2017-03-10 00:10:00 UTC

​What do you recommend for a corporate firewall implementation?


I have a web-based firewall solution from our telecom vendor which is not user friendly nor does it show you the traffic on the firewall.

I have six geographically dispersed locations. What do you recommend for a corporate firewall implementation? 

Guest
8383 Answers
Consultant

I would recommend Sophos UTM9. We've been using it for more than 2 years and it's stable. Although Sophos is already recommending their newest XG line the UTM9 version is very stable and still has a large community support. The UI is intuitive and features are up to par for your most demanding policy enforcement. Like all the posts before, you have to determine appropriately the scale and expected TPT for your traffic so that your organization can decide the appropriate device model for the task. Sophos also has a unified Management UI for managing all your firewalls in one place called Sophos Firewall Manager. Whether you like to deploy a full blown firewall appliance per site or RED devices, Sophos Firewall would most probably be one of your organizations top choice.

2017-03-14 02:45:58 UTC14 March 17
Real User

pfSence will easily let you interconnect all 6 locations. It has a terrific GUI interface and fantastic tools for openvpn. The support guys are the best I have ever worked with. And once you master it, it is entirely free.

2017-03-13 16:11:09 UTC13 March 17
Real User

Yo recomiendo FortiGate de Fortinet, que tiene una administración muy sencilla pero que es lider en el cuadrante de Gartner en UTM

2017-06-20 16:24:55 UTC20 June 17
Real UserTOP 20

Go for Fortinet Firewall, Its interface is very user friendly, multiple features and easy implementation low cost compared to other high-end firewalls and good technical support.

At Corporate Headquarter analyze one of the following models.

FG-200D FG-200E FG-300D FG-500D FG-600D

At remote site following models are recommended

FG/FWF-30E FG/FWF-50E FG/FWF-60D FG/FWF-60E FG-80D

Specification can be compared on the following link. However please note the specs are for ideal situations. I recommend to analyze each specs by 1/3 factor for practical implementation.

https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/Fortinet_Product_Matrix.pdf

2017-03-14 05:34:01 UTC14 March 17
Real UserTOP 5

The FortiGate line is great for global networks. You need to size them for your traffic and type of protection (web filtering; IPS; antivirus; VPN; BotNet protection; etc) since each additional service enables requires a larger system. We find the FortiGates very affordable and very effective at keeping our networks secure globally. One bit of advice is that you consider the series when choosing hardware - a FG-100E is more powerful than a FG-100D and far more powerful than a 'C' series (although those should no longer be sold).

2017-03-13 20:09:41 UTC13 March 17
User

I would recommend Palo Alto networks. Their NGFW platform is one of the only vendors affecting single pass. Single pass means no matter what services are turned on it's a single pass across the box. Also SSL decryption is need in this day an age with the ever increasing https traffic that is out there. They also have a great AWS solution for auto scaling VPN for remote users.

2017-03-13 18:21:48 UTC13 March 17
Real User

pfSense can do what you need it to do. We've deployed many firewalls for companies with geographically-dispersed locations, all with different needs and requirements. Hub and spoke could very well be the solution here. With the easy-to-use GUI and robust feature set, you'll certainly be happier with it than you are with your current product. Our professional services team can handle the configuration and deployment for you.

2017-03-13 17:02:18 UTC13 March 17
Real UserTOP REVIEWER

Check out Palo Alto Networks, maybe the PA-800 Series. You can manage all 6 locations from a single interface with Palo Alto Panorama. If you need expertise just find a local partner in your area with this link: http://locator.paloaltonetworks.com/

2017-03-13 17:01:04 UTC13 March 17
Real User

Hi,
choosing right FW solution is not simple. must have on mind what we want to achieve, IT staff experience and etc. there are not good or bad solutions, only good or bad deployment.
in your case, i will suggest Meraki MX appliance.
cloud based management, automatically VPN between devices into same organization unit, L3-L7 FW, content filtering, AD integration, easy web management and many more.
BR

2017-03-13 16:57:31 UTC13 March 17
Real User

Look at. Cisco's - Meraki - product line. Check out their waps as well as their security appliances (firewalls).

Forget all that code and text interface nonsense.

Meraki rocks. Cisco bought this company because they were such a threat. Thank me later

Frank Horwich
303.601.4009

2017-03-13 16:27:37 UTC13 March 17
Real UserTOP 10LEADERBOARD

I recommend FortiGate firewalls, but more information its needed (the scope, traffic, what to protect ...) to determine the model.
With FortiCloud service you can monitor the traffic (its not needed to be the administrator). You also, can schedule daily reports to send to a specific e-mail address.
Fortinet solutions are designed to work together as an integrated and collaborative security fabric to provide a powerful, integrated end-to-end security solution across the entire attack surface.
FortiGate also can act as an wireless controller, switch controller.
offers two factor authentication using FortiTokens (hardware or Mobile tokens)
you can create virtual domains without any additional license
another point is endpint managment
etc...
With FortiManager you can manage all FortiGates from a single platform or can create Administrative Domains based on geographically locations or your administrators access.

2017-03-13 16:26:02 UTC13 March 17
Real User

Sir,
I recommend SOPHOS in Head Office XG-310 & branches XG-85 or XG-105
Head Office Users 50 -100 / Branches Users from 5 - 25

2017-03-13 16:16:17 UTC13 March 17
Real UserTOP 5LEADERBOARD

I agree you could look into Fortinet solutions. They're cost effective and offer a lot of other features you might want look at (UTM, WLAN Controllers, etc.). They're also fairly simple to configure and operate and can be centrally managed via FortiManager if it makes sense to you and your budget.

2017-03-13 16:04:29 UTC13 March 17
Real User

Hello,
i can highly recommend to use Sophos XG firewall as they are extremely easy to use, with all functions you ever need built in. You can also fully manage WI-Fi access points and VPN devices straight for firewall web interface.
As for monitoring there are many solutions - Sophos support more than 1000 reports on usage, but if you need real time security monitoring there is nothing batter than SIEM solutions.
Personally prefer Alien Vault a as customization to your needs are unlimited
Hope this helps :)

2017-03-13 15:56:56 UTC13 March 17
Real User

Hello, arguably the Fotigate meets your need, with the Fortiview that is a feature present on the equipment itself, you can show all network traffic, with ports, Protocol, users, if the connection is TCP or UDP and for which firweall rule is coming out.
And to further expand the display, hire the Fortinet Forticloud service. Well, these are just examples, the Fortigate has more resources to provide for the protection of your company's networks.

2017-03-13 15:52:29 UTC13 March 17
Real User

Hi,

I'm a big fan of opensource solution, now i'm very satisfied with
pfsense (https://www.pfsense.org/) you can use your own hw or buy some
appliance from https://netgate.com/ ( sponsor of pfsense)

Other payed solution can be Mikrotik (is a linux base), Ubiquiti
https://www.ubnt.com/products/#edgemax or Fortinet
https://www.fortinet.com/

2017-03-13 15:52:17 UTC13 March 17
User

I use Fortigates as well - those are solid devices - @LZ good writeup in past firmware 5.0 and below Fortinet had issue with firmware upgrades, now it is very clean process. Also I would always recommend A/A or A/P configuration.

2018-07-23 17:54:57 UTC23 July 18
Consultant

I would recommend Zscaler and can introduce you to the head of technical operations who would be very happy to discuss this with you. No appliance required and can indeed replace much of your appliance based stack in your HQ. Cloud based solution, eliminates backhauling and reduces latency to cloud based apps. Takes out need for VPN. Gartner and Forrester leader. Get in touch with me and I will introduce you. Great company and great software.

2017-07-12 10:28:53 UTC12 July 17
Vendor

All UTM is okay to use, however, I do highly recommend you with Cisco Meraki MX Security appliance (UTM) - the latest technology that all BIG Corp have applied it more and more recently.

Since the most important points you may need to consider for your company is
+ HOW to helps you centralised manage 6 sites with ability to remote control,
+ Intuitive interface to know what's happening at real time,
+ Save lots of cost from your IT labour work, and specially
+ Eliminate your VPN annual services among all the sites (such as MPLS, leaseline, etc) thanks to Meraki WAN optimization (iWAN) .
+ Finally, the cost-investment in long-term is very competitive with BIG SAVINGS compared to all other UTM solutions.

In brief, it does not only helps escape you from the heavy & tough work-load, but also is an effective-investment solution for your company (your boss) and increase the capacity & development at each site.
Hope my sharing is helpful for you, and also to other friends. Thanks & Cheers!

2017-06-21 16:25:13 UTC21 June 17
Consultant

Akamai has a comprehensive set of WAF solutions in the cloud. No capital expenditure, therefore no long term commitment to hardware that quickly becomes obsolete. The added value is increased performance, user friendly and a leading cloud security solution used by the worlds largest enterprises globally.

2017-05-23 18:05:41 UTC23 May 17
User

We have been using Sonicwall for about 12 years but over the last couple of years have been moving to the Sophos SG Series. I know many people complain about Sonicwall reliability issues, but for us the UI just didn't keep up with the features they have added on over the years. I also don't care for the perpetual "early release" firmware. We also have a couple of Fortigate units for specific uses. Very reliable but not nearly as user friendly.

2017-03-21 00:45:05 UTC21 March 17
User

I'm also evaluating firewall: Checkpoint, Fortigate, Sonicwall, Sophos, Huawei, Cisco ASA, Cisco FirePOWER, Juniper

Technical spec i won't say much here, it has to depends on your need (feature to turn on), size (office/datacenter/etc) and budget.
They (firewall maker) can say they are the leader, they have special ability (*haha), best in the world, etc.. but actually they have same purpose, the only difference is marketing term like AMP, ATP, Sandblast, Wildfire etc.

No perfect solution, if you have budget you can go for carrier grade firewall, is like no one can stop you to buying Ferrari.

Below is my view:
1. Checkpoint:
Pros - Good in security, pure-play security company, long history, very clean GUI, very user friendly GUI, large community, large knowledge base, complex deployment, good documentation but not so straight forward.
Cons - Expensive, due to the architecture easily get under size.

2. Fortigate:
Pros - Reasonable price with performance, purpose build ASIC to provide very high network throughput, very high VPN throughput among the competitor, large community, large knowledge base, complex deployment, good documentation and easy to understand explanation.
Cons - Got a lot of feedback that there are some issues when update the firmware (Suspect because ASIC chip compatibility with different firmware)

3. Sonicwall:
Pros - Seldom see in complex deployment but good in office/branch deployment, cheaper, clean GUI, user friendly GUI, good documentation some even have video.
Cons - Due to the Dell acquisition the development has slowdown, they told me they are catching up now, only 1 sale engineer in my country.

4. Sophos:
Pros - Seldom see in complex deployment but good in office/branch deployment, cheaper, clean GUI, very good integrate with their end point solutions.
Cons - There are a lot of users feedback that DPI slowdown the internet speed, very little referrer, they might more focus on their end point solutions.

5. Huawei:
Pros - Cheaper.
Cons - Very little referrer, consume more rack space.

6. Cisco ASA:
Pros - Stable, reliable, good CLI, large user community, good documentation but not so straight forward, more discount if you are Cisco house.
Cons - Need put more effort to understand how to use, GUI is not so user friendly, security is just a part of their business, a lot console need to take care.

7. Cisco FirePOWER (new firmware) :
Pros - FTD will be integrate NGFW feature (VPN and multi context still not support yet)
Cons - Is new release so no comment.

Please let me know if i was wrong, I looking if someone more experience can share his view so that i can add to my evaluation list.

Iz

2017-03-15 07:23:40 UTC15 March 17
User

Good Day Terry,

If you are looking to get out of the security hardware business then I think you will want to review the capabilities of Network Box USA. We provide a Managed Security Services solution that does not require you to purchase any hardware or manage the hardware based on our 24x7x7 managed service from our Security Operations Center in Houston, TX.

I would be glad to discuss our unique approach which can be very cost effective and get you away from managing appliances for your six locations.

Mark Manion
National Sales Manager
mark.manion@networkboxusa.com
www.networkboxusa.com
716-989-1134

2017-03-14 19:40:50 UTC14 March 17
Real UserTOP 10

Depending on the size of the company, most enterprise-level firewalls will demonstrate a centralized management console capable of managing many disparate firewall locations, as well as the virtual elements within each. If you are at this level, my preference would be the Palo Alto system, that allows the administrator to create rules, and abstractions that ultimately lead to an administrator putting together a policy like: "Inbound reverse web proxy" -> "any external system" -> "our reverse proxies" -> "web protocols". So while, this terminology is still ancient rule-base logic, the wording of the policy is actually readable. in other areas of the system you define; what IP address belong to your reverse proxies; what web protocols you will allow, etc..

Like many complex systems, these FWs may be more capable than you need; IPS, FW, threat intelligence, malware detection, etc... just ignore the added features until you find the need to expand your requirements, and they will come naturally if needed.

Finally, traffic analysis - it too is there in the PAs, but relatively rudimentary. It will show volumes, but not keep the kind of traffic history that a good analyzer would provide. Still useful, but your requirements may be more complex than what can be presented.

2017-03-14 14:55:39 UTC14 March 17
Vendor

Hi Terry - Management of diversified firewalls is at the heart of our FireMon solution. We can aggregate all of your firewall traffic, regardless of location and firewall vendor, into a web-based firewall management platform that provides continuous visibility into and analysis of your network security policies and underlying IT risks. The platform proactively delivers cleanup, compliance, and change management through a centralized dashboard. FireMon simply needs to have connectivity from where the FireMon data collector is deployed, along with the traffic and change logs. If you already have a central locations for logs like a SIEM, that can also be used. Check out the list of firewall vendors we support @ https://www.firemon.com/about-us/technology-partners/ , as well as our capabilities @ https://www.firemon.com/try-it-free/ .

2017-03-14 14:51:56 UTC14 March 17
Real User

I recomend you to go with Fortinet or Sonicwall.

2017-03-14 14:08:38 UTC14 March 17
Real User

The original question did mention ease of use, showing throughput, and the need to connect several regions which is why I recommended Meraki products. IMO they are by far the easiest firewall to set up and a total no-brainer for distributed use. It is nigh on impossible to accidentally disconnect your remote offices due to configuration mess up and even if you do then the out-of-band management will allow you to correct the issue.

If you know what you're doing then I'd go with pfSense. Powerful and affordable (free even if you can do without the support).

We have Meraki MX in our HQ office as the needs there are simple and ease of management is a top priority along with all the stuff the Advanced Security license brings. We use pfSense in our data centre rack.

Having spent a long time with Cisco ASAs I'd certainly not recommend them to the OP due to being far too complex to set up without experience or training. Although they're rather good if you know what you're doing.

2017-03-14 07:42:18 UTC14 March 17
User

Fortigate Firewalls are best suited for these purpose. You may select the appropriate model either by comparing specs on their website or talking to one of their consultant. Only, shortfall with Fortigate is, one needs to be trained to configure and manage these devices. So, you either learn it yourself or signup a support partner. Online support is not very great for setting the device up. But, pretty quick and efficient in helping resolve specific issues faced.

2017-03-14 07:13:03 UTC14 March 17
Real User

Please follow answer of Irvin Gaerlan for sophos UTM.

2017-03-14 07:08:06 UTC14 March 17
Consultant

Please reply the below questions
what kind of traffic to be allowed ? example https, FTP, SFTP etc.,
How many Users will have connection to the Firewall?
Do you want IPS to protect the network ?
Do you want Firewall with redundancy or Standalone ?
Whether Site to Site VPN or Remote Access VPN required ?
Would recommend Cisco Next Generation Firewall Cisco ASA 5500-FTD-X Model based on the business requirement.

2017-03-14 05:51:40 UTC14 March 17
Real User

I think you can use, Fortigate Firewall, Barracuda WebFilter Firewall. They are user friendly and you can generate an efficient reports etc. We are also using Fortigate 310B for web filtering.

2017-03-14 04:55:18 UTC14 March 17
Real User

I would recommend you fortunate firewall, its provide user friendly gui interface. and nice UTM protection. you can monitor your want traffic on dashboard.

2017-03-14 04:52:42 UTC14 March 17
Real User

Let me start by asking, what vendors, equipment is in your infrastructure? What are you and your team familiar with? I ask for this reason, I am familiar with Cisco, that may not be what you are familiar with.

2017-03-14 04:29:36 UTC14 March 17
User

We have been successful with Fortinet.
The advantage is that depending on the sites, you might want to setup higher levels in one location and lower level firewalls in others, but since all of them use the same Operating system you can program them similarly.
The other advantages are that you get many functions from these firewalls such as:

1. Fastest firewalls
2. Next Generation Firewalls
3. NSS Labs Recommended
4. ICSA Labs Certifications – 1. Anti-Virus 2. Firewall-Corporate 3. IPSEC-Basic 4. SSL-VPN 5. Network IPS
5. Real-time updates 24x7 from Fortinet automatically
6. Anti-Virus
7. Anti-Malware (ATP)
8. Anti-Spam
9. Web Content Filtering
10. Intrusion Detection and Prevention
11. Firewall
12. Data Loss Protection (DLP)
13. And many more functions….
As to traffic, you can see all of them separately or you can get the FortiAnalyzer and analyze traffic from all of them since you would point all of them to the FortiAnalyzer for that.
For management of all the firewalls and for updating them uniformly, I suggest getting the FortiManager – that will help tremendously.

For FortiAnalyzer - https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/FortiAnalyzer.pdf
For FortiManager - https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/FortiManager.pdf
For FortiOS (Fortigate Operating System ) - https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/fortiOS_54.pdf

2017-03-14 03:37:40 UTC14 March 17
Real User

I would use Cisco ASA NG appliances.

2017-03-14 03:00:26 UTC14 March 17
User

I recommended fortigate 100d firewall..

2017-03-14 01:18:29 UTC14 March 17
User

Cisco is always a good bet. They are reliable and support is good. The down side is that the more advanced features are done via script. Their UI is not that fantastic. Maybe that’s because I am using the old ASA model. However, Cisco engineer are a plenty so it will be easy to get support. I am testing out Fortigate now and their UI is a lot better. Much easier to administer though.

2017-03-14 01:05:51 UTC14 March 17
Vendor

Depending on size FortiNet for small to medium-sized and Palo Alto for
larger deployments and/or complexity. IMHO

2017-03-14 00:15:19 UTC14 March 17
Real UserTOP 5

If you are not a regular firewall service manager and this is a first run into the corporate firewall systems, I might suggest checkpoint solutions as a first name in easy to learn and quick to get up and running appliances. Check point take a very logical approach to security and it is up there with the best. As for bells and whistles, get a briefing from a vendor and see if it is a fit for your finances, pretty sure your 6 sites will be managed with ease.
Regards,
Nige Williamson
Black Dragon Limited

2017-03-13 21:37:33 UTC13 March 17
Real User

Personally i suggest pfSense.

I used it for over 6 years in a corporate with 6 different locations and it works perfectly.
It scale very well from small offices to big company datacenter with multiple Gpbs internet connection.

The support team, if you paid for it, is great.

2017-03-13 21:05:10 UTC13 March 17
Real UserTOP 5LEADERBOARD

I've been running Cyberoam (now SOPHOS) for over 10 years for my firewalls. I've really enjoyed the Cyberoam Support over the years those guys are great to work with. I have also been looking at the Meraki units for future upgrades to save a bit of money, and get a bit more visibility in one the traffic. You really have to weigh the money you have for the project and the number of users at each of the locations to know which solution is best for your organization.

2017-03-13 20:37:28 UTC13 March 17
ConsultantLEADERBOARD

My notes.
If it's technically possible and affordable you could consider going with a different provider that lets you have a central firewall and your offices connect to this firewall via a mpls network. That way you have point of entry and you can build one set of rules
If not then you can look for a firewall solution that lets you manage from a central management point as well as provides central reporting. I don't think you need the functionality of deploying firewall based on a template as it sounds like 6 sites.
Sophos provides that using either Sophos XG or Sophos SG firewall, Sophos firewall manager for XG or Sophos utm manager for Sophos SG and Sophos iview for reporting.
If you just require web filtering the. Go with Sophos xg. If you have a bunch of http/s web applications (eg your web site) that you are also wanting the firewall to manage then the Sophos sg is still the way to go.
For user reporting you need to have the ability to identify the user. Assuming you have active directory then this will work using the STAS agent. If not, then you need set up local identitification on the firewall.
Hope that helps

2017-03-13 20:29:39 UTC13 March 17
Real User

Pfsense is an excellent solution

2017-03-13 20:28:04 UTC13 March 17
Real User

I would go for fortinet firewall, like FortiGate 90-60 Series and probably 90 at main site and FortiWiFi 60E at remote location given you security well as wireless solutions. VPN to VPN between firewalls for connectivity between sites

2017-03-13 18:50:23 UTC13 March 17
Real User

Hi we have approx 30 different locations and are using the SonicWall Firewalls with The Global Management Server. Must say the product works like a charm and provides al needed security logging, anything you would need and want to see with regards to your corporate firewalls.

2017-03-13 18:42:43 UTC13 March 17
Real User

There are a few questions I would ask myself first before choosing a firewall vendor they would be as follows:

1. What is the budget for the hardware
2. What kind of connectivity is present at each site (e.g DSL, IPVPN, Leased Line, 3G/4G etc.)
3. What is the traffic profile for each site (running mostly web applications, SQL, social media etc)
4. What throughput is needed per site
5. Do you require more advanced UTM functionally to secure/protect internal infrastructure?

If you can pinpoint these you're on a good course to selecting a vendor.

To name but a few my personal preference would be:

Cisco Meraki (if you want to have a cloud managed SD-WAN solution) Expencive based on throughput

Very nice interface, lots and lots of detail about traffic on your network requires licensing (OpEx costs as cloud based) SD-WAN ready out of the box (really read into this as the benefits aren't as peachy as they may first seem), its Cisco so a very steep learning curve. Very feature rich.

FortiNet (if you need UTM/Application firewall) Cost effective, one of the top Vendors in the Garner magic quadrant

Very nice interface learning curve to overcome as a more advanced piece of kit (more cost effective especially when compared with the likes of Cisco, Palo Alto and Checkpoint but in the same league all throughout the product range), FortiNet have a fill security fabric, so in the future if you're looking for desktop AntiVirus/Email appliances (FortiClient), WAN Load balancers, Traffic Analysers, access switches, Cloud-based network logging ect.. They have solutions for this that seamlessly integrate.

WatchGuard basic Firewall VPN and access rule functionality. Cost effective: does what it says on the tin VPN standard firewall policies.

Not used personally but have customers who do, look extremely simple to set up and configure, would say cheapest and easiest to use of all mentioned but nowhere near as advanced or feature-rich. You get only what's on the tin in a basic way.

2017-03-13 18:39:28 UTC13 March 17
Real User

I recommend pfSense firewall. It is a free, user-friendly, BSD based Enterprise level firewall that can handle IPSec connections, failover, multiple WAN, multiple LAN, VLANs, filtering, and more. Always the best, and very easy to setup and maintain. Have used it for over 10 years in Enterprise environments using the simplest of machines and esxi builds.

2017-03-13 17:48:56 UTC13 March 17
User

My recommendation is Cisco ASA firewalls. Other brands I've used Sonicwall, Watchguard, and Checkpoint. These other brands have run into issue with L2L VPN and VoIP. The VoIP service was not reliable and would drop service unexpectedly or would not connect. The ASA's have been extremely reliable with L2L and VoIP. I have locations in California, Germany and Ireland, all using ASA's with no issue.

2017-03-13 17:35:52 UTC13 March 17
Real User

It depends on the size of each one of the six structures (number of stations, for example),
but for SOHO structures we use to implement PFSENSE, wich have most of the resources that you miss in
your firewall, and can implement IPSEC, L2TP or OpenVPN.

One of our clients connects its Brazilian office with Chinese Office. In China they have a Fortigate (a Fortinet Firewall), and
here in Brazil they have a PfSense.

2017-03-13 16:56:31 UTC13 March 17
Real User

I'd go for Meraki MX firewalls. Very easy to use and set up and a single web dashboard to access/configure all your sites.

2017-03-13 16:55:27 UTC13 March 17
Real UserTOP 10LEADERBOARD

Cyberoam NG series / Sophos UTM

2017-03-13 16:52:34 UTC13 March 17
Real User

I recommend Sophos UTM for ease of use, relatively low cost and flexibility.
or Fortigate if your budget allows

2017-03-13 16:43:52 UTC13 March 17
Real User

I am a huge fan of SonicWALL with Comprehensive gateway Security for all my firewall scenarios.

From an ease of use and security track record, they just work.

I have put 4 and 2 site medical practices in place with SonicWALL site to site VPNs without a hitch.

2017-03-13 16:39:08 UTC13 March 17
Real User

Cisco ASA 5500 series.

2017-03-13 16:24:24 UTC13 March 17
Real User

Next generation firewall like WatchGuard.
-Multi site VPN
-Antivirus/malware protection
-app blocking
-site category blocking
-user / group policy roles
-AD integration
-reporting
-two was to manage it. Web interface and local PC policy manager.
*dimensioning report server to log all information that is under Hippa and PCI.

2017-03-13 16:24:22 UTC13 March 17
Consultant

I would recommend Meraki.

2017-03-13 16:24:10 UTC13 March 17
User

With the rise of cloud services, organisations are going more for local breakout to optimise the traffic performance from their site to the closest cloud service node. Access to the internet in general would also benefit from this design. If this make sense in the context of our colleague then an implementation of local FW on each of the 6 sites could be a solution. This design would also allow internal segmentation as each site could be protected against a potential propagation of a threat one site to the other. On the operation side FW technologies allow central management and push of rules to the sites FW. Visibility of traffic would be available as FW technology allow delegation of rights such as read only mode to the customer in case this is a FW managed service operated by a service provider.

2017-03-13 16:21:21 UTC13 March 17
Real User

Look at. Cisco's - Meraki - product line. Check out their waps as well as their security appliances (firewalls).

Forget all that code and text interface nonsense.

Meraki rocks. Cisco bought this company because they were such a threat. Thank me later

2017-03-13 16:19:44 UTC13 March 17
User

The Esdenera Firewall 3 is a trusted and intelligent enterprise network firewall for the cloud. It has a very user friendly interface. You will find more information at www.esdenera.com

2017-03-13 16:16:22 UTC13 March 17
User

If you intend to use a cloud based firewall you may want to get a deep dive into virtualization technology for all the available vendors. Then decide which features versus ease of use you need. Also, if it is no only firewalling but security as a service, you might go deep on CASB (Cloud Access Security Broker) and get some insight of the trending around cloud security, such as cloud mail protection and cloud endpoint management. I might as well suggest you to talk with your service providers and see where their managed services stand.

2017-03-13 16:13:42 UTC13 March 17
Real UserTOP 5

The Watchguard System Manager utility gives firewall traffic on one of its windows called the Firewall system manager. I suspect it only works with Watchguard firewalls.

2017-03-13 16:11:22 UTC13 March 17
User

The top UTMs/Corporate Firewalls:

1. Fortinet
2. CheckPoint
3. Watchguard
4. Sophos
5. Dell SonicWall

2017-03-13 16:10:40 UTC13 March 17
User

For ease of use, Meraki

For longevity and economy - Sonicwall

2017-03-13 16:10:30 UTC13 March 17
User

I recommend use pfSense in this scenario!

2017-03-13 16:10:25 UTC13 March 17
User

It depends on the security services that you want to implement, you must have at least IPS, Anti virus, web filter, application control, desirable anti malware feature, these features comes with a Next Generation Firewall. In order to manage the solution, monitor the equipment and view the statistics, you must use a manufacturer's own management tool that can collect event logs, snmp traps or X-Flow flows, and help you with centralized policy deployment.

2017-03-13 16:08:49 UTC13 March 17
User

Palo Alto Networks Next-Generation Firewalls gives you total control of your traffic based on Layer 7 policies and monitoring.

2017-03-13 16:08:11 UTC13 March 17
Real User

For an OnPremise solution I agree with the fortinet recommendation, the UTM funcionality is easy to deploy and the user interface (Fortiview) is very useful even to non-experts.
For an open source solution I will rely on the PFSense implementations.
For a 100% cloud base solution, Zscaler works well.

2017-03-13 16:07:04 UTC13 March 17
User

Hi,
I would recommend the Fortinet Firewall it is user friendly and it will show the traffic

2017-03-13 16:04:44 UTC13 March 17
User

I must use Sonicwall firewall with grate amount of support do not use Sophos there is no support for that product.

2017-03-13 16:02:31 UTC13 March 17
Consultant

See Webroot - it's a web-based security via API and a leader in security. Peripheral firewalls aren't the answer. You should also keep upto date with your SSL certificates and tracking. But that's next steps

2017-03-13 15:55:34 UTC13 March 17
Real User

If you look for excellent security with the best possible insight in whats actually traversing your FW, AND wants something that is the easiest one to manage you should check out Palo Alto Networks Firewalls. They are the only TRUE application Firewalls, so if you don't wont to keep on the hopeless fight with opening ports and thus damage your security that is what you should go for. With their new models you might be able to solve it with the PA-220 and possibly the PA-820 if you have some site that is large with a lot of traffic. And forget all you might have heard about Palo being expensive - the new models are actually fairly cheap. So go check them out...

2017-03-13 15:55:14 UTC13 March 17
Real User

I recommend Sophos (formally Astaro), their SG firewalls and then the RED remote units are easy to setup and will allow reporting based off the traffic.

2017-03-13 15:55:00 UTC13 March 17
Real User

Hi Terry,

Generally speaking, you can implement hub-and-spoke where all traffic from remote sites are routed to the internet through hub (main) firewall where you can implement some IDS/IPS/Web filter policies. Also, remote sites are connecting to hub either by site-to-site VPN or MPLS link.

-Hub (main): The firewall must be able to handle traffic from local (main) and remote sites. For WAN redundancy, use two internet links from two different ISPs.

-Spoke (remote): Two default routes with different metric, one to go out to the internet via Hub and in case the hub is not available, the second default route to route internet traffic via spoke ISP link.

-You can use Fortigate as they have many models to fit your needs along with many security features (IPS,IDS,Web Filter, DLP,Anti-Virus ... etc ). For reporting, you can use FortiAnalyzer to give you nice reporting about traffic from local / remote sites.

2017-03-13 15:53:44 UTC13 March 17
User

checkpoint or forcepoint with single management (and logging) capabilities.

2017-03-13 15:53:40 UTC13 March 17
User

I recommend a next generation firewall! Preferably cloud based unless you have a data center or servers that all your employees need to access from all 6 locations?

2017-03-13 15:53:24 UTC13 March 17
Real User

Cyberoam products are really good i think you should make a research about it

2017-03-13 15:51:15 UTC13 March 17
Real User

Are you looking for in-house hw based units? If so I would recommend Fortinet's Fortigate solution.

2017-03-13 15:51:06 UTC13 March 17
User

I'd recommend the Meraki MX series of firewalls - if you have several locations that you need to monitor the dashboard is great for making changes with out having to be at the location. you can also monitor the traffic for each one separately ....

2017-03-13 15:50:47 UTC13 March 17
User

You could use WatchGuard company for the firewall, it's ideally suited for SMB companies. A model like M300 for the headquarters and maybe T50(or T70) for the other locations (depends on the bandwidth between the sites and the number of employees at each site).

The user interface is really simple. You also have good visibility of your traffic through Dimension (which comes freely with the solution) and with the Total Security Bundle you have all the services that you need. Hope this helps you decide.

2017-03-13 15:49:51 UTC13 March 17
User

I would recommend a hardware firewall on premise HQ

Then MPLS on the regional offices.

Have implemented a similar setup and its working so well.

2017-03-13 15:47:35 UTC13 March 17
User

hi, I can assure you that 6 fortigate 100d can do the job, also if you want to extend your monitoring experience, with splunk you can do a lot of things...

2017-03-13 15:46:10 UTC13 March 17
User

I recommend PA 5020 firewall.

2017-03-13 15:43:30 UTC13 March 17
User

I would recommend firewall devices from FortiNet. They can be configured as Full UTM, NG Firewall, Web Filtering device, etc…

2017-03-13 15:41:47 UTC13 March 17
Find out what your peers are saying about Fortinet, pfSense, Cisco and others in Firewalls. Updated: November 2019.
377,556 professionals have used our research since 2012.
Sign Up with Email