a look at their videos, and reach out to them.
https://www.threatlocker.com/

No Firewall can protect you completely, even if it is UTM. Even if you close all ports (please do so for RDP or similar). These will help filtering URL, websites, and in some cases using AV signatures or ATP for attachments, but we noticed this is not very effective (especially with SonicWall). Having a nextgen A/V like Carbon Black, Crowdstrike, Cylance or SentinelOne will help as well. You also need a solid antispam solution that does sandboxing, and URL rewriting. Fortinet can certainly provide a solution there for you.

author avatarDavid Balaban
Real User

My old article from the dawn of ransomware outbreak back in 2016 is still good: https://www.tripwire.com/state-of-security/security-data-protection/cyber-security/22-ransomware-prevention-tips/

author avatarPeter Strate
User

I’m surprised no one is mentioning the integrated defense you get using a Palo Alto FW together with their Endpoint protection Cortex XDR (formerly named Traps) – and to top it also use Proofpoint mail defense to be able to have all emails scanned by Palos Wildfire before they are released to the recipient.

Out of our more than 400 clients using Palo FW with Cortex XDR/Traps have had any problems with any ransomware. Strongly recommend you to check out https://www.paloaltonetworks.com/cortex/cortex-xdr to learn more and see why this is the only completely integrated solution. And even if you don’t go all the way with Pro versions and big data lakes, just using the Palo FW with Wildfire and Cortex XDR Prevent will result in really good protection.

author avatarPaul Vettoretti (AT&T)
Vendor

A lot of great responses but there are a few that stand out (from my POV). Those are the ones that talk about incorporating different technologies. It is best to focus on protection from as many threats (ransomware or other) as possible rather than any single threat such as DoppelPaymer. The only viable protection today is a layered approach. How many layers is dependent on your budget and the value of what you are protecting. The tools mentioned in many responses (UTM Firewall, End point protection, Application protection, segmentation, etc.) are essential and can catch/block many threats. Taking those tools a step further is tying them to a threat exchange and integrating the alerts from the various solution with intelligent rules (using "Advanced" SIEM tools) will yield even tighter protection. Vulnerability scanning and even penetration testing are also very useful in either finding your weak spots or confirming you are as secure as you think you are. The weak link, people, can never be overlooked. Training employs (plenty of video training is available) on the threats and what to look out for. Testing employees by sending phishing emails is also very effective after employees have been trained.

author avatarreviewer1208142 (Senior Network Engineer at a consultancy with 1,001-5,000 employees)
Real User

To protect yourself, you have to:

- If the customer has a NGFW (Cisco Firepower), we can activate the signatures Sid 1-52427 and Sid 1-52428 and make a correlation rule (Alert/pxgrid-ISE for remediation)
https://snort.org/rule_docs/1-52427
https://snort.org/rule_docs/1-52428

- The customer must have a content security product such as Cisco Umbrella (DNS Security, SIG, SWG, TI, CBFW)
- Finally, the customer must have a Cisco AMP EndPoint solution that is very effective against this attack. There are even IOC indicators in the console.

author avatarUnmesh Deshpande
Real User

DoppelPaymer, structural sanitization cannot detect what’s inside the file, so we can only ensure that the file is encrypted. One needs to build a policy to only allow password-protected documents from trusted senders. This enforcement of policy should take you a long way into mitigating the risk against DoppelPaymer. As a best practice, IT/Email Admin should enforce email encryption as it is much more secure.

The war between creative and destructive IT is already evident and may grow fierce as cybercriminals become more aggressive and ill-talented. It's all about how we scale our technical competencies and approaches to become more sophisticated. Tools from Sophos look to be "A friend in Need" Solution as rightly suggested by Eduardo Pina in the following trail.

author avatarBosco Orellana
User

Please read this paper about ancestor of DoppelPaymer and how this randsomware work.
https://nakedsecurity.sophos.com/2017/09/21/how-bitpaymer-ransomware-covers-its-tracks/.

Chandraprakash Pandey
Hi, I am from an Auditing organization. We are looking to have a firewall using which we can have the VPN for our users [currently WFH]. Please suggest the best firewalls currently in the market to choose from.
author avatarJavier Medina
Real User

You need to know the apps and bandwith that your users will need to calculare the trhowoutput of the interfaces, that is more about sizing rather than brand, but the sophos vpn client is very light and easy to install

author avatarSanjula Weerakoon
User

I think if you can get the concurrent user number correct and get a suitable sized FortGate firewall this will be the best ex: 40 concurrent FG-40F. Fortigates come inbuilt VPNs FOC and if you require additional security towards sensitive business activities such as payroll, you can look into the 2FA solutions in the Fortinet Network Security FABRIC. 

author avatarIanMacfarlane
Real User

Hi, VPN's are becoming something from the pass as more organizations are connecting to cloud based services like O365. In most cases companies have moves servers/data/services out of the back server room. Back to your question, Fortinet, SonicWall or Cisco. Meraki is a great platform but does not have a dedicated VPN client as of yet, I have worked with both Fortinet and SonicWall and based on the numbers I would recommend Fortinet. The VPN client is great and comes with AV as part of the package. 


Feel free to call me if you want more information.




Thank You 


613-401-7203  

author avatarreviewer1266459 (Network Security Engineer at a performing arts with 201-500 employees)
Real User

Fortigate works well. it has ipsec vpn as well as ssl vpn which can be integrated with your AD for SSO. Only need to install and configure forticlient on the user pc. Can also activate two factor authentication with fortitokens. Im using that now and im happy

author avatarRias Majeed
Real User

You can use fortinet Firewall SSLVPN as well ipsec vpn.   If you tell me what are services need to accessed by remote users.  I suggest you the correct model.  nevertheless it has to be 600 Series or above.  And you need have enough upload speed.

author avatarJavier Medina
Real User

In addition i can tell that you can use 2FA for free with the sophos authenticator and enabling OTP for your vpn remote ssl users, also there are some other vpn awesome features like html5 and rdp over vpn so you dont need to publish or port forwarding makin  you network more secure.

author avatarBrian Browne
User

Fortigate 

author avatarBrian Browne
User

Fortigate
Cisco firepower
pásense

in that order

Rony_Sklar
There are many cybersecurity tools available, but some aren't doing the job that they should be doing.  What are some of the threats that may be associated with using 'fake' cybersecurity tools? What can people do to ensure that they're using a tool that actually does what it says it does?
author avatarSimonClark
Reseller


Dan Doggendorf gave sound advice.


Whilst some of the free or cheap platforms will provide valuable information and protection, your security strategy has to be layered. Understand what you want to protect and from whom. At some point you will need to spend money but how do you know where to spend it? There are over 5,000 security vendors to choose from.


There is no silver bullet and throwing money at it won’t necessarily fix what you are at risk from but at the same time free products are free for a reason.


If your organisation doesn’t have a large team of security experts to research the market and build labs then you need to get outside advice. Good Cyber-advisors will understand your business and network architecture therefore will ask the right questions to help you to navigate the plethora of vendors and find the ones that are right for where your business is now and where you intend it to be in the future.


Large IT resellers will sell you what they have in their catalogues based on what you ask for and give a healthy discount too but that may not fix the specific risks your business is vulnerable to. A consultative approach is required for such critical decisions.


By the way, there are free security products and services that I recommend.


author avatarDanny Miller
User

Tools are not necessarily bogus. Sometimes they are just 'legacy' tools that have been around for too long and no longer fit the problem they were designed to solve, simply because IT infrastructure, organizational needs, and cybersecurity threat complexity have evolved. 

author avatarreviewer1266459 (Network Security Engineer at a performing arts with 201-500 employees)
Real User

Refrain from free products


Delete products and traces of product after evaluation


Always know what you want from the cybersecurity solution. Can identify illegal operations of the products if different from its stipulated functions.


Work with recognised partners and solution providers


Download opensource from reputable sites


author avatarDoctor Mafuwafuwane (Altron Systems Integration )
Real User

Open Source or Free products need proper management. Based on my experience I have found that many people who uses open source don't bother to patch them and attackers then utilize such loopholes.



One of the great example one client was using free vulnerability management plus IP scanner. And they got hit with ransomware. During the investigation I realise the attacker utilized the same tool to affect other devices on the network. The attack took his time at least 2 months unnoticed. 

author avatarBasil Dange
Real User

One should 1st have details understanding of what he/she is looking to protect within environment as tool are specially designed for point solution. Single tool will not able to secure complete environment and you should not procure any solution without performing POC within your environment 


As there is possibility that tool which works for your peer organisation does not work in similar way for yours as each organisation has different components and workload/use case

author avatarJavier Medina
Real User

You should build a lab, try the tools and analyze the traffic and behavior with a traffic analizer like wireshark and any sandbox or edr that shows you what the tools do, but all this should be outside your production environment, use tools that has been released by the company provider and not third party downloads or unknown or untrusted sources.

author avatarAlan
Real User

Bogus cybersecurity tools might bring about the data exfiltration, trojan horse 

See more Firewalls questions »

Firewalls Articles

Rony_Sklar
IT Central Station

Members of the IT Central Station community are always happy to help other users by answering questions posted on our site. These answers are not only helpful to the person asking the question, but also to other users who are doing product research.

In this Q&A round-up, we’ll take a look at answers from our users about: the most important aspects to consider when evaluating firewalls, and firewall recommendations for a small retailer.

When evaluating Firewalls, what aspect do you think is the most important to look for?

You’ve been tasked with selecting a Firewall for your company. You’ve started researching different solutions, and the options are endless. What aspects of firewalls are most important when choosing one?

IT Central Station users have given their opinions of what is the most important aspect to take into account when evaluating firewalls. With a wide variety of opinions in the answers, one thing is clear – there isn’t one single aspect that can determine what’s the best firewall.

it_user339975 emphasized that the first step in selecting the right firewall starts with knowing what your network needs are: “The most important aspect to look for is relative to one question: How informed are you with the actual needs of your network? Overall I think there are too many specific details to choose any one primary aspect when selecting a security appliance and/or firewall device based on functionality alone.” He further explained that each individual case requires in-depth research depending on one’s specific network needs.

Bearing in mind that there are many considerations, here’s a snapshot of a few of the aspects that users mentioned:

  • Stability
  • Performance
  • Extensive logging
  • Price
  • Good support
  • Scalability
  • Good reporting abilities

Which is the best network firewall for a small retailer?

One of our users wanted recommendations for the best network firewall for a small retailer. As always, users were really helpful and gave product recommendations. Some recommendations included Fortinet, Sophos XG, Palo Alto, pfSense, Cisco FirePower, SonicWall, and Check Point.

In addition to some good recommendations, some users also offered some advice about selecting a firewall in general. Mike Hancock noted that opinions on what is the “best” firewall differ widely, and that Firewalls and firewall vendors as well as the people that implement them are very partial to what they are familiar with. He suggested that the right question to ask is, ”What are you looking for and need in a firewall?” 

Another user, Ray Kingdon, pointed out that the most important considerations for selecting a firewall are budget and the person managing the firewall: “If you spend £40k on a firewall and have an idiot configure it and administer it – the firewall is next to useless, what ever Vendors product you buy!!”

More Firewall recommendations from our user community

If you’re researching Firewalls, there’s a wealth of information on our site that can guide you in your research. You can read in-depth reviews of firewall solutions, and also explore the other questions and answers about firewalls from our user community.

If you don’t find the exact answers that you’re looking for, you can also post a question and get answers from your peers.

IT Central Station is here for you, to learn and help your peers. In a market full of vendor hype, we enable you to get real, unbiased information from people like you.

Danielle Felder
Senior Social Media and Content Manager at IT Central Station
5 Questions to Ask when Choosing Firewalls for Your Company

For many enterprise organizations, firewalls are critical for protecting a company’s network and appliances from unauthorized incoming and outgoing access. According to IDC, this interest in firewalls is not declining anytime soon.  

There are many firewalls to choose from in the industry, such as Fortinet FortiGate, Cisco ASA, Palo Alto Networks WildFire, Sophos UTM and pfSense, among others. Each solution has its own benefits and valuable features, which can make choosing the right solution for your company all the more daunting.

To help with this process, we have turned to the IT Central Station community for their advice. Here are five questions that our users commonly ask in their own searches for business intelligence software.

1. “How much visibility does it offer?”

For many IT Central Station users, this is one of the most essential features that they pay attention to when searching for their company’s firewall. In large corporations that utilize many types of applications and platforms on a daily basis, visibility is ultimately what determines whether or not a firewall will be effective.

Kiarash B., Security Designer at ODI

“You can extend your visibility in network infrastructure for monitoring. You can absolutely give your users a better experience. When you use .1X for user authentication, users login just one time and you can control all user access to the Internet, data center resources, and across the network.”

Luis F., Senior Systems Administrator/Network Engineer at a retailer

“[This solution offers] much more visibility during an attack lifecycle; found a lot of infected hosts and vulnerabilities. It IS a bit expensive, but I think you get what you pay for. Value is there.”

Simon C., ICT Solutions Engineer at an aerospace/defense firm

“You can create multiple virtual domains (VDOMs) which are treated as separate firewall instances. The reporting you get out of this appliance is excellent and you don't need an external management system.”

2. “How easy is it to manage?”

According to many IT Central Station users, firewalls function typically in complex, heterogenous security environments. Therefore, a firewall that is easy to manage by people in the company with varying skill levels will have an immediate advantage over other solutions in the market.

Davide M., Senior Security Consultant at a tech services company

“Customers have more time to focus on security because maintaining the firewalls is completely hassle-free. It has complete and cost-effective next-generation firewall features with app identification, and IPS and URL filtering with SSL inspection.”

Jinlong Y., HTS Engineering - Heat Transfer Solutions at a construction company

“Any new hire straight out of school who has network knowledge is able to operate the software without the complication of a CLI.”

Carlos E., IT Manager at a government agency

“The most important features are performance and ease of management. The solution helped in the identification and categorization of access and provided a high index of traffic analysis.”

3. “Are these firewalls flexible enough to handle my company’s needs?”

Flexibility is another highly valuable feature for firewalls, especially when operating in large companies that have many different uses for such a solution. With a flexible firewall, users can ensure better control of their network according to its specific needs.

Alin P., Network Security Administrator at a tech company

“It helped us and our customers implement more granular and flexible connections to and from our/their environments, building a trust relation between all of us, having the confidence that our exchanged information is occurring in a highly secure manner.”

Dragan P., Head of IT at a construction company

“After migrating to Sophos XG and the new XG OS, things got easier, more secure, and more interesting. Specifically, we had the ability to generate different reports for different protection types, different end users, or different services. With the new XG OS, I have better control of my network and I can easily detect malicious and unnecessary traffic.”

4. “What kind of security features does it have?”

At its foundation, firewalls are important because they protect key IT assets from security threats. So if you’re looking into firewalls, this should be a question that you are asking during the search process.

Brent A., Senior Network and Security Engineer

“WildFire has been instrumental in blocking a number of new threats, before common desktop anti-virus tools were able to detect them. When Wannacry first came out, wildfire was detecting it and dropping incoming threats within seconds. We were dropping over 10,000 files per day with no additional firewall load at all.”

Adriana Y., IT Infrastructure Engineer at a tech company

“Routing and security policies, central management and all of the other features help us to improve network performance and implement organizational policies.”

Jeff B., Network Engineer at a legal firm

“Before using the Sophos appliance, we consistently struggled with users clicking on things they shouldn't be. This led to virus/malware infections that seemed to propagate through the network at an alarming speed. Since we incorporated the appliance into our network, we don't have to worry as much since it does in-line virus checking, and if a computer does get infected the Sophos appliance lets us know via its Advanced Threat Protection so we can get a much faster response time.”

5. “What do other people in my industry think about these tools?”

Aside from these initial questions, the IT Central Station community also recommends continuously searching for user feedback. Learning more about your colleagues’ personal experiences with a wide array of firewalls is invaluable, and will help give you the important information that you need to ultimately make that investment.

If you have any questions, ask in our firewall community forum.

Andrew S. Baker (ASB)Another question: -- How quickly does the vendor provide support and fixes?
reviewer690582That depends on the type of subscription that accompanies your device(s). You… more »
Andrew S. Baker (ASB)My suggested question is independent of the support packages. If you're paying… more »
Find out what your peers are saying about Fortinet, Netgate, Cisco and others in Firewalls. Updated: April 2021.
501,499 professionals have used our research since 2012.