2014-12-09 10:24:00 UTC

When evaluating Firewalls, what aspect do you think is the most important to look for?


Let the community know what you think. Share your opinions now!
Guest
2929 Answers
Real UserTOP 5

Comprehensive protection, reliability, straightforward administration, total cost of ownership over three to five years.

2018-02-01 18:00:15 UTC01 February 18
Real UserTOP 5LEADERBOARD

1. Status inspection capabilities.
2. Ease of administration.
3. Performance.
4. Price.
5. Scalability.

2019-01-16 20:42:05 UTC16 January 19
User

1. Protection
2. Throughput
3. Ease of use
4. Support
5. Price

I want to make sure it fits my needs and does what I need to do. Every environment and budget is different. Making sure you talk to people who know what they're doing so you get the product you need.

2018-04-25 20:53:28 UTC25 April 18
Real UserTOP 5LEADERBOARD

1. I can figure out how to use it so it must have GUI interface.
2. Good support so when I need help I can get it.
3. Renewal fees are reasonable (not half the price of the unit).
4. Of course, that it does the job.

2018-04-11 17:17:43 UTC11 April 18
ConsultantTOP 20

NGFW, Stability, Good vendor support, Good logging information, centralized management

2018-02-07 18:01:43 UTC07 February 18
User

Firewall should be:
- with NGFW features
- Capable of Inspecting encrypted traffic without breaking or compromising the security of the traffic.
- Scalable
- Easy to manage and configure
- with Excellent vendor support

2017-03-30 12:50:51 UTC30 March 17
Real UserTOP 5LEADERBOARD

There are already some good answers about it but this is what I understand for a firewall. It is a luxury when compared in a networking domain. So basics first, we would need to suit your networking requirement. For this you need to settle down for Vendor whom you need to buy this firewall. From an organization level, Try to get a best deal.

Now from networking perspective, take that spec sheet out and look for the models they offer and see which one fits your network. I mean check the throughput of the firewall. Can it handle the load you are going to push it through ?

Ok so you got your vendor and the model but wait let's see that spec sheet again. Why? The features. Yes the features are also important as everyone already pointed it out. You need to compare the feature and see if it meets your organization policy. Most of the firewalls have all that is required for an organization. This includes but not limited to deployment mode, high availability, application visibility, custom application definition, central management (required if you have more than one firewall to standardize your policy), Throughput post going through IPS / URLF, SSL VPN capability (I don't want to spend more to get this new extra feature right), IPSEC VPN, and others. The core of deploying the firewall is the throughput. I don't know how to emphasize more on that.

Once you get this checklist complete. I believe you are good to purchase a firewall for your organization. I would request people to try these firewalls on the VM instance for demo and see how they function. Check with your vendor for demo. This is to ensure that your IT engineer is comfortable with the look and feel as he is the one going to handle your firewall right ?

All the best ! on getting a new firewall.

2016-09-05 01:45:00 UTC05 September 16
Consultant

Awesome answers all around!

The most important aspect to look for is relative to one question:

How informed are you with the actual needs of your network?

Overall I think there are too many specific details to choose any one primary aspect when selecting a security appliance and/or firewall device based on functionality alone. Any company that is online and running with proven technology has offered a solution that meets the minimum standard for most situations and customers. However some do perform better than others in certain environments and this depends on the needs of the network and resources. Firewalls fulfill one general role in the network: the protection of key resources. This can be expanded upon in a number of ways but the idea is the same all the time; the protection of key resources and the inspection of traffic in and out of these resources. That being the case, it would require in depth research based on specific needs and see how that relates to the network in question when selecting a device.

The one aspect that will always matter regardless of the device capability is Integration and Administration. Although customer support from the vendor is extremely important, the first line of response will always be the in-house technical resource.

- How easily can I role this out?
- Am I replacing a pre-existing device or adding this in tandem?
- Do I have people who can manage this device currently and if not, can they be trained easily?
- If I have a single admin/engineer who manages this device and they leave the company, how easy is it to find another qualified person?

I think these aspects and questions matter a great deal. Regardless of specific strengths for a single device, if that device cannot be installed easily or managed easily, that equals more confusion and downtime which usually means a loss of money.

When considering a new firewall device or security appliance, I encourage my clients to review their short and long term goals before allowing too much time in debate over which device is better.

2015-11-16 17:32:39 UTC16 November 15
User

✓ Firewall
✓ Application control
✓ IPsec and SSL VPN
✓ IPS
✓ Web content filtering
✓ Anti-spam
✓ Data loss/leakage protection
✓ Anti-virus and anti-spyware protection
✓ IPv6 native support
✓ Traffic shaping/bandwidth control

2015-10-11 12:41:56 UTC11 October 15
Real UserTOP 5

The state of the firewall has moved from IP and port filtering to combine these elements:
1) Application awareness (want to block Tor or Bit Torrent?)
2) User identity awareness (policies based on identity not just source IPs)
3) Policies based on device attributes (allow smartphones to access email without login)

Forward thinking enterprises are looking at Unified Threat Management devices (or NGFW) to combine these functions along with IPS/IDS, malware filtering, AV gateway and other features.

2015-02-25 16:35:24 UTC25 February 15
Real User

1-Ease of management.
2-Price/performance.
3- how it deal with zero attack
3-NGFW

2017-03-27 18:18:21 UTC27 March 17
Real User

Real world unbiased reviews of the product from actual users along with reports of any unexpected issues or benefits they experienced. That's what brought me here :)

2017-03-24 21:23:39 UTC24 March 17
User

Stability, traffic visibility, security, management

2017-03-15 10:38:23 UTC15 March 17
Vendor

Stability & Traffic Visibility, security level

2016-10-01 17:57:27 UTC01 October 16
Real User

It's depend on user requirement. In my opinion about firewall should be smart in all features. like, Stability,Ease to configure,Traffic Visibility,Central Management .

2015-11-17 16:14:02 UTC17 November 15
User

IPS
STABILITY
VPN
HIGH THROUGHPUT
BETTER SECURITY
DATA LOSS PREVENTION
IPSEC
SSL

2015-11-13 07:16:19 UTC13 November 15
User

all of the above + robust support from the vendor

2015-10-12 08:33:55 UTC12 October 15
Consultant

What do you use Firewall for Internal FW or External FW.
My opinion about External FW you have to research before invest FW into your Orgonization
1. Next Generation FW: this FW must have control source by User Name & destinatin by application ID.
+ NG FW must easy integrate with LDAP Server, Radius Server
+ Database of Applicaiton ID have more than competitor.
2. This FW must have URL Filtering, Antivius, IPS. When enable all these features just impact about 1/5 throughput FW.
3. Central Management with two appliances (HA)
4. Reporting, can export detail report, customize report.
5. This FW must have technology to integrate with detect & prevent Unknow malware.

2015-10-07 04:42:38 UTC07 October 15
User

1- Next-generation firewall
2- Unified Threat Management
3- centralized visibility
4- centralized management

2015-09-01 17:11:53 UTC01 September 15
User

Traditional FW features + NG features such as:
1. True ability to subsume IDS/IPS and other "UTM" feature.
2. Maturity of partner ecosystem to integrate painlessly with threat feeds, SIEM, end-points, and other security technologies to eliminate silos and provide a comprehensive and automated threat strategy.

2015-08-21 14:24:57 UTC21 August 15
User

For Firewall, I'm looking for grandular policies and detailed audit logs based on these policies... Reports customization based on what policies are implemented.., egress and ingress traffic reports depending on the requirements. Reports should also be able to capture what been allowed (ingress traffic) if the need arise.

So basically i'm looking for firewall with robust policies creation and detailed / custom reports generation.

2015-07-26 13:41:51 UTC26 July 15
Real User

Hi,

Go though below link for choose a good firewall. Defiantly you will finalize a firewall with required features.
http://www.techrepublic.com/blog/10-things/10-things-to-look-for-in-a-hardware-based-firewall/

2015-07-07 08:00:52 UTC07 July 15
Real UserTOP 10

1- App and users visibility
2- past and live reporting
3- easy management

2015-06-23 07:40:59 UTC23 June 15
Real UserTOP 20

It should work on Layer 8 technology, that can manipulate traffic as per policy and requirement. Yet all the logs should be available.
This should not limited to AV\ IPS, all the core technologies (QOS, load balancing, NAT, content filtering,)should be supported on this.

2015-06-10 08:57:28 UTC10 June 15
Real UserTOP 20

1) Layer 7 capabilites
2) Central managment with remote install policy
3) Global reports and traffic Visibility

2015-05-24 20:36:09 UTC24 May 15
Real User

1) Stability
2) Ease to configure
3) Traffic Visibility

2015-04-03 09:33:23 UTC03 April 15
User

The most important thing is how much visibility if offers to understand the traffic passing through it

2015-03-24 11:23:58 UTC24 March 15
Real User

The criteria for a FW will depend on the organizations specific needs and environment. I'm looking for a good balance between functional capability and ease of use/deployment. A FW that has full UTM features, easy to work with settings and simple management/admin interface is top of mind for my organization (100-500 workstations). I also believe in the concept of defense in depth (using multiple best of bread vendor offerings as opposed to a single technology). Some UTM's offer this approach while maintaining ease of use.

2015-03-13 16:03:26 UTC13 March 15
User

1) How much traffic is appropriately blocking as per the policy.
2) Firewall must be coming with 10g/40g interface for catering traffic flow on fly.
3) Session and conucurant session must be higher depending upon the business requirment.
4) NGFW should remain consistent throughput while performing the actions like application control(App-ID enabled) ), ddos mitigation, enabling nips, enabling url filtering and email filter solution.
5) configuration file should be easily readable without using any third party tool for reviewing the firewall policy off line.
6) Seamless integration with siem of any kind through syslog or lea .
7) Above all support, l3 support, rma capability etc

2015-02-27 11:01:30 UTC27 February 15
Find out what your peers are saying about Fortinet, Cisco, pfSense and others in Firewalls. Updated: August 2019.
366,756 professionals have used our research since 2012.
Sign Up with Email