Can I please get feedback on which of these three Firewall products are the best? Is there another product you would recommend?
Looks like WatchGuard is doing a really bad job in it's marketing, as it's in many aspects superior to other firewall vendors - when you are really into security and not just to have a box, that you will set up and forget.
The biggest mistake in firewalling and security is that everyone just looks to have things as simple as possible, set them up and than never look back at them. Firewalls are not L2 switches! Still many would like to handle them as such. Big mistake.
But there is no 'best' firewall. All good ones have advantages and disadvantages. It's pretty much like there is no 'best car'. You just have more and less popular ones and such that spend tons of money for marketing, to give you a fake sense of how good they are.
Today it's easy to get demo/eval appliances. Instead of asking what others like, everyone should evaluate the different products out there and find out, what HE likes. Others don't have the same environment as you have, neither they have the same requirements, skills, experience. All this is critical for choosing the right firewall solution for your needs.
There is a Gartner MQ released every year and there is the NSS Labs report. Should not be too difficult to find out, what solutions are worth to be evaluated. But please don't others let decide for you, what firewall you should be using!
I strongly recommend you SonicWall 5600. Its having lots of feature for network security and Comparison of price and Support it would be great choice.
Fortigate firewalls are quite rugged and offer great flexibility in configuring the policies and managing them. For individuals as well as group level user privileges. The antivirus offered is also very effective and not at all resource hungry. The only drawback is, the admin should be very well trained and aware of configuring the firewall. It’s quite complicated that way. Or the support provider (reseller) should have expert level admins to configure and set these firewalls in the infrastructure.
I would alternatively suggest looking into Sophos firewalls. They are equally rugged and effective. And also have a much user-friendly configuration and management console.
Barracuda: No Presence in the market at all, quite different way to install manage the product. Impossible to find the technical resource. If it is managed by Multinet then it’s a different story.
UTM control was not good back in the days, not sure about recent improvements.
Support Generally good feedback of Barracuda support.
Sonicwall: Very little presence in the local market, will have compatibility issues when establishing VPN with other vendors or any other integration.
UTM should be good, not experienced it first-hand.
Support, Have horrible feedback about support. they don’t respond for months.
Fortinet: Firewall full of features, good market presence with official REPs in the country. It is basically the same Juniper SSG ScreenOS platform with good UTM.
UTM is good
Support, Support in the region from India is poor, fright. A good local partner can make your day. If case is escalated to US/Canada teams, the experience is much better. You need in-country REPs support to escalate the cases.
China effect, the downside of Fortinet is, its QA of new FortiOS release is not good at all. Things running fine on one release fail badly when upgraded to new release. you need to be ready for an alternate solution when faced with such situation.
But it is better than Barracuda and SonicWall anyways.
RMA time is not next day.
Palo Alto: I would recommend Palo Alto, it can do everything typically required from a NGFW/UTM. Price can be expensive. Typically models with high throughput are quoted from most vendors. In reality, the actual required throughput is not that much. PA820 and PA220 can cater 90% of requirement we have in our environments. This way solution will be comparatively competitive cost wise. Compatibility with third-party devices is good.
Per-user bandwidth limit is missing.
UTM is best.
Support is good. The first level is through support partners, but the experience is good.
No rapid RMA, as no in-country depot exists. But On site spare is best, as the customer owns the spare unit on his premises.
Fortinet is a good option, the interesting thing with them is all the other bits you can add. Many of these such as email protection, Sandbox, edge device protection (anti-virus, VPN Connector for PCs), tokens (electronic or hardware), switches, Wireless Access Points all talk to each other so the Fortinet security umbrella covers them as well. Fortinet has a SIEM as well.
Whatever you buy, get training on it. Also, evaluate the reseller's ability to do an install. Some folks just sell the product, other also know how to install - buy from the latter, and get some Pro Services for the installation.
I have always thought Barracuda's marketing was better than the products (it is very good marketing) and SonicWALL R&D suffered under Dell, and I don't know that it is any better now they are owned by an Investment house.
Out of these three firewalls I would, and have chosen Fortinet. Checkout NSS Labs for real world comparisons. I have been using Fortigates for 2 years now in HA configurations and have only once had to use the cli. Also updates and firmware upgrades never bring the network or internet down. These firewalls get new features added at no extra cost and the throughput is amazing. Buying the UTM bundles gets you all of the features you need and more. I heard about support issues but evertime i call i get routed to someone who knows how the features work and actually helps. We added a fortianalyzer and now we can see logs from all of the firewalls in one console and hold them for a year. Fortinet doesn't just manage their antivirus products they are the developers. These firewalls decrypt data on the fly and scan for viruses before it gets to your email, desktops or servers. Within the first week it caught ransomware within a yahoo email before it could infect our systems. We replaced our websense URL filtering with the URL filtering within the fortigates and never looked back.
I could go on and on but the real tilt in Fortinets favor was it was near half the cost of similar features and functions PA had quoted. Write down what you want and then ask if the vendors have these included in their firewalls or if they have separate appliances that can do them. Every appliance has a latency cost associated with it. You might find that all three can do what you want then it will come down to the management of the firewalls and cost.
I've utilized both SonicWALL and Fortinet in many implementations over the years. Fortinet does a better job in large, multi-tenant deployments and has excellent stateful packet inspection throughput. If you're planning to do SSL decryption and inspection, SonicWALL is the way to go (and currently, the product we lead with). I've found SonicWALL to be easier to manage and have also found that if you're a GUI-oriented user, all of the features are there in the UI. On the Fortigate you'll often have to dig into the CLI to enable some features.
The Barracuda products are very good and quite pricey, especially since you mentioned you were looking at the Sonicwall TZ series. The Sonicwall TZ series is meant for a smaller environment. The Fortinet firewalls are great but require a little more training. My experience with Sophos is that they have been a little buggy and support is not great. Since Sonicwall was sold by Dell the support has been better. I work with several small companies and I would say go with whatever product you have the most experience with. The learning curve can be a little much when you don't know what you're looking at. Both Sonicwall and Fortinet have pretty good support and a pretty extensive KB. Good Luck!
fortinet or baracuda and CISCO ASA 5500 series also good
I hope you have got your requirements very clear in black and white and thats why you have selected these three OEM Firewalls:
1. SonicWall - Be ready to change as soon as support ends.
2. Fortinet - similar to cisco at a affordable price.
3. Barracuda - Can go for this
4. Cisco Firepower - Explore this Firewall.
I prefer Fortinet. I’ve replaced many Sonicwall’s with Fortinets and found the performance when benchmarked to be superior.
I’m not familiar with the Barracuda, but I like to catch them. ☺
Below will be my first, second and third choice. It really depends on situation as all are really good if it's only firewall then Cisco is the best for budget and features Fortinet and Sophos are great. I hope sometime Sophos will make it to top of the list also.
1- Fortinet Fortigate
2- Sophos XG
I suggest you also see a comparison from each brand as you will come up with lot of new findings as an example see below links.
https://secure2.sophos.com/en-us/security-news-trends/reports/gartner/magic-quadrant-xg-firewall.aspx and https://www.sophos.com/en-us/lp/nss-labs-firewall-test.aspx
It all depends how they market their product mostly all these products cover the critical functions.
You can go with Fortinet.
I would say the most famous and supported is Fortinet as it is NGFW . but also the F800 can also be argued as NGFW and more enterprise focused solution
Sonic wall is for SMB customers
I have experience with SonicWall and Fortinet. Both are good options.
But the customer is considering email spam filter firewall. I would advise going with Barracuda.
will recommend using fortigate firewall since it been proven to be the best for both data centre and enterprise by NSS Las. Also the device come fully packed with other security features like antivirus, web filtering, application control, device and user base authentication. Price is also moderate as compared to other firewalls. They produce their own in house custom ASIC processors for their devices coupled with the FORTIOS, the device is a best.
will recommend using fortigate firewall since it been proven to be the best for both data centre and enterprise by ENDS Las. Also the device come fully packed with other security features like antivirus, web filtering, application control, device and user base authentication. Price is also moderate as compared to other firewalls. They produce their own in house custom ASIC processors for their devices coupled with the FORTIOS, the device is a best.
- Many techs I know, including myself, do not like the SonicWalls
- Very good for medium to smaller shops
- Higher cost on device lower cost on services
- In the category of Cisco
- Don’t know pricing as I’ve only managed possibly 6 Barracuda firewalls
- Very good reputation
I gave some serious thought to your correspondence and have attached some literature that may aid you and your colleague in making the best network security solution decision. I am currently still gathering data pertinent to the Baracuda solution and I will be able to offer my thoughts on that particular option as more information becomes available to me. Attached you will find a helpful and informative datasheet comparing SonicWALL to Fortinet. I do hope this helps ☺
By far, I would recommend a Fortinet solution. Others are limited in what they can do and how well they protect. Also be sure to consider how all
solutions for security work together and how they report information up to a single pane of glass so you know what where how when and be able to shut down threats as they occur. System and network monitoring is key, but as far as firewalls go, Fortinet is one of the better ones.
I will highly recommend Fortinet out of these and would recommend Fortinet , Cisco and PAN firewalls to be compared while going for NGN firewalls as they stand among the best . This doesnt mean the other are not competitive it's just the R&D they are doing and investing on the latest feature sets upgrades .
Very difficult question in terms of which one is the best. Honestly, I won’t pick SonicWall. That’s just my opinion anyway. It’s also about reading comparisons between vendors and understanding how will be each person feeling more comfortable with the interface.
Everything depends on what the final client requires.
* What features of Firewall do you need to implement?
* For how many clients?
* What is the bandwidth of internet access?
May I recommend Cisco for the this comparison?
Unfortunately I unable to provide the answer as I can get you the information for the comparison of these appliances with Check Point. If you would like for me to arrange for someone to get in contact with you to provide more information send me the contact details to email@example.com
Don’t buy Fortigates, they are unstable. We have had endless nightmares with them. Their GUI needs to be re-written as it crashed when firefox misbehaves. Tech support doesn’t know what they are doing in this situation as management seem to be hiding these issues from them so as not to propagate it onto general blog sites etc.
We were so annoyed with their attitude to obvious design flaws they haven’t even beta-tested that we are trying to pursue getting our money back on these devices.
Fortinet Firewall is good. I recommend to size properly. Please list your requirements and network utilization. FortiGate will perform up to the mark for sure.
From the model, you have asked for comparison, FortiGate 200E or 100E would be better choice for demo. The suggestion may not proper, because you haven't mention your network requirement in the question.
FortiGate is leading firewall with proven throughput for stability, inbuilt wireless controller, Security Fabric Enabled, Ease of network control, Outstanding VPN performance, Logs on cloud facility, VDOM facility, HA feature and many more. FortiGate has highest number of third party certifications for throughput accuracy.
If you consider cost benefits, I believe that the best choice is Hillstone Firewall.
This firewall was tested by Nsslabs in 2016 and your position was very good (best price and 3º position of effectivity). I know this firewall,
it is very stable and They have a very good support.
If you consider only Quality/Confiability and Features, I believe that the best choice would be Checkpoint firewall. They have the best marketshare for Enterprise Firewall.
Barracuda F800 is good. Fortinet also good, but sometimes device response is not good compared to Barracuda F800
if you are looking for other option I may suggest checkpoint. because it is better than other firewalls.
with my past experience barracuda is not a stable product. their WAF, Spam filter, link and load balancers are pretty good and stable products but not the firewall.
fortinet also a stable product and user friendly.
I recommend Fortinet
I believe that all 3 products are pretty good and there are too many factors to consider before a proper evaluation is done for your environment. There are various non-technical factors to consider as well such as vendor/partner support, training, licensing models, etc.
Based on our experience, if you are looking for a full Next Generation Firewall appliance and you are planning to use all features including sandboxing, we will recommend the SonicWall based on performance, HA licensing and cost.
If you prefer the virtual apliance we will recommend the Barracuda but vendor support in your region needs to be considered.
I didn’t have any hand-on with Barracuda and Sonicwal product
What I can say though is that we are happy with the Fortinet products (FGT 100D, FGT 200D, FGT 600D, and FWF 60E) – it really does what is should do, we are happy on how it does the web and application filter. So far it suites the firewall requirements we are looking for.
I will recommend go with Fortinet , Checkpoint or Palo Alto solutions depending on the need and capacity
You might want to try the Sophos XG firewall or Cyberoam NG series
Fortinet is the number one firewall.
Fortinet is the leader in Enterprise and UTM firewalls.
Also NSS Lab and ICSA Lab certified product is Fortinet.
Barracuda and SonicWall are not like that.
I would also recommend PaloAlto for NGFW and anti spyware capability and easy user interface. Their price interestingly is cheaper/same than Fortinet
If you want a firewall for users to access the internet, I recommend Meraki.
If you want to publish websites, I recommend Sophos.
If you have knowledge about other firewalls and want to use this to configure the devices, use that one.
If you have special needs, state the requirements and budget.
Fortinet any day, if it is among the three which you are comparing.
But, should you have a chance then definitely I would suggest you to get CiscoFTD - they are too gud @ Firewall, NGIPS and AntiAPT solution.
I personally haven't tried the Barracuda or the SonicWall. Fortinet I can say is useless even for a small business. I heard that SonicWall is pretty good, however, I recommend Palo Alto especially with their new prices now that they are very affordable.
Sure, depending upon requirements, one should select right option. In fact, I believe that entire Threat dependent security is only doing adequate job and none of the solutions that are deployed today are doing the best job they should be doing. Most of the time problem is not in the solutions but it is in changing dynamics of application deployment and consumption of those applications through the network. These solutions were designed around notion of perimeter and hence they are perimeter defense solutions. What if there is no perimeter?
Fortinet would be better. I can suggest the actual model of Fortinet If you can tell me the number of users in your network.
Remember a high end fighter jet is only as good as the pilot, so my point here is YES, fortigate is a very good firewall, but be prepared to get some training, and get some security training so you know what threats your protecting from and not just rely on the fact that fortigate firewall is a UTM appliance, it’s not a set it and forget it unit.
The Fortigate firewall paired with a SEIM PACKAGE (ie.. name dropping) Alien Vault, Splunk, or even Nagios log Monitoring so you can see all the security sides of what you are trying to protect. This is truly the only way you can get “security from a good firewall”
Just my thoughts
My Review is SonicWall is the best.
Fortinet is best solution in comparison of three but i recommend Checkpoint.
Signature database of checkpoint is very good compare to others
Fortigate , then PaloAlto
We have not used the Barracuda firewalls, however, we have used both the SonicWall and Fortinet series of products.
I would recommend any Fortinet product over its comparable SonicWall competitor on almost every occasion based on ease of use and functionality.
Hope this helps ☺
I will recommend Fortinet firewall.
I prefer Fortigate. Is a great firewall UTM.
Fortinet is THE BEST. Period, no other product will have the power they have. Fortinet invested around 9 million dollars in specific semiconductors to handle the traffic on silicon. I have one at home and been attacked many times, and never had a problem. I did have a Cisco 5506 with Firepower, I am an awarded Cisco Academy trainer.................sorry Cisco, I cannot tell lies or be politically correct. GET FORTINET !!!!!!!!!!!!!!!!!!
I strongly recommend Sophos for small ones and CheckPoint for medium and large cases
But if the case is only firewalls, Fortinet is the best-priced solution.
I definitely recommend the Juniper SRX for high performanxe data centers - the other sweet spot is multi-site nets that require sophisticared routing and central management. This is where Juniper adds exceptional value.
Fortigate is better in my opinion.
I also agree with William Yragui regarding the question and second his observations.
I have no experience with the Barracuda but plenty with Sonicwall and Fortinet. Although the highest Sonicwall appliances we have deployed are NSA3500, they have fallen out of our scope as a recommended firewall solution.
Fortigate and Paloalto are our preferred solutions with a much larger deployment of Forti than PA. Larger customers generally go with large PA's but not necessarily a given.
I come from a Cisco PIX/ASA background and unfortunately, although we still support, these are not up to the plate currently even with the Firesight add on.
I've been introduced again to Meraki (previously only wifi) and very interested in the MX - looking to take this further.
So in this situation I would have to agree with william-yragui as you have not established what your end result is. I do have to say that each of these products are good at what they do in their own environment, what I mean is when setup (and paired) with a SEIM or logging device these firewalls are quite effective. so my advice is find out what you what to use the firewall for, then make the decision based on what your looking to accomplish.
My favorite is still Meraki MX- xxx security devices, they are easy to install, setup and manage, and work great. and I have also used the Fortunate 100 series, both make great firewalls.
Just my 2 cents.
You are asking to compare two specific models against Fortinet but do not specific what Fortinet model you are considering. All three manufacturers build excellent firewalls but answering your question requires far more details. What is your budget, how many users do you have, and what throughput is required are all questions that impact the selection of a particular appliance. The SonicWall NSA 5600 has 9 Gbps of firewall throughput and lists for $17,812. The Barracuda F800 lists for $20,999 and it has 30 Gbps of firewall throughput. The comparable Fortinet product is the FG500E (with 36 Gbps of firewall throughput) and it lists for $10,850 including one year of support. All three products (NSA 5600, Barracuda F800 and FG500E) have 10 Gb SFP+ Ethernet interfaces. One of the key factors I think is important is SSL inspection since malware slips by many firewalls if SSL inspection is not turned on. The Barracuda F800 SSL inspection throughput is not listed in the data sheet nor on a search via google. The SonicWall 5600 supports 1.6 Gbps of full DPI throughput (SSL throughput is not specified but DPI covers the same ground). The Fortinet 500E has 6.8 Gbps of SSL throughput (SSL throughput is listed on the website). If all technical aspects are equal, then price is my primary consideration. I own a company that has been selling firewall products since 1992 and am therefore completely biased.
I can only speak to the SonicWall product and the Fortinet. I did an on-site evaluation for 30 days on both. They're both great products, a bit pricey for our small hospital, plus they don’t replace a need for a firewall? We ended up switching gears and just upgraded our Cisco ASA 5505 to their newer ASA 5506 with GUI interface and SmartNet /FirePOWER.
Good Day. My opinion is to go with Fortinet because of the best value for money.
Full Disclosure - I work for a UTM Provider called Calyptix Security. Giving my opinion on the three would obviously be biased. The biggest things that differentiates us from our competition is that we are a 100% channel focused and work only with MSPs and Resellers. Our hardware is very powerful from a performance perspective and we focus working only within the SMB space up to 350 users. Our goal at the end of the day is to make firewall setup and day to day use as simple and as easy as possible so MSPs and Resellers can focus their energy on higher margin jobs / opportunities. If you would like more information, please feel free to message me directly.
Generalized feedback is not adequate to rate a Firewall.
You need to ask the following:
1. What size network is the Firewall going to be installed in, small network 10 to 500 users, medium network 500 to 2500 users, large network 2500 to 10000 users, enterprise 10000 to 50000, large enterprise network >50000?
2. What network throughput speeds are required 1 gig, 10 gig or greater?
3. What skill level are your administrators?
4. Is your network public or private, unclassified or classified, etc...?
5. Will your network be filtering only inbound traffic, outbound traffic or both?
6. How much do you want your Firewall to do, do you want to perform Firewall Deep Inspection, Application proxy, Intrusion Protection, Intrusion Detection, Email inspection, Anti-Virus/Malware, Application Filtering, Application Defense filtering, Smart Filtering (dirty word or category filtering), Authentication capability (what methods are supported), Attack Response configuration, System response configuration, URL filtering, SSL rules, decryption-inspection-encryption, time period configuration, VPN (SSL & IPSEC) capability, or do you separate specific functions and features into other products or vendor systems?
7. What type of Management tool for your Firewalls do you require?
8. Will you be managing only a single or set of local Firewalls or will you require management of Firewalls distributed geographically throughout your city, state, country, region, or globally?
9. Will you have country restrictions on the Firewalls you can select?
10. Do you want global Firewall Managers to be hierarchical or have HA, etc...?
11. Will you be enabling all features of the Firewall?
12. Also, the complexity of configuring and managing the Firewall, will it be an issue for the the administrators or are they extremely skilled Firewall administrators having a full and complete understanding of how applications work and the most secure way to either protect them using your Firewall and securely transport them through your Firewall. A good Firewall Management system may simplify their efforts.
Now as Far as Firewalls:
1. Fortinet is a decent Firewall and can support enterprise large networks, but the management is not the greatest. Additionally, it is not flexible with its signature update mechanism and has been a real headache in our environment.
2. Forcepoint Next Gen is an excellent Firewall and has a great method of clustering and load balancing multiple Firewalls. Great evasion detection and prevention as well as adding high-performance application proxies and it also has really good Deep Packet Inspection. NSS gave this Firewall very high marks. Excellent Management capability!
3. Palo Alto is a pretty decent Firewall but can be expensive and its evasion detection and prevention method may not be first place. Also, turning on all functions can degrade performance, but it has an excellent management capability.
Sonicwall is ok, but you need to investigate and research country of origin and development for this Firewall.
I am not a fan of Barracuda Firewall and would not recommend for enterprise or large enterprise.
I used Fortinet Products for 6+ years in a previous position. I had no issues with the systems. upgraded the firmware with no issues. You must get the UTM with it to get the full potential. It was also our AP controller as well.
I have no knowledge on the other two. I have some experience with Cisco ASA and the Fortinet product is much easier to work with and use.
We use Forcepoint firewalls. Excellent capabilities. We have about 60 of them.
We as Global IT organization have selected Palo Alto as standards in the Group. PA devices are installed in every sites. Global settings are maintained in Panorama (central console mgt) and pushed on each Palo Alto installed in all locations (Offices & Plants). "Maintain Once and deploy Many". PA vendors are present in many locations and deliver best quality services (very good SLA's offered in the maintenance contract).
Really depends what you're after, what you need to support and what you local skill sets are.
If you're looking for a product in the sub £10K field I would always go with a Checkpoint and they are starting to respond to competition with their pricing. The operational overhead of a Checkpoint is IMHO less than the others and the included Management is second to none.
Many Banks have swapped from CP to Fortinet, but these decisions are made by accountants more than by the techies (again IMHO) and there are massive challenges involved. The Netscreen/Juniper/Fortinet genealogy is based on Zones (as is Sonicwall) whereas CP is more layer3 router based.
I would recommend the FortiNet over the other two. Ensure you utilize their UTM licensing.
I have managed an environment with over 200 FortiNet firewalls of various models and they can compete with the best of them.
Their biggest weakness is their centralized management, however, I believe they have made serious strides to improve.
If budgets allow, I would only pick Palo Alto or Checkpoint over the FortiNet firewalls.
I’ve had extensive firewall experience with both Sonicwall and Fortigate firewalls (from Fortinet). Though I have used some Barracuda products, I have not used their firewalls. I have also had marginal experience with Cisco, Checkpoint, Sophos, and WatchGuard.
Of all the firewalls I’ve used, Fortinet seems to offer the most complete, secure and cost-effective solutions. Fortinet has been in the business for a long time and their products and services are very mature, where others, such as Sophos – through aggressively priced – do not have the maturity and effectiveness of Fortinet.
Additionally, Fortinet has a robust and easy to use GUI, as well as easy command line management and troubleshooting features.
Hope this helps you. Let me know if you have any questions.
I don't know too much FireWalls but Proxies Web only
Fortinet is best solution coz it passes
NSS Labs for data center and enterprise firewall solution
it become leader according to Gartner
Pass AV labs
Passes ICE certifications
Well, I prefer to use Cisco ASA and also Fortinet as an option.
Which would you recommend?