Best firewall models for 750 to 1000 users


We need a hardware firewall for 750-1000 users to provide restricted Internet access, business email access, and remote access for 300 users. Please suggest suitable models.

ITCS user
1818 Answers

author avatar
Top 10Real User

You might look into a Sophos or Meraki, but I suggest to consider a more holistic approach. If you have 1000 user at one location, I suggest to look into more than one FW in case one is broken or needs maintenance, also to split the bandwidth and support 2+1 Providers. Also the protection of the devices should not stop if they move to another location. With Sophos you could combine the AV/Client Protection with the FW and stay save when moving home or somewhere else. Meraki offers good value and a cloud management but only works for the network part. Advantage is you don't need a FW expert to care for it.
Access to Email needs more information. What do you access from where? If it is a cloud based Email Solution like Office 365, than you need a client protection not a FW to access this more securely. If the solution is on premise, again you will not pass through the FW. If you talk about remote access to an on premise solution, I suggest to get something in the cloud to protect it, like Cloudflare, AWS or better a Email Cloud Service like Mimecast.

author avatar
Top 10Real User

You can go with any reputed brands like Cisco, Fortinet, Palo Alto, checkpoint, Sophos. Features sets like malware protection, 360 visibility, spam/web filter, URL filter are available in almost all firewall vendors but in different licensing types. First, choose a suitable vendor that may heavily dictate the pricing of the device itself. For example, Sophos is obviously cheaper than Palo Alto, however, Palo Alto does provide that extra set of features for the price.

And the other thing you need is to consider your bandwidth and business requirements. Maybe you have servers that need to be accessed from outside, or maybe you just need to defend the perimeter and protect from outside; decide what your business really needs.

Then depending on your budget, you can go for the brand of your choice.
I would suggest a baseline something like this;
1. Fortinet 200E
2. Cisco 2100 series
3. Palo Alto 820
4. Sophos 210/230
And please do keep in mind that a firewall is just a tiny part of your network and security architecture. There is no guarantee that you are completely secure from attacks just because you have a firewall. Firewalls can also be evaded which is also based on how you have configured the device. You may also need additional protections like email security, antivirus, and so on.

author avatar
Top 20Real User

Palo Alto PA820 with URL filtering, threat prevention and wildfire subscriptions, HA pair or spare device optional. If remote workers uses linux or android, you'll need a Global Protect licence also.

author avatar

Without knowing the applications your users are accessing and the file transfers you are seeing, I would need to ask how much bandwidth you are consuming. Bulky, chatty applications with a lot of file transfer can be throughput intensive, so a good start is to look at your current bandwidth reports. If you do not have any handy, you can obtain them from your ISP.

Don't go cheap on security; break-ins cost more, a lot more. That said, you would be in good hands with anything Palo Alto, since you have options to filter URLs with App ID, adding in a very powerful IPS platform and remote access. That said, going with an option like the PA-3220 will provide all of the aforementioned services, while allowing for enough bandwidth to future-proof your edge. That appliance can provide TP up to 2.4Gbps. You would save a lot with the PA-820, but the throughput for protection is 800Mbps. Again, your final decisions is dependent upon the bandwidth you see today and what you expect to see tomorrow. Do find out if there are thoughts for heavy expansion within your organization; you don't want to have to upgrade your firewall next year.

author avatar

Cisco is still the benchmark for firewalls although Palo Alto and Checkpoint both provide excellent equipment.

Model selection is dependant on anticipated bandwidth and utilization selection solely on user count is an ineffective way to select a firewall.

author avatar
Real User

At a minimum I would recommend a Fortinet FG-100F
The "F" series is their latest ASIC and it outperforms the E series by x4 or better.
I like to oversize the firewalls to get more life out of them, although we usually use virtual appliances (FG-VM02v or greater)
If I had to choose an older model would go with FG-600E or higher depending upon discount.
The next higher F model is FG-1800F which is a beast and overkill.

author avatar
Top 10Real User

There are variety of product options such Cisco, Fortinet, Sophos, Sangfor or Palo Alto.

And you may also need to consider other factors including:
1- Total available bandwidth (Internet + WAN + or any other)
2- What other inspection engines will you use other than the basic firewalling. For example: IPS, AV (or Anti-malware), URL, Sandbox, SSL etc...
3- New Sessions Per Second
4- Total/Concurrent Session

As a baseline, you can begin with:
1- Fortinet 300E
2- Cisco FPR2110
3- Sangfor M5200/5250
4- Sophos XG210/230

Consider All-In-One subscription license, as it will cost less compared to individual subscriptions.

author avatar
Real User

I would recommended you Cisco NGFW FTD or Fortinet FW

author avatar
Real User

I would say you need to know whats your existing network infrastructure built on. Only considering Firewall with lots of functionalities rather which is firewall like UTM you can consider Fortinet or Sophos. But if you have a security system like NAC or SANDBOX you need to consider firewalls according to its functionality and support.

Let's say you are using Cisco ISE with TG - then its definitely Cisco FPR with APX license you need to consider. But else a segment by segment network built considering product base (which I do not recommend) you can check any competitive ranking list to choose.

Security management is a holistic approach that should be well planned to support interdependency while in action. Which makes it well workable as well as easily manageable and quickly responsive to any incidents. But if you only like to concentrate on the UTM type box to manage a firewall you can go with Fortinet. But my all-time favorite used to be Checkpoint.

author avatar
Top 20Real User

Per your demand and features required, I will suggest Fortinet FortiGate 900D/1000D model.

author avatar
Top 5LeaderboardReal User

Can you use Fortinet NGFW firewall 401E with UTM license and integrate FortiClient EMS( EndPoint Management System) for restricted access from anywhere whether they are In-home or in office.

author avatar

Depending on the number and type of remote users you might want to consider webabased solutions such as Palo Alto Prism or Zscaler rather than a straightforward SSL VPN/IPSEC tunnel.

author avatar
Top 10LeaderboardReal User

We're using PA820 with more than 1000users and with VPN and SSLVPN. So, in my opinion, these are very good devices.

author avatar
Top 20Real User

Best firewall models for 750 to 1000 users.

We need a hardware firewall for 750-1000 users to provide restricted internet access, business email access, and remote access for 300 users. Please suggest suitable models.

# I will prefer Palo Alto 3220 or 3250 model with a threat prevention subscription where I will be getting IPS / IDS, Anti Virus protection, SPAM, and go for HIP profile license also where you can provide SSL VPN access without much security worry.

Deployment is quite easy and I can help you out if you need any assistance.

author avatar

Best Suitable Firewall FortiGate-300E is for 900-1000 users setup.

author avatar
Top 20Real User

Cisco FPR 21xx

author avatar

The best is Palo Alto pa3220 model in H A.

author avatar

If your budget permits, you can look at Palo Alto. This is the best firewall in all aspects. And if you want to discuss more regarding this you can connect me on shyam.biswas@inflowtechnologies.com

Find out what your peers are saying about Fortinet, Check Point, Netgate and others in Firewalls. Updated: September 2021.
533,638 professionals have used our research since 2012.