​What do you recommend for a corporate firewall implementation? I have six geographically dispersed locations.

451
82

I have a web-based firewall solution from our telecom vendor which is not user friendly nor does it show you the traffic on the firewall.

I have six geographically dispersed locations. What do you recommend for a corporate firewall implementation? 

Anonymous avatar x30
Guest
As seen in
Logosasseeninsmall

82 Answers

Rachel langham li?1429563115

I would recommend Zscaler and can introduce you to the head of technical operations who would be very happy to discuss this with you. No appliance required and can indeed replace much of your appliance based stack in your HQ. Cloud based solution, eliminates backhauling and reduces latency to cloud based apps. Takes out need for VPN. Gartner and Forrester leader. Get in touch with me and I will introduce you. Great company and great software.

Like (0)12 July 17
774509c7 4825 4b74 812e d2f7d2f749d0 avatar
Cuc PhamVendor

All UTM is okay to use, however, I do highly recommend you with Cisco Meraki MX Security appliance (UTM) - the latest technology that all BIG Corp have applied it more and more recently.

Since the most important points you may need to consider for your company is
+ HOW to helps you centralised manage 6 sites with ability to remote control,
+ Intuitive interface to know what's happening at real time,
+ Save lots of cost from your IT labour work, and specially
+ Eliminate your VPN annual services among all the sites (such as MPLS, leaseline, etc) thanks to Meraki WAN optimization (iWAN) .
+ Finally, the cost-investment in long-term is very competitive with BIG SAVINGS compared to all other UTM solutions.

In brief, it does not only helps escape you from the heavy & tough work-load, but also is an effective-investment solution for your company (your boss) and increase the capacity & development at each site.
Hope my sharing is helpful for you, and also to other friends. Thanks & Cheers!

Like (0)21 June 17
Anonymous avatar x30
Erika MoyaReal User

Yo recomiendo FortiGate de Fortinet, que tiene una administración muy sencilla pero que es lider en el cuadrante de Gartner en UTM

Like (0)20 June 17
Anonymous avatar x30

Akamai has a comprehensive set of WAF solutions in the cloud. No capital expenditure, therefore no long term commitment to hardware that quickly becomes obsolete. The added value is increased performance, user friendly and a leading cloud security solution used by the worlds largest enterprises globally.

Like (0)23 May 17
Anonymous avatar x30
roboflUser

We have been using Sonicwall for about 12 years but over the last couple of years have been moving to the Sophos SG Series. I know many people complain about Sonicwall reliability issues, but for us the UI just didn't keep up with the features they have added on over the years. I also don't care for the perpetual "early release" firmware. We also have a couple of Fortigate units for specific uses. Very reliable but not nearly as user friendly.

Like (0)21 March 17
Anonymous avatar x30
IzUser

I'm also evaluating firewall: Checkpoint, Fortigate, Sonicwall, Sophos, Huawei, Cisco ASA, Cisco FirePOWER, Juniper

Technical spec i won't say much here, it has to depends on your need (feature to turn on), size (office/datacenter/etc) and budget.
They (firewall maker) can say they are the leader, they have special ability (*haha), best in the world, etc.. but actually they have same purpose, the only difference is marketing term like AMP, ATP, Sandblast, Wildfire etc.

No perfect solution, if you have budget you can go for carrier grade firewall, is like no one can stop you to buying Ferrari.

Below is my view:
1. Checkpoint:
Pros - Good in security, pure-play security company, long history, very clean GUI, very user friendly GUI, large community, large knowledge base, complex deployment, good documentation but not so straight forward.
Cons - Expensive, due to the architecture easily get under size.

2. Fortigate:
Pros - Reasonable price with performance, purpose build ASIC to provide very high network throughput, very high VPN throughput among the competitor, large community, large knowledge base, complex deployment, good documentation and easy to understand explanation.
Cons - Got a lot of feedback that there are some issues when update the firmware (Suspect because ASIC chip compatibility with different firmware)

3. Sonicwall:
Pros - Seldom see in complex deployment but good in office/branch deployment, cheaper, clean GUI, user friendly GUI, good documentation some even have video.
Cons - Due to the Dell acquisition the development has slowdown, they told me they are catching up now, only 1 sale engineer in my country.

4. Sophos:
Pros - Seldom see in complex deployment but good in office/branch deployment, cheaper, clean GUI, very good integrate with their end point solutions.
Cons - There are a lot of users feedback that DPI slowdown the internet speed, very little referrer, they might more focus on their end point solutions.

5. Huawei:
Pros - Cheaper.
Cons - Very little referrer, consume more rack space.

6. Cisco ASA:
Pros - Stable, reliable, good CLI, large user community, good documentation but not so straight forward, more discount if you are Cisco house.
Cons - Need put more effort to understand how to use, GUI is not so user friendly, security is just a part of their business, a lot console need to take care.

7. Cisco FirePOWER (new firmware) :
Pros - FTD will be integrate NGFW feature (VPN and multi context still not support yet)
Cons - Is new release so no comment.

Please let me know if i was wrong, I looking if someone more experience can share his view so that i can add to my evaluation list.

Iz

Like (0)15 March 17
Anonymous avatar x30

Good Day Terry,

If you are looking to get out of the security hardware business then I think you will want to review the capabilities of Network Box USA. We provide a Managed Security Services solution that does not require you to purchase any hardware or manage the hardware based on our 24x7x7 managed service from our Security Operations Center in Houston, TX.

I would be glad to discuss our unique approach which can be very cost effective and get you away from managing appliances for your six locations.

Mark Manion
National Sales Manager
mark.manion@networkboxusa.com
www.networkboxusa.com
716-989-1134

Like (0)14 March 17
David humphrey avatar 1434647050?1434647046
David HumphreyReal UserTOP 10

Depending on the size of the company, most enterprise-level firewalls will demonstrate a centralized management console capable of managing many disparate firewall locations, as well as the virtual elements within each. If you are at this level, my preference would be the Palo Alto system, that allows the administrator to create rules, and abstractions that ultimately lead to an administrator putting together a policy like: "Inbound reverse web proxy" -> "any external system" -> "our reverse proxies" -> "web protocols". So while, this terminology is still ancient rule-base logic, the wording of the policy is actually readable. in other areas of the system you define; what IP address belong to your reverse proxies; what web protocols you will allow, etc..

Like many complex systems, these FWs may be more capable than you need; IPS, FW, threat intelligence, malware detection, etc... just ignore the added features until you find the need to expand your requirements, and they will come naturally if needed.

Finally, traffic analysis - it too is there in the PAs, but relatively rudimentary. It will show volumes, but not keep the kind of traffic history that a good analyzer would provide. Still useful, but your requirements may be more complex than what can be presented.

Like (0)14 March 17
15f4eb5c ed48 45ac a461 1146ad26ec73 avatar

Hi Terry - Management of diversified firewalls is at the heart of our FireMon solution. We can aggregate all of your firewall traffic, regardless of location and firewall vendor, into a web-based firewall management platform that provides continuous visibility into and analysis of your network security policies and underlying IT risks. The platform proactively delivers cleanup, compliance, and change management through a centralized dashboard. FireMon simply needs to have connectivity from where the FireMon data collector is deployed, along with the traffic and change logs. If you already have a central locations for logs like a SIEM, that can also be used. Check out the list of firewall vendors we support @ https://www.firemon.com/about-us/technology-partners/ , as well as our capabilities @ https://www.firemon.com/try-it-free/ .

Like (0)14 March 17
39e09038 cb86 4f83 99c5 b5b444ee626d avatar?1457946224
Mohammad NatourReal UserTOP 20

I recomend you to go with Fortinet or Sonicwall.

Like (0)14 March 17
Anonymous avatar x30
Sean AkersReal UserTOP 20

The original question did mention ease of use, showing throughput, and the need to connect several regions which is why I recommended Meraki products. IMO they are by far the easiest firewall to set up and a total no-brainer for distributed use. It is nigh on impossible to accidentally disconnect your remote offices due to configuration mess up and even if you do then the out-of-band management will allow you to correct the issue.

If you know what you're doing then I'd go with pfSense. Powerful and affordable (free even if you can do without the support).

We have Meraki MX in our HQ office as the needs there are simple and ease of management is a top priority along with all the stuff the Advanced Security license brings. We use pfSense in our data centre rack.

Having spent a long time with Cisco ASAs I'd certainly not recommend them to the OP due to being far too complex to set up without experience or training. Although they're rather good if you know what you're doing.

Like (0)14 March 17
Anonymous avatar x30

Fortigate Firewalls are best suited for these purpose. You may select the appropriate model either by comparing specs on their website or talking to one of their consultant. Only, shortfall with Fortigate is, one needs to be trained to configure and manage these devices. So, you either learn it yourself or signup a support partner. Online support is not very great for setting the device up. But, pretty quick and efficient in helping resolve specific issues faced.

Like (0)14 March 17
5864ec4d e3dc 451f 8073 e0a78bc0e111 avatar
S. M. Rabiul IslamReal UserTOP 20

Please follow answer of Irvin Gaerlan for sophos UTM.

Like (0)14 March 17
7320e73f ebc4 4946 8270 7c73d5902d8b avatar?1444584970
Kannan MConsultantTOP 20

Please reply the below questions
what kind of traffic to be allowed ? example https, FTP, SFTP etc.,
How many Users will have connection to the Firewall?
Do you want IPS to protect the network ?
Do you want Firewall with redundancy or Standalone ?
Whether Site to Site VPN or Remote Access VPN required ?
Would recommend Cisco Next Generation Firewall Cisco ASA 5500-FTD-X Model based on the business requirement.

Like (0)14 March 17
D09ce393 3e40 4179 9ae9 06e6271cc11c avatar
OsamaMunirReal UserTOP 20

Go for Fortinet Firewall, Its interface is very user friendly, multiple features and easy implementation low cost compared to other high-end firewalls and good technical support.

At Corporate Headquarter analyze one of the following models.

FG-200D FG-200E FG-300D FG-500D FG-600D

At remote site following models are recommended

FG/FWF-30E FG/FWF-50E FG/FWF-60D FG/FWF-60E FG-80D

Specification can be compared on the following link. However please note the specs are for ideal situations. I recommend to analyze each specs by 1/3 factor for practical implementation.

https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/Fortinet_Product_Matrix.pdf

Like (1)14 March 17
Musavir sheikh ccie 47557 li?1430505692

I think you can use, Fortigate Firewall, Barracuda WebFilter Firewall. They are user friendly and you can generate an efficient reports etc. We are also using Fortigate 310B for web filtering.

Like (0)14 March 17
A419d61d ddcd 4e07 973d 81ea5bccb10f avatar
Rohan HandeReal UserTOP 20

I would recommend you fortunate firewall, its provide user friendly gui interface. and nice UTM protection. you can monitor your want traffic on dashboard.

Like (0)14 March 17
9641c043 d5be 4f95 bdff aeeabca066ef avatar
Aris DennardReal UserTOP 20

Let me start by asking, what vendors, equipment is in your infrastructure? What are you and your team familiar with? I ask for this reason, I am familiar with Cisco, that may not be what you are familiar with.

Like (0)14 March 17
Anonymous avatar x30

We have been successful with Fortinet.
The advantage is that depending on the sites, you might want to setup higher levels in one location and lower level firewalls in others, but since all of them use the same Operating system you can program them similarly.
The other advantages are that you get many functions from these firewalls such as:

1. Fastest firewalls
2. Next Generation Firewalls
3. NSS Labs Recommended
4. ICSA Labs Certifications – 1. Anti-Virus 2. Firewall-Corporate 3. IPSEC-Basic 4. SSL-VPN 5. Network IPS
5. Real-time updates 24x7 from Fortinet automatically
6. Anti-Virus
7. Anti-Malware (ATP)
8. Anti-Spam
9. Web Content Filtering
10. Intrusion Detection and Prevention
11. Firewall
12. Data Loss Protection (DLP)
13. And many more functions….
As to traffic, you can see all of them separately or you can get the FortiAnalyzer and analyze traffic from all of them since you would point all of them to the FortiAnalyzer for that.
For management of all the firewalls and for updating them uniformly, I suggest getting the FortiManager – that will help tremendously.

For FortiAnalyzer - https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/FortiAnalyzer.pdf
For FortiManager - https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/FortiManager.pdf
For FortiOS (Fortigate Operating System ) - https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/fortiOS_54.pdf

Like (0)14 March 17
Anonymous avatar x30
Kent MitchellReal User

I would use Cisco ASA NG appliances.

Like (0)14 March 17
16801ec5 c7e3 4a52 9cb2 7d7bd3f07ca8 avatar?1450528545
Irvin GaerlanConsultantTOP 10

I would recommend Sophos UTM9. We've been using it for more than 2 years and it's stable. Although Sophos is already recommending their newest XG line the UTM9 version is very stable and still has a large community support. The UI is intuitive and features are up to par for your most demanding policy enforcement. Like all the posts before, you have to determine appropriately the scale and expected TPT for your traffic so that your organization can decide the appropriate device model for the task. Sophos also has a unified Management UI for managing all your firewalls in one place called Sophos Firewall Manager. Whether you like to deploy a full blown firewall appliance per site or RED devices, Sophos Firewall would most probably be one of your organizations top choice.

Like (2)14 March 17
Anonymous avatar x30

I recommended fortigate 100d firewall..

Like (0)14 March 17
Anonymous avatar x30

Cisco is always a good bet. They are reliable and support is good. The down side is that the more advanced features are done via script. Their UI is not that fantastic. Maybe that’s because I am using the old ASA model. However, Cisco engineer are a plenty so it will be easy to get support. I am testing out Fortigate now and their UI is a lot better. Much easier to administer though.

Like (0)14 March 17
Dana li
dbesseyReal UserTOP 20

Depending on size FortiNet for small to medium-sized and Palo Alto for
larger deployments and/or complexity. IMHO

Like (0)14 March 17
Nigel williamson avatar 1432818811
Nigel WilliamsonReal UserTOP 10

If you are not a regular firewall service manager and this is a first run into the corporate firewall systems, I might suggest checkpoint solutions as a first name in easy to learn and quick to get up and running appliances. Check point take a very logical approach to security and it is up there with the best. As for bells and whistles, get a briefing from a vendor and see if it is a fit for your finances, pretty sure your 6 sites will be managed with ease.
Regards,
Nige Williamson
Black Dragon Limited

Like (0)13 March 17
Anonymous avatar x30
Luca FaccinReal User

Personally i suggest pfSense.

I used it for over 6 years in a corporate with 6 different locations and it works perfectly.
It scale very well from small offices to big company datacenter with multiple Gpbs internet connection.

The support team, if you paid for it, is great.

Like (0)13 March 17
850969b8 6e2b 403a b35d 5e6aae47be54 avatar?1453760411
Fred FishReal UserTOP 5LEADERBOARD

I've been running Cyberoam (now SOPHOS) for over 10 years for my firewalls. I've really enjoyed the Cyberoam Support over the years those guys are great to work with. I have also been looking at the Meraki units for future upgrades to save a bit of money, and get a bit more visibility in one the traffic. You really have to weigh the money you have for the project and the number of users at each of the locations to know which solution is best for your organization.

Like (0)13 March 17
Srengineer672 li?1421917315
SrEngineer672ConsultantTOP 20POPULAR

My notes.
If it's technically possible and affordable you could consider going with a different provider that lets you have a central firewall and your offices connect to this firewall via a mpls network. That way you have point of entry and you can build one set of rules
If not then you can look for a firewall solution that lets you manage from a central management point as well as provides central reporting. I don't think you need the functionality of deploying firewall based on a template as it sounds like 6 sites.
Sophos provides that using either Sophos XG or Sophos SG firewall, Sophos firewall manager for XG or Sophos utm manager for Sophos SG and Sophos iview for reporting.
If you just require web filtering the. Go with Sophos xg. If you have a bunch of http/s web applications (eg your web site) that you are also wanting the firewall to manage then the Sophos sg is still the way to go.
For user reporting you need to have the ability to identify the user. Assuming you have active directory then this will work using the STAS agent. If not, then you need set up local identitification on the firewall.
Hope that helps

Like (0)13 March 17
Anonymous avatar x30
Dean HamsteadReal UserTOP 20

Pfsense is an excellent solution

Like (0)13 March 17
Stuart berman li?1424880284
Stuart BermanReal UserTOP 20

The FortiGate line is great for global networks. You need to size them for your traffic and type of protection (web filtering; IPS; antivirus; VPN; BotNet protection; etc) since each additional service enables requires a larger system. We find the FortiGates very affordable and very effective at keeping our networks secure globally. One bit of advice is that you consider the series when choosing hardware - a FG-100E is more powerful than a FG-100D and far more powerful than a 'C' series (although those should no longer be sold).

Like (1)13 March 17
355ceef1 3582 48e0 9e83 0dc1f0d74653 avatar
Michael TintReal UserTOP 20

I would go for fortinet firewall, like FortiGate 90-60 Series and probably 90 at main site and FortiWiFi 60E at remote location given you security well as wireless solutions. VPN to VPN between firewalls for connectivity between sites

Like (0)13 March 17
Anonymous avatar x30
Jeff VettersReal User

Hi we have approx 30 different locations and are using the SonicWall Firewalls with The Global Management Server. Must say the product works like a charm and provides al needed security logging, anything you would need and want to see with regards to your corporate firewalls.

Like (0)13 March 17
3bc53158 63c5 4ef9 a473 84498431595a avatar
Michael WingReal UserTOP 20

There are a few questions I would ask myself first before choosing a firewall vendor they would be as follows:

1. What is the budget for the hardware
2. What kind of connectivity is present at each site (e.g DSL, IPVPN, Leased Line, 3G/4G etc.)
3. What is the traffic profile for each site (running mostly web applications, SQL, social media etc)
4. What throughput is needed per site
5. Do you require more advanced UTM functionally to secure/protect internal infrastructure?

If you can pinpoint these you're on a good course to selecting a vendor.

To name but a few my personal preference would be:

Cisco Meraki (if you want to have a cloud managed SD-WAN solution) Expencive based on throughput

Very nice interface, lots and lots of detail about traffic on your network requires licensing (OpEx costs as cloud based) SD-WAN ready out of the box (really read into this as the benefits aren't as peachy as they may first seem), its Cisco so a very steep learning curve. Very feature rich.

FortiNet (if you need UTM/Application firewall) Cost effective, one of the top Vendors in the Garner magic quadrant

Very nice interface learning curve to overcome as a more advanced piece of kit (more cost effective especially when compared with the likes of Cisco, Palo Alto and Checkpoint but in the same league all throughout the product range), FortiNet have a fill security fabric, so in the future if you're looking for desktop AntiVirus/Email appliances (FortiClient), WAN Load balancers, Traffic Analysers, access switches, Cloud-based network logging ect.. They have solutions for this that seamlessly integrate.

WatchGuard basic Firewall VPN and access rule functionality. Cost effective: does what it says on the tin VPN standard firewall policies.

Not used personally but have customers who do, look extremely simple to set up and configure, would say cheapest and easiest to use of all mentioned but nowhere near as advanced or feature-rich. You get only what's on the tin in a basic way.

Like (0)13 March 17
Anonymous avatar x30

I would recommend Palo Alto networks. Their NGFW platform is one of the only vendors affecting single pass. Single pass means no matter what services are turned on it's a single pass across the box. Also SSL decryption is need in this day an age with the ever increasing https traffic that is out there. They also have a great AWS solution for auto scaling VPN for remote users.

Like (1)13 March 17
Corporat224304 li?1429187419
Myles BlackwoodReal UserTOP 20

I recommend pfSense firewall. It is a free, user-friendly, BSD based Enterprise level firewall that can handle IPSec connections, failover, multiple WAN, multiple LAN, VLANs, filtering, and more. Always the best, and very easy to setup and maintain. Have used it for over 10 years in Enterprise environments using the simplest of machines and esxi builds.

Like (0)13 March 17
Anonymous avatar x30

My recommendation is Cisco ASA firewalls. Other brands I've used Sonicwall, Watchguard, and Checkpoint. These other brands have run into issue with L2L VPN and VoIP. The VoIP service was not reliable and would drop service unexpectedly or would not connect. The ASA's have been extremely reliable with L2L and VoIP. I have locations in California, Germany and Ireland, all using ASA's with no issue.

Like (0)13 March 17
Fbd6eec6 6313 4516 a2e9 44653ce244f3 avatar
ScottDavisReal UserTOP 20

pfSense can do what you need it to do. We've deployed many firewalls for companies with geographically-dispersed locations, all with different needs and requirements. Hub and spoke could very well be the solution here. With the easy-to-use GUI and robust feature set, you'll certainly be happier with it than you are with your current product. Our professional services team can handle the configuration and deployment for you.

Like (1)13 March 17
Add davidvarnum
David VarnumReal UserTOP REVIEWERTOP 5

Check out Palo Alto Networks, maybe the PA-800 Series. You can manage all 6 locations from a single interface with Palo Alto Panorama. If you need expertise just find a local partner in your area with this link: http://locator.paloaltonetworks.com/

Like (1)13 March 17
Anonymous avatar x30

Hi,
choosing right FW solution is not simple. must have on mind what we want to achieve, IT staff experience and etc. there are not good or bad solutions, only good or bad deployment.
in your case, i will suggest Meraki MX appliance.
cloud based management, automatically VPN between devices into same organization unit, L3-L7 FW, content filtering, AD integration, easy web management and many more.
BR

Like (1)13 March 17
Anonymous avatar x30
Rafael AquinoReal User

It depends on the size of each one of the six structures (number of stations, for example),
but for SOHO structures we use to implement PFSENSE, wich have most of the resources that you miss in
your firewall, and can implement IPSEC, L2TP or OpenVPN.

One of our clients connects its Brazilian office with Chinese Office. In China they have a Fortigate (a Fortinet Firewall), and
here in Brazil they have a PfSense.

Like (0)13 March 17
Anonymous avatar x30
Sean AkersReal UserTOP 20

I'd go for Meraki MX firewalls. Very easy to use and set up and a single web dashboard to access/configure all your sites.

Like (0)13 March 17
Anonymous avatar x30
Oche AnkeliUserTOP 20

Cyberoam NG series / Sophos UTM

Like (0)13 March 17
01139998 9f10 4104 9a50 37c68da6eaa4 avatar
Clive GeradaReal UserTOP 20

I recommend Sophos UTM for ease of use, relatively low cost and flexibility.
or Fortigate if your budget allows

Like (0)13 March 17
2db8f739 4740 470b aca3 db5a0e3bf5a0 avatar
Mark BuechlerReal UserTOP 20

I am a huge fan of SonicWALL with Comprehensive gateway Security for all my firewall scenarios.

From an ease of use and security track record, they just work.

I have put 4 and 2 site medical practices in place with SonicWALL site to site VPNs without a hitch.

Like (0)13 March 17
Frank horwich li?1429736351
Frank HorwichReal UserTOP 20

Look at. Cisco's - Meraki - product line. Check out their waps as well as their security appliances (firewalls).

Forget all that code and text interface nonsense.

Meraki rocks. Cisco bought this company because they were such a threat. Thank me later

Frank Horwich
303.601.4009

Like (0)13 March 17
9d75d500 40ed 4c7c b25b 24046e18f315 avatar

I recommend FortiGate firewalls, but more information its needed (the scope, traffic, what to protect ...) to determine the model.
With FortiCloud service you can monitor the traffic (its not needed to be the administrator). You also, can schedule daily reports to send to a specific e-mail address.
Fortinet solutions are designed to work together as an integrated and collaborative security fabric to provide a powerful, integrated end-to-end security solution across the entire attack surface.
FortiGate also can act as an wireless controller, switch controller.
offers two factor authentication using FortiTokens (hardware or Mobile tokens)
you can create virtual domains without any additional license
another point is endpint managment
etc...
With FortiManager you can manage all FortiGates from a single platform or can create Administrative Domains based on geographically locations or your administrators access.

Like (1)13 March 17
Anonymous avatar x30

Cisco ASA 5500 series.

Like (0)13 March 17
Kenneth conklin avatar?1430829729

Next generation firewall like WatchGuard.
-Multi site VPN
-Antivirus/malware protection
-app blocking
-site category blocking
-user / group policy roles
-AD integration
-reporting
-two was to manage it. Web interface and local PC policy manager.
*dimensioning report server to log all information that is under Hippa and PCI.

Like (0)13 March 17
4af447aa 98ff 4764 9e29 5dcf8dd044a1 avatar
Thejesh B NairReal UserTOP 20

I would recommend Meraki.

Like (0)13 March 17
Anonymous avatar x30

With the rise of cloud services, organisations are going more for local breakout to optimise the traffic performance from their site to the closest cloud service node. Access to the internet in general would also benefit from this design. If this make sense in the context of our colleague then an implementation of local FW on each of the 6 sites could be a solution. This design would also allow internal segmentation as each site could be protected against a potential propagation of a threat one site to the other. On the operation side FW technologies allow central management and push of rules to the sites FW. Visibility of traffic would be available as FW technology allow delegation of rights such as read only mode to the customer in case this is a FW managed service operated by a service provider.

Like (0)13 March 17
Frank horwich li?1429736351
Frank HorwichReal UserTOP 20

Look at. Cisco's - Meraki - product line. Check out their waps as well as their security appliances (firewalls).

Forget all that code and text interface nonsense.

Meraki rocks. Cisco bought this company because they were such a threat. Thank me later

Like (0)13 March 17
Anonymous avatar x30

The Esdenera Firewall 3 is a trusted and intelligent enterprise network firewall for the cloud. It has a very user friendly interface. You will find more information at www.esdenera.com

Like (0)13 March 17
Izzat doleh li?1404406017
Izzat DolehReal UserTOP 20

Sir,
I recommend SOPHOS in Head Office XG-310 & branches XG-85 or XG-105
Head Office Users 50 -100 / Branches Users from 5 - 25

Like (1)13 March 17
Anonymous avatar x30

If you intend to use a cloud based firewall you may want to get a deep dive into virtualization technology for all the available vendors. Then decide which features versus ease of use you need. Also, if it is no only firewalling but security as a service, you might go deep on CASB (Cloud Access Security Broker) and get some insight of the trending around cloud security, such as cloud mail protection and cloud endpoint management. I might as well suggest you to talk with your service providers and see where their managed services stand.

Like (0)13 March 17
Reviewer199935 li?1424880215
reviewer199935Real UserTOP 5

The Watchguard System Manager utility gives firewall traffic on one of its windows called the Firewall system manager. I suspect it only works with Watchguard firewalls.

Like (0)13 March 17
Anonymous avatar x30
sgelbandReal User

pfSence will easily let you interconnect all 6 locations. It has a terrific GUI interface and fantastic tools for openvpn. The support guys are the best I have ever worked with. And once you master it, it is entirely free.

Like (2)13 March 17
Anonymous avatar x30

The top UTMs/Corporate Firewalls:

1. Fortinet
2. CheckPoint
3. Watchguard
4. Sophos
5. Dell SonicWall

Like (0)13 March 17
Anonymous avatar x30

For ease of use, Meraki

For longevity and economy - Sonicwall

Like (0)13 March 17
Anonymous avatar x30

I recommend use pfSense in this scenario!

Like (0)13 March 17
Anonymous avatar x30

It depends on the security services that you want to implement, you must have at least IPS, Anti virus, web filter, application control, desirable anti malware feature, these features comes with a Next Generation Firewall. In order to manage the solution, monitor the equipment and view the statistics, you must use a manufacturer's own management tool that can collect event logs, snmp traps or X-Flow flows, and help you with centralized policy deployment.

Like (0)13 March 17
Anonymous avatar x30

Palo Alto Networks Next-Generation Firewalls gives you total control of your traffic based on Layer 7 policies and monitoring.

Like (0)13 March 17
71ba7f08 04b8 4fb9 b8a5 8f4579dcdb58 avatar

For an OnPremise solution I agree with the fortinet recommendation, the UTM funcionality is easy to deploy and the user interface (Fortiview) is very useful even to non-experts.
For an open source solution I will rely on the PFSense implementations.
For a 100% cloud base solution, Zscaler works well.

Like (0)13 March 17
Anonymous avatar x30

Hi,
I would recommend the Fortinet Firewall it is user friendly and it will show the traffic

Like (0)13 March 17
Alberto e luna rodriguez avatar 1432051310?1432051308

I agree you could look into Fortinet solutions. They're cost effective and offer a lot of other features you might want look at (UTM, WLAN Controllers, etc.). They're also fairly simple to configure and operate and can be centrally managed via FortiManager if it makes sense to you and your budget.

Like (1)13 March 17
Anonymous avatar x30

I must use Sonicwall firewall with grate amount of support do not use Sophos there is no support for that product.

Like (0)13 March 17
Ea8ae12f 36f0 44ee be1f 9d5f7ae050ad avatar?1452613798
Spas IvanovReal UserTOP 20

Hello,
i can highly recommend to use Sophos XG firewall as they are extremely easy to use, with all functions you ever need built in. You can also fully manage WI-Fi access points and VPN devices straight for firewall web interface.
As for monitoring there are many solutions - Sophos support more than 1000 reports on usage, but if you need real time security monitoring there is nothing batter than SIEM solutions.
Personally prefer Alien Vault a as customization to your needs are unlimited
Hope this helps :)

Like (1)13 March 17
842b643c ad6a 4046 919a 909e88d95fe0 avatar?1449510629

See Webroot - it's a web-based security via API and a leader in security. Peripheral firewalls aren't the answer. You should also keep upto date with your SSL certificates and tracking. But that's next steps

Like (0)13 March 17
Peter strate li?1424260290
Peter StrateReal UserTOP 20

If you look for excellent security with the best possible insight in whats actually traversing your FW, AND wants something that is the easiest one to manage you should check out Palo Alto Networks Firewalls. They are the only TRUE application Firewalls, so if you don't wont to keep on the hopeless fight with opening ports and thus damage your security that is what you should go for. With their new models you might be able to solve it with the PA-220 and possibly the PA-820 if you have some site that is large with a lot of traffic. And forget all you might have heard about Palo being expensive - the new models are actually fairly cheap. So go check them out...

Like (0)13 March 17
943dd6e1 caa6 469a 9b82 3f1cbd57ff50 avatar
TimothyBReal UserTOP 20

I recommend Sophos (formally Astaro), their SG firewalls and then the RED remote units are easy to setup and will allow reporting based off the traffic.

Like (0)13 March 17
8073a7f7 8769 4f90 b84c 89022cefa2b8 avatar?1437651189
Hamza FarhanReal UserTOP 20

Hi Terry,

Generally speaking, you can implement hub-and-spoke where all traffic from remote sites are routed to the internet through hub (main) firewall where you can implement some IDS/IPS/Web filter policies. Also, remote sites are connecting to hub either by site-to-site VPN or MPLS link.

-Hub (main): The firewall must be able to handle traffic from local (main) and remote sites. For WAN redundancy, use two internet links from two different ISPs.

-Spoke (remote): Two default routes with different metric, one to go out to the internet via Hub and in case the hub is not available, the second default route to route internet traffic via spoke ISP link.

-You can use Fortigate as they have many models to fit your needs along with many security features (IPS,IDS,Web Filter, DLP,Anti-Virus ... etc ). For reporting, you can use FortiAnalyzer to give you nice reporting about traffic from local / remote sites.

Like (0)13 March 17
Anonymous avatar x30

checkpoint or forcepoint with single management (and logging) capabilities.

Like (0)13 March 17
Anonymous avatar x30

I recommend a next generation firewall! Preferably cloud based unless you have a data center or servers that all your employees need to access from all 6 locations?

Like (0)13 March 17
Bad70970 32e7 44b9 aa1e d00b22d3e5b8 avatar

Hello, arguably the Fotigate meets your need, with the Fortiview that is a feature present on the equipment itself, you can show all network traffic, with ports, Protocol, users, if the connection is TCP or UDP and for which firweall rule is coming out.
And to further expand the display, hire the Fortinet Forticloud service. Well, these are just examples, the Fortigate has more resources to provide for the protection of your company's networks.

Like (1)13 March 17
9cc30f74 9288 49cc 8267 c2f105353afa avatar
Cristian MenghiReal UserTOP 20

Hi,

I'm a big fan of opensource solution, now i'm very satisfied with
pfsense (https://www.pfsense.org/) you can use your own hw or buy some
appliance from https://netgate.com/ ( sponsor of pfsense)

Other payed solution can be Mikrotik (is a linux base), Ubiquiti
https://www.ubnt.com/products/#edgemax or Fortinet
https://www.fortinet.com/

Like (1)13 March 17
5dc90d58 578e 4f46 837d e63148484b9b avatar
bilgilem461115Real UserTOP 20

Cyberoam products are really good i think you should make a research about it

Like (0)13 March 17
5df864f2 462a 4582 b8f0 d3c03d84fce0 avatar
Etienne LauReal UserTOP 20

Are you looking for in-house hw based units? If so I would recommend Fortinet's Fortigate solution.

Like (0)13 March 17
Anonymous avatar x30

I'd recommend the Meraki MX series of firewalls - if you have several locations that you need to monitor the dashboard is great for making changes with out having to be at the location. you can also monitor the traffic for each one separately ....

Like (0)13 March 17
Anonymous avatar x30

You could use WatchGuard company for the firewall, it's ideally suited for SMB companies. A model like M300 for the headquarters and maybe T50(or T70) for the other locations (depends on the bandwidth between the sites and the number of employees at each site).

The user interface is really simple. You also have good visibility of your traffic through Dimension (which comes freely with the solution) and with the Total Security Bundle you have all the services that you need. Hope this helps you decide.

Like (0)13 March 17
Anonymous avatar x30

I would recommend a hardware firewall on premise HQ

Then MPLS on the regional offices.

Have implemented a similar setup and its working so well.

Like (0)13 March 17
Anonymous avatar x30

hi, I can assure you that 6 fortigate 100d can do the job, also if you want to extend your monitoring experience, with splunk you can do a lot of things...

Like (0)13 March 17
Anonymous avatar x30

I recommend PA 5020 firewall.

Like (0)13 March 17
Anonymous avatar x30

I would recommend firewall devices from FortiNet. They can be configured as Full UTM, NG Firewall, Web Filtering device, etc…

Like (0)13 March 17
As seen in
Logosasseeninsmall

Sign Up with Email