2020-03-11T22:14:00Z

Which is the best network firewall for a small retailer?

BP
  • 45
  • 426
PeerSpot user
60

60 Answers

SB
Real User
2020-03-23T19:31:46Z
Mar 23, 2020

Good commercial firewalls take a degree of expertise that small businesses rarely possess, for that reason, I would look for a managed security services provider that specializes in the SMB retail market. They should be able to do it affordably and with solid expertise. They should support Fortinet or Palo Alto Network firewalls which are the current gold standard for Next-Generation Firewall. You should also look at upgrading your Windows 2008 servers as they are end of life and tough to protect today.

Search for a product comparison in Firewalls
Luis Apodaca - PeerSpot reviewer
User
Top 5
2020-03-23T17:59:11Z
Mar 23, 2020

1-10 employees., it's not that big, you should try the Unifi Platform from the Ubiquiti brand, it is a bargain for the price and resource you can manage, and the better for you is you don't have to pay licencing, you only pay the hardware an the IT for implement the solution.

GS
MSP
2020-03-24T20:53:03Z
Mar 24, 2020

.

NN
User
2020-03-24T10:50:18Z
Mar 24, 2020

Priority as below:

1. Best choice: CISCO FirePower 1120 as it is a strong FW and not necessary to renew the subscription if you just need a firewall.
2. Powerful but expensive: Palo Alto Networks PA or Check Point: small series and you have to renew subscription yearly.
3. Multi-functions: FortiGate, ForcePoint, SonicWall, Watchguard, Sophos: Forti is popular and high ranking, the others are lower ranks, but all these ask to renew subscription yearly as well.
4. Opensource: I do not recommend as there is no one responsible for your system unless you are very pro in Linux and opensource.

DH
Real User
2020-03-23T18:44:00Z
Mar 23, 2020

I think you should be looking more into a WAF. For firewalls with ~ 10 users a small FotiGate should be sufficient but the opportunity I see of the 2008 R2 servers. You should have moved off of these systems as of 2019 but that is not relevant to your question. I would invest in protecting those systems with an appropriately sized WAF. For this I recommend a FortiWEB.... these are distinctly different products.

MR
Real User
2020-03-23T17:54:39Z
Mar 23, 2020

FortiGate 60F will be a good and economical choice for you especially that you will host a website it will give you the best performance.

Find out what your peers are saying about Netgate, Fortinet, OPNsense and others in Firewalls. Updated: February 2024.
763,955 professionals have used our research since 2012.
RM
Real User
Top 5
2020-03-23T17:13:29Z
Mar 23, 2020

Better go with FortiGate 60E.

Finis Ross - PeerSpot reviewer
Vendor
2020-03-23T16:56:54Z
Mar 23, 2020

Fortinet

it_user1298886 - PeerSpot reviewer
User
2020-03-23T16:05:28Z
Mar 23, 2020

I like Watchguard Fireboxes for my firewall. We started out with less than 50 users and have grown to 80 and Firewall is easy to manage. The one negative it is expensive to keep the subscriptions updated. Worth it to us, as we've been viruses and malware-free for years.

KF
Real User
2020-03-23T16:00:09Z
Mar 23, 2020

The best solution in you case is a Fortinet or Sophos firewall. Use it with Endpoint protection from Fortinet or Sophos.

JT
Real User
2020-03-23T14:48:54Z
Mar 23, 2020

For your businesses that are under 50 employees but still require enterprise-class security, insight into traffic and ease of management, I usually point people to Cisco Meraki products. For businesses with relatively few users, these products are very simple to set up and usually do not require network admins or engineers to set up successfully and securely.

RK
Real User
2020-03-23T12:39:00Z
Mar 23, 2020

What is the budget and who will the Firewall administrator be?

It does not matter what firewall you recommend, money and who is looking after it is the question to ask!!

If you spend £40k on a firewall and have an idiot configure it and administer it – the firewall is next to useless, what ever Vendor’s product you buy!!

JG
Real User
2020-03-23T10:01:23Z
Mar 23, 2020

I would go for an OPNSense/PFSense solution. Thought It's no so easy to begin with it, but it will scale to your needs easily.

Real User
2021-05-03T17:35:26Z
May 3, 2021

Hard to give a recommendation based on this limited information.


Best NG firewalls are from Fortinet and PAN.


You can just use your ISP modem firewall and put your servers in DMZ, install some antivirus on your employees' PCs (if not Macbooks), and feel safe.


Valid comment about Win 2008 server being vulnerable, need to upgrade asap.


VJ
Reseller
Top 5Leaderboard
2021-04-19T10:50:01Z
Apr 19, 2021

When making a decision look at 5 years' TCO. For example, Fortigate is cheap to buy the 
first-year but the support to keep security functions running can get expensive over time! 


My suggestion is to look at firewalls that do not require subscriptions - the reason is that you are looking for a device that will be in the network for many years!


Candidates:


1. Netgate HW running pfsense firewall - we run it for clients and internally 


2. Ubiquity Unify Dreeam Machine Pro (advantage of very nice GUI and included CCTV capability)




Happy to discuss in detail. 




Vladimir

Jairo Willian Pereira - PeerSpot reviewer
Real User
Top 5
2021-04-16T20:21:21Z
Apr 16, 2021

Fortinet has an excellent price for low-profile equipment that still offer great deliveries for small/medium businesses (beware with version versus EOL/License only). If you have 'qualified team' and the price is differential, you can even think about using an opensource solution (iptables, pfctl or similar).

it_user1386156 - PeerSpot reviewer
Real User
2020-07-20T04:51:34Z
Jul 20, 2020

For initial start-up and to secure your business, I would recommend to go with Fortigate Firewall, that will provide the feature of NGFW. One more recommendation is to upgrade your Windows server to latest one. 

VJ
Reseller
Top 5Leaderboard
2020-07-13T19:09:49Z
Jul 13, 2020

Hi, I see an immediate issue "Server 2008 R2." That implies old web server software. You are much better off to migrate this website/web application to a cloud provider (such as AWS or Azure) and use their security services - such as web application firewall, DDoS protection etc. 


Feel free to reach out for a more detailed discussion. 


Best 


Vladimir

MH
Real User
2020-03-31T14:44:52Z
Mar 31, 2020

Selecting the "Best" firewall will give you many different answers from many different people. Firewalls and firewall vendors as well as the people that implement them are very partial to what they are familiar with. Same as me. I have what I consider the "best" but is the Best "for my installation". The real answer is another question, What are you looking for and need in a firewall?"

With such old web servers you will need a Web Application Firewall "WAF" much more that you would need, say a packet filtering firewall or even a NGFW.

Too many questions to list here but I would definitely need much more information about your situation before I could even start to make a recommendation.

AO
Real User
2020-03-24T05:48:38Z
Mar 24, 2020

It will depend on the budget and scalability you want, if you have a high budget, better to implement a commercial firewall, another alternative would be an open-source firewall.

I recommend:
- Commercial Firewalls: Palo Alto or Fortinet.
- Open Source Firewalls: pfSense or OPNsense.

AK
Real User
2020-03-23T20:33:22Z
Mar 23, 2020

I would recommend a Palo Alto appliance since you can watch up to layer 7 traffic.

AA
Real User
2020-03-23T18:24:35Z
Mar 23, 2020

From my experience, Fortinet or Cisco will work fine if you looking for NGFW, I am not sure about the price, you can ask the vendor partner in your area for the price list. Both Cisco & Fortinet firewalls will do the job perfectly.

TM
User
2020-03-23T18:19:38Z
Mar 23, 2020

I suggest installing a *pfSense* router as the gateway to the Internet.   

I've also had success with a *Dlink* router and using *ClearOS*.  Any of these would enable the user to place their Web servers in a separate zone.

EW
Reseller
2020-03-23T16:46:05Z
Mar 23, 2020

Sophos XG 106 Firewall

CP
User
2020-03-23T15:38:26Z
Mar 23, 2020

Fortinet Firewall would be the best by far with built in wireless and vpn capabilities

DC
User
2020-03-23T15:30:24Z
Mar 23, 2020

With that number of employees, Sophos offers good solutions (XG line) at a reasonable price. That’s my recommendation.

it_user1198326 - PeerSpot reviewer
User
2020-03-23T14:00:16Z
Mar 23, 2020

In few words:
Looking at the best balance between Security functionalities, performance per Mbps of protected traffic and price, the best is FortiGate:
> Advanced security functionalities from basic ACL until level 7 security protection, that could be used for security functionalities consolidation (a typical scenario for SMB needs).
> Embedded Security Management functionality (on board of FortiGate appliance) really usable.
> A scalable platform from a few Mbps Throughput until high-end needs.

DV
Real User
2020-03-23T13:46:08Z
Mar 23, 2020

Open Source: PFSENSE
Good - Cheap - Easy on use: Sophos
The best: Cisco ASA Firepower

JH
Vendor
2020-03-23T13:20:50Z
Mar 23, 2020

Web-sites do require additional protection that a firewall appliance by itself cannot achieve.

Having 1 to 10 employees is useful, however understanding the web-site traffic volumes is completely different.

So, making certain assumptions I would lean towards Fortinet or Sophos.

And what can we assume regarding EOL for OS?

AI
Real User
Top 5Leaderboard
2020-03-23T12:47:52Z
Mar 23, 2020

For Open-source solution is PFSense/OPNSense and commercial is Check Point firewall. This is my recommendation.

MR
User
2020-03-23T11:23:03Z
Mar 23, 2020

Large sites = Fortinet

Small 2 -3 server sites = PFSense, available in the virtual or physical installation. Available in Opensource or with professional support.

TK
User
2020-03-23T10:38:40Z
Mar 23, 2020

You can take Fortinet 30E.BDL in the present situation. This model can easily fit the budget of the customer and their requirements in the full edge.

GP
User
2020-03-23T09:44:03Z
Mar 23, 2020

You have several options. if you want to add IPS functionality then I would recommend Sophos Firewall XG. If you want to go open source route then pfSense is the tool. There a other similar products that have different learning curves or prices. For my personal use I'm using Sophos Firewall XG since it is free for home users.

DP
User
2020-03-23T09:09:22Z
Mar 23, 2020

It depends if you have time and a server with 4 ->5 port (VM or physical) you should install pfSense firewall. It is open-source, it is quite easy to install and setup but you have to spend time on it.

If you have budget for FW you should choose
Fortinet price: 8/10 but admin's experience about 7/10
Palo Alto has an expensive price we could say: 7/10 but admin's experience is very good it is the best enterprise FW

When sizing FW you should inform the throughput so it helps the reseller pick a model for you. IF you have 1-10 employees and 1 server I would say your best solution is pfSense open-source FW.

JR
User
2020-03-23T03:59:02Z
Mar 23, 2020

Here are three options depending on your budget and overall security consideration based on your business. Strongly advise that you locate a
local resource to help you plan out your network and security work. There are many considerations to include server patching you need to keep an eye
on.

1. Sonicwall
2. Fortinet
3. Palo Alto Networks

OK
Real User
Leaderboard
2020-03-22T22:50:14Z
Mar 22, 2020

I recommend and deploy Kerio Control Firewalls because you can install on an old desktop PC with that you add a 2nd network card. I use Dell OptiPlex i5 with 8 GB of RAM for my base router. I also know that Sophos and Untangle has the same option and they both have better end user support than Kerio. I stick with Kerio because i have been a partner from way before the GFI purchase so know the products very well and do not have need for support.

On the outdated server issue and if you are in a situation where with COVID-19 do not want to be spending the money to upgrade hardware and software I would reach out to Norton and see if their Business Protection suite protects against known threats to outdated software or has a protection add on. I use Trend Micro Worry Free Security for my clients and learned that Trend Micro has an addon or a separate product to add that type of protection.

Good luck in the coming days / months.

it_user210690 - PeerSpot reviewer
Consultant
2020-03-22T16:44:33Z
Mar 22, 2020

Agree 100% with Thomas Davis. As a Meraki partner, I can attest it is a great product but you need to work with an authorized Meraki partner. as for the servers, I would note that you are facing an upgrade from an unsupported OS (2008 R2) and will need to be purchasing a server OS license for 2016 or Windows 2019, Microsoft Licensing can be tricky so I suggest contacting an IT company that is both a Microsoft partner and a Meraki Partner. The firewall is a necessity but understands that if you are running web servers, there will be at least ports 80 and 443 open to public traffic. These Ports will be probed by malicious activities trying to make use of exploits in the hosting server OS and applications. Thus it is imperative that the environment be maintained and latest patches applied in a controlled manner. It is difficult to accurately understand what is meant by "Norton Business Protection" as they offer a range of products. We have had great success with the enterprise offerings from Symantec but they too have recently (Aug 2019) sold to Broadcom the Enterprise Security Business.

Impossible to keep current with IT Mergers & Acquisitions. Accenture Security is to acquire Symantec's Cyber Security Services business from Broadcom [ https://www.infosecurity-magazine.com/news/accenture-to-acquire-symantec/ ] Second ownership change but core product --for now remains the same offering.

TD
Reseller
Top 20
2020-03-22T12:31:37Z
Mar 22, 2020

First you need to upgrade to a supported platform. 2012r2 or Higher...
Cisco Meraki Firewall is the easiest to manage and deploy.

DS
Real User
2020-10-19T07:28:40Z
Oct 19, 2020

Go with FG-40F

CD
User
2020-07-18T01:17:50Z
Jul 18, 2020

FortiGate 30e


Or


FortiGate 40f

JR
Real User
2020-07-15T01:04:50Z
Jul 15, 2020

Dear, firstly received a cordial greeting.


These questions arise:


What service do you have in the cloud?


How much is your capacity?


Now, you can install a Mikrotik operating system on a PC or server that can help you with network firewalls, creating rules.


Or buy Mikrotik hardware.


I am at your service to help you. Mikrotik has many advantages.

JR
Real User
2020-06-29T15:41:07Z
Jun 29, 2020

Dear best regards, I recommend that MikroTik in the operating system or the physical equipment have a great structure at the firewall level.


You can implement Smoothwall Express is a free solution with a simple web interface to configure and manage the firewall to get started.


I am attentive and at your command.

PB
Real User
2020-04-23T08:34:22Z
Apr 23, 2020

Fortinet or Sonicwall

AM
Real User
2020-04-15T12:22:38Z
Apr 15, 2020

Sophos XG firewall with RED devices to make tunnels

EL
Real User
2020-04-14T14:12:35Z
Apr 14, 2020

Just get Untangle it's the easiet and cheapest...but not weak by a long shot... 4 years multiple deployments and no breaches or ransomedware

WC
User
2020-04-12T17:03:41Z
Apr 12, 2020

How can gI et a Cisco ASA 5510 Firewall for a decent price? It has all the essential features.

MR
Real User
2020-04-08T20:34:33Z
Apr 8, 2020

..

DK
User
2020-04-07T20:50:27Z
Apr 7, 2020

What is the speed of your internet connection?

Real User
2020-03-25T22:34:34Z
Mar 25, 2020

I would recommend you to use Cisco firepower, easy to configure and manage, this will be very helpful for you because you have a limited staff

HH
Real User
2020-03-24T12:08:42Z
Mar 24, 2020

based on the information that you provide, you will need small firewall (depend on size and growth of your company and bandwidth). Since you also locate your website on you premise, I suggest you to Protect the server with small WAF (Web Application Firewall). Regarding the brand, there are many justification as your required such as bandwidth, firewall feature (UTM or NG-Firewall) and budget.
Thank you

YK
User
2020-03-24T11:58:11Z
Mar 24, 2020

You could go for CISCO MERAKI MX-64 with 1/3 yrs advanced security services license. Since it’s could based administration, very easy to deploy and Manage. Can support upto 50 devices including servers.

AC
Real User
2020-03-23T15:14:28Z
Mar 23, 2020

Take the FortiGate 40F with UTM protection (600 Mbps Threat Protection), easy management and low cost for your requirement. If you need load balance WAN links choose the 60F because it has more physical ports and 700 Mbps Threat Protection.

KD
User
2020-03-23T15:11:56Z
Mar 23, 2020

I personally use Cisco Exclusively because that is what I know. Palo Alto firewalls are also very good. Those are the two biggest players right now from my research and knowledge. Performance-wise the are clearly direct competitors and one may fair better in one feature and the other in another feature so it's hard to say one is really better than the other. Both can now be managed via a GUI however Cisco has the advantage of also being manageable via a fully developed and documented CLI.

As for which model to choose that would depend on the anticipated load and any additional features you would need. Both support a DMZ / public /
private network infrastructure. From what little information is provided the lower end firewall models would most likely be acceptable however the final is dependant on the incoming traffic more than the number of users behind it.

MA
Real User
Top 5
2020-03-23T14:35:10Z
Mar 23, 2020

Windows Server 2008 is unsupported by Microsoft and you should migrate it to Windows Server 2019. I think your hardware is also very old. But you don't have to buy new hardware. You may create a virtual machine from a datacenter like Azure, AWS, etc. They also offer some security services like IPS, Next-Generation Firewall, DDOS protection, etc for your workloads and I am sure it will be cheaper instead of buying hardware. I advise you to use Fortinet, Palo Alto or Check Point virtual firewalls.

IA
Real User
2020-03-23T13:54:00Z
Mar 23, 2020

First, before proceeding with the firewall brand, I need to know what tasks must the firewall handle i.e IPS, Protection from the exterior, web application firewall, VPN users, protection for clients hosting their websites on your servers, web and application filter, mail filter? All of these will determine which firewall should you go for.

If you can send me these I will tell you which brands to follow and how the configuration shall be done.

As for windows 2008, yes it is not supported but this doesn't make your environment vulnerable since you have Norton in place and the next-generation firewall will do the protections unless you have a budget allocated to the migration to windows server 2016, then it is better to migrate first.

SM
User
2020-03-23T13:28:40Z
Mar 23, 2020

You have two challenges:
- First, Windows 2008R2 is no longer under Microsoft support (you will no longer receive security patches) - this makes your server MUCH more vulnerable.
- Second, firewalls. I tend to like Sonic Wall, but there are others as well. Each vendor has models that address a range of features, with cost considerations attached. Suggest working with a local vendor to consider a holistic approach to your org and needs.

DA
Consultant
2020-03-23T11:59:29Z
Mar 23, 2020

I recommend using Cisco FPR 1010 (https://www.cisco.com/c/en/us/products/collateral/security/firepower-1000-series/datasheet-c78-742469.html).

NN
User
2020-03-23T11:10:55Z
Mar 23, 2020

I will prefer Cisco FPR 1120 for SMB as it is power of CISCO and no renewal fee for firewall subscription.

CP
Real User
2020-03-23T08:22:39Z
Mar 23, 2020

Better take the 60F instead of the 60E. more performance, ower price, same functionality.

Upgrading your 2008 servers is also a recommendation. But all firewalls of the major companies(Fortinet, Palo Alto, and CheckPoint) will be good enough for you. It all depends on your budget and how you manage your security policies.

A firewall isn't a silver bullet against all threats.

it_user1271217 - PeerSpot reviewer
User
2020-03-23T07:16:24Z
Mar 23, 2020

It depends on your budget, there are many options you can avail, but if you buy a Fortinet firewall, it will get you ease of management and having all the options which enterprise network needs.

One consideration that is throughput required to respond to your web server queries is essential, so please chose as per your requirement like 40E, 60E.

Firewalls
A firewall is a device used for network security. It monitors network traffic (both incoming and outgoing) and then, based on a set of security rules, either permits or blocks data packets.
Download Firewalls ReportRead more

Related Q&As

Firewalls experts

Adrian Cambronero - PeerSpot reviewer
Prateek Agarwal - PeerSpot reviewer
Diana Alvarado - PeerSpot reviewer
Jonathan Ramos G. - PeerSpot reviewer
Nagendra Nekkala - PeerSpot reviewer
Sachin Vinay - PeerSpot reviewer
Hugo Alexis Espinoza Naranjo - PeerSpot reviewer
Edwin Solano Salmeron - PeerSpot reviewer