What is our primary use case?
We have a couple of data centers, mainly in the Netherlands, plus some offices, which are different sizes across the world, along with warehouses. We are an eCommerce firm globally. For our data centers, we use clustered Stormshields, the SN910 Series. For our small locations and warehouses, we use the clustered SN510 Series. All the branch offices mainly use this as their firewall. On the data centers, it is more like an application or firewall with more functionality.
How has it helped my organization?
We have currently bumped into several issues with the Stormshield firewall. It has some unexpected behavior in the terms of activating interfaces that were previously turned off manually by our team. They automatically switched on the interfaces again. This is something we do not want.
What is most valuable?
It's an easy, straightforward management platform to use.
What needs improvement?
- Better management of high availability features
- Application awareness to a higher degree
- VPN throughputs: Stromshield needs a higher throughput on some models. When you build VPN tunnels between firewalls, the throughputs on the VPN tunnels are pretty limited.
- They could improve their support.
For how long have I used the solution?
One to three years.
What do I think about the stability of the solution?
The stability is not that good based on my experience. We have a lot of disruptions when it comes to Stormshield.
I have seen the results of this product acting in an enterprise environment, and it's not good enough for heavy loads.
What do I think about the scalability of the solution?
On paper, scalability is okay. They have a nice range of appliances and there is variety in the appliances that they offer. They do have products for mid-sized companies to enterprise and up.
If you look at scalability in terms starting with one firewall creating a cluster of high availability. The high available feature is there, but I don't trust it. We have had too much disruptions in the high availability system.
How are customer service and technical support?
We are not happy with the support. It is a basic support offering. Sometimes, we have to chase support on progress, which is not good, especially on firewalls. We are an enterprise and we have firewalls on the edge. If we have an issue, I want support to be on top of issues, because for us, it's a lot of money if the firewall fails.
They only give support up to a specific level, and when we like to exceed that level of support, then we need to fall back on our reseller. This is one issue. If your reseller landscape is not really up to speed, then in the most critical cases, we're depending on the reseller and not on the support of Stormshield because we cannot escalate. It's impossible for us to escalate a situation at Stormshield by ourselves. We have to fall back on our reseller. When our reseller was on vacation, it was impossible for us to act on an issue.
We had just created a brand new firewall cluster to offload our website. Then, all of a sudden, we bumped into root errors on the connection which pointed to the firewall, and Stormshield support couldn't even help us fix it. Therefore, we had serious issues for a couple of weeks and it was all related to firewalls.
It was a combination of unexpected or unwanted behavior and bugs. Sometimes things happen that can be due to configuration errors or something we did ourselves, which is not according to the plan, eventually we ruled everything out, and it was mainly due to the firmware on the Stormshield firewalls. The biggest issue was their support department was not able to help us, then everything stops. This is a no-go area for me.
I would rate their support as a five out of 10.
Which solution did I use previously and why did I switch?
The reason why they chose Stormshield to begin with is unknown to me.
How was the initial setup?
The initial setup was straightforward and simple. It is not too much work to implement the product.
What's my experience with pricing, setup cost, and licensing?
They have a very interesting pricing for their devices. For mid-sized companies, they sell their appliances for good prices.
Which other solutions did I evaluate?
The shortlist that I have now is Palo Alto, Check Point, WatchGuard, Fortinet, and Sophos. I have narrowed this list down based on technical specifications, pricing, and support features to WatchGuard and Fortinet.
What other advice do I have?
I don't have many positive things to say about this firewall because we keep bumping into issues. Now, we are looking to leave Stormshield.
Search for a vendor based on a checklist. The checklist should consist of all functional features and benefits you're looking for. Talk to colleagues in the field who have knowledge in that specific specialty. Ask for references regarding their experiences. Go to websites to gain more knowledge on specific vendors and the performance and functionalities that they offer. See about the how the support and licensing are setup.
Start rating the guidelines and features you're looking for with a number. Take the 12 features or guidelines, like SSL inspection and VPN throughput. Rate those features on a scale from one to five, and the system with the highest score overall is the winning vendor.
Most important criteria when selecting a vendor: It has to be a full-blown next-generation firewall when it comes features, throughputs, and the correct security level. It has to offer good, solid support. The pricing should be corresponding with the features and quality. The performance versus price and features should be aligned.
Which version of this solution are you currently using?
SN910 and SN510