Advice From The Community

Read answers to top Firewalls questions. 406,312 professionals have gotten help from our community of experts.
B Putnam
I am the owner of a retailer company with 1-10 employees.  We host websites on Windows 2008 R2 servers and Norton Business Protection. We are looking for recommendations for the best network firewall. Thanks! I appreciate the help.
author avatarStuart Berman
Real User

Good commercial firewalls take a degree of expertise that small businesses rarely possess, for that reason, I would look for a managed security services provider that specializes in the SMB retail market. They should be able to do it affordably and with solid expertise. They should support Fortinet or Palo Alto Network firewalls which are the current gold standard for Next-Generation Firewall. You should also look at upgrading your Windows 2008 servers as they are end of life and tough to protect today.

author avatarNguyen Nguyen

Priority as below:

1. Best choice: CISCO FirePower 1120 as it is a strong FW and not necessary to renew the subscription if you just need a firewall.
2. Powerful but expensive: Palo Alto Networks PA or Check Point: small series and you have to renew subscription yearly.
3. Multi-functions: FortiGate, ForcePoint, SonicWall, Watchguard, Sophos: Forti is popular and high ranking, the others are lower ranks, but all these ask to renew subscription yearly as well.
4. Opensource: I do not recommend as there is no one responsible for your system unless you are very pro in Linux and opensource.

author avatarDavid Hartt
Real User

I think you should be looking more into a WAF. For firewalls with ~ 10 users a small FotiGate should be sufficient but the opportunity I see of the 2008 R2 servers. You should have moved off of these systems as of 2019 but that is not relevant to your question. I would invest in protecting those systems with an appropriately sized WAF. For this I recommend a FortiWEB.... these are distinctly different products.

author avatarLuis Apodaca

1-10 employees., it's not that big, you should try the Unifi Platform from the Ubiquiti brand, it is a bargain for the price and resource you can manage, and the better for you is you don't have to pay licencing, you only pay the hardware an the IT for implement the solution.

author avatarMohamed Rashwan
Real User

FortiGate 60F will be a good and economical choice for you especially that you will host a website it will give you the best performance.

author avatarRias Majeed
Real User

Better go with FortiGate 60E.

author avatarFinis Ross


author avatarBrad Nawrocki

I like Watchguard Fireboxes for my firewall. We started out with less than 50 users and have grown to 80 and Firewall is easy to manage. The one negative it is expensive to keep the subscriptions updated. Worth it to us, as we've been viruses and malware-free for years.

Ariel Lindenfeld
Let the community know what you think. Share your opinions now!
author avatarSimon Coombs
Real User

Comprehensive protection, reliability, straightforward administration, total cost of ownership over three to five years.

author avatarMiguel Angel Hernández Armas
Real User

1. Status inspection capabilities.
2. Ease of administration.
3. Performance.
4. Price.
5. Scalability.

author avatarIT at a real estate/law firm with 1-10 employees

1. Protection
2. Throughput
3. Ease of use
4. Support
5. Price

I want to make sure it fits my needs and does what I need to do. Every environment and budget is different. Making sure you talk to people who know what they're doing so you get the product you need.

author avatarOwenmpk
Real User

1. I can figure out how to use it so it must have GUI interface.
2. Good support so when I need help I can get it.
3. Renewal fees are reasonable (not half the price of the unit).
4. Of course, that it does the job.

author avatarJoao Louro

NGFW, Stability, Good vendor support, Good logging information, centralized management

author avatarIT Security Consultant at Rodl Middle East

Firewall should be:
- with NGFW features
- Capable of Inspecting encrypted traffic without breaking or compromising the security of the traffic.
- Scalable
- Easy to manage and configure
- with Excellent vendor support

author avatarGirish Vyas
Real User

There are already some good answers about it but this is what I understand for a firewall. It is a luxury when compared in a networking domain. So basics first, we would need to suit your networking requirement. For this you need to settle down for Vendor whom you need to buy this firewall. From an organization level, Try to get a best deal.

Now from networking perspective, take that spec sheet out and look for the models they offer and see which one fits your network. I mean check the throughput of the firewall. Can it handle the load you are going to push it through ?

Ok so you got your vendor and the model but wait let's see that spec sheet again. Why? The features. Yes the features are also important as everyone already pointed it out. You need to compare the feature and see if it meets your organization policy. Most of the firewalls have all that is required for an organization. This includes but not limited to deployment mode, high availability, application visibility, custom application definition, central management (required if you have more than one firewall to standardize your policy), Throughput post going through IPS / URLF, SSL VPN capability (I don't want to spend more to get this new extra feature right), IPSEC VPN, and others. The core of deploying the firewall is the throughput. I don't know how to emphasize more on that.

Once you get this checklist complete. I believe you are good to purchase a firewall for your organization. I would request people to try these firewalls on the VM instance for demo and see how they function. Check with your vendor for demo. This is to ensure that your IT engineer is comfortable with the look and feel as he is the one going to handle your firewall right ?

All the best ! on getting a new firewall.

author avatarProject Consultant at a tech consulting company

Awesome answers all around!

The most important aspect to look for is relative to one question:

How informed are you with the actual needs of your network?

Overall I think there are too many specific details to choose any one primary aspect when selecting a security appliance and/or firewall device based on functionality alone. Any company that is online and running with proven technology has offered a solution that meets the minimum standard for most situations and customers. However some do perform better than others in certain environments and this depends on the needs of the network and resources. Firewalls fulfill one general role in the network: the protection of key resources. This can be expanded upon in a number of ways but the idea is the same all the time; the protection of key resources and the inspection of traffic in and out of these resources. That being the case, it would require in depth research based on specific needs and see how that relates to the network in question when selecting a device.

The one aspect that will always matter regardless of the device capability is Integration and Administration. Although customer support from the vendor is extremely important, the first line of response will always be the in-house technical resource.

- How easily can I role this out?
- Am I replacing a pre-existing device or adding this in tandem?
- Do I have people who can manage this device currently and if not, can they be trained easily?
- If I have a single admin/engineer who manages this device and they leave the company, how easy is it to find another qualified person?

I think these aspects and questions matter a great deal. Regardless of specific strengths for a single device, if that device cannot be installed easily or managed easily, that equals more confusion and downtime which usually means a loss of money.

When considering a new firewall device or security appliance, I encourage my clients to review their short and long term goals before allowing too much time in debate over which device is better.

Ron Zelt
If you could go back in time, would you change your decision to buy that firewall and why? What do you think?
author avatarGirish Vyas
Real User

This answer depends on the provider one has. These days people in enterprise are moving away from big names to Fortinet, WatchGuard.
I would recommend them to stick to secure architecture than just names. Check the frequency at which their threat database is updated. Ask them about their threat Intelligence provider. Is it in-house vs third-party? Check if they have an integrated suite rather than just a one-off product. See how long have they been in the market and where are they positioned in Gartner Report. Now coming to the original question, do I want to change my Vendor for my security services. My answer is no.

author avatarWerner Schonborn

If I could go back and buy a different firewall, I would do so immediately.

The main reason is that when layer 7 capabilities are implemented, everything changes in terms of:

* Performance
* Functionalities
* Routing
* Reliability

I would buy a much stronger firewall i.t.o. CPU power, more ethernet ports.
Salespersons always try to sell you what they think will be best, but the technical person should have the final say in the decision-making process.

author avatarRichard Benfatto

I read below the following: QUOTE Sophos XG Firewall a couple of years ago came up with the deployment wizard option. This has made a really easy deployment. UNQUOTE

I read this and it comes to my mind that because of this the product is really effective? What is the balance of real efficiency against how nice the interface is?

Where I work now I was asked to quote FortiGate but because it was more expensive than Sophos and they had friendships with that provider, they purchased Sophos. Then if they enabled the antivirus the CPU was running at 90%, slow traffic and it blocks things it should not.

So, I am confused and cannot discern anymore any logic/s, if that ever exists. But I am quite sure that the book I wish to write: Inefficiency by incapacity, maybe more a library as a single book may not be enough?

author avatarSimeon Tassev
Real User

I'm not sure if this is the correct question. If the question is: Would you consider another firewall every year? then the answer is yes. The technology landscape is changing so often today that we can no longer invest and hope for it to last 3-5 years. Sometimes a small new feature could make the difference and make you choose another product. So keep checking what is out there every year and you will know when it's time for a change.

author avatarSyed Ali Wajahat
Real User

I would change my firewalls with NSX edge gateways, which have all the basic functionality of firewall and For NG inspection and defense I will implement FTD or PaloAlto VM.

author avatarOwner at a construction company
Real User

No, it was a good decision to buy this firewall. It is perfect for my usage (small company, 8 users) and easy to manage with OPNSense.

author avatarShahab Razak
Real User

No, I will keep my FortiGates thank you very much and here’s why:

* Traffic visibility is now 20/20 or better.
* Troubleshooting time has been reduced drastically.
* On-the-fly packet captures isolates or eliminates areas of focus.
* Rulesets are intelligently implemented because there is a holistic view of the entire policy and active feedback on non-compliant, duplicate, or shadow rules in real-time.
* Integration into roadmap items such as SD-WAN, WiFi, port security, etc.

author avatarAsgharHamidi
Real User

If it is about saving money answer is no. Saving money is not aways the case. Some products has easy way of maintaining than other.

See more Firewalls questions »

Firewalls Articles

Danielle Felder
Senior Social Media and Content Manager at IT Central Station
For many enterprise organizations, firewalls are critical for protecting a company’s network and appliances from unauthorized incoming and outgoing access. According to IDC, this interest in firewalls is not declining anytime soon.   There are many firewalls to choose from in the industry, such… more»
Andrew S. Baker (ASB)Another question: -- How quickly does the vendor provide support and fixes?
reviewer690582That depends on the type of subscription that accompanies your device(s). You… more»
Andrew S. Baker (ASB)My suggested question is independent of the support packages. If you're paying… more»

What is Firewalls?

What is a firewall? Technically, a firewall definition could be that it’s the part of a system or network that blocks unauthorized access but permits outbound communications.  Most importantly, firewalls are intended to protect key IT assets from security threats such as denial of service attacks or data theft. Firewalls come in many varieties. What makes one better than other will depend on numerous organization-specific factors. 

When IT Central Station users were asked about what makes the best firewall, they described a number of factors that will help anyone make the right choice. Some security professionals want to know what is the best free firewall? IT Central Station reviews suggest that this is a question that should asked only after one has assessed many basic requirements about usability and features first.

Visibility is offered as one of the most critical aspects of an effective firewall.  Users want global reports and traffic visibility as well as application visibility.  IT Central Station members also want the firewall to provide visibility into specific users’ behaviors.  Visibility as a key point of value cuts across different types of solutions, including Windows firewalls, firewall software and network firewalls.

Ease of use and simplicity of administration also rated as high priorities for firewall buyers. A firewall should be easy to manage and configure.  Easy installation is essential, as is integration.  According to IT Central Station reviewers, firewalls typically function in complex, heterogeneous security environments. In parallel, solid vendor support is important.  Reviewers noted that the first line of response to an issue with a firewall is almost always an in-house technical resource. That resource needs to be trained easily. If training is too cumbersome or if the firewall admin is a hard-to-find hire, the department will suffer.

Firewall users list many specific functions as “must haves.” These include intrusion protection (IPS), VPN, high throughput, data loss prevention, SSL, IPSEC, application control and web content filtering.  Some users want a firewall to easily integrate with an LDAP Server or Radius Server.  Anti-spam is desirable, as is anti-virus and anti-spyware protection.  Users emphasize the importance of IPv6 native support as well as traffic shaping and bandwidth control.

Find out what your peers are saying about Fortinet, Cisco, pfSense and others in Firewalls. Updated: March 2020.
406,312 professionals have used our research since 2012.