We changed our name from IT Central Station: Here's why

5 Questions to Ask when Choosing Firewalls for Your Company


5 Questions to Ask when Choosing Firewalls for Your Company

For many enterprise organizations, firewalls are critical for protecting a company’s network and appliances from unauthorized incoming and outgoing access. According to IDC, this interest in firewalls is not declining anytime soon.  

There are many firewalls to choose from in the industry, such as Fortinet FortiGate, Cisco ASA, Palo Alto Networks WildFire, Sophos UTM and pfSense, among others. Each solution has its own benefits and valuable features, which can make choosing the right solution for your company all the more daunting.

To help with this process, we have turned to the IT Central Station community for their advice. Here are five questions that our users commonly ask in their own searches for business intelligence software.

1. “How much visibility does it offer?”

For many IT Central Station users, this is one of the most essential features that they pay attention to when searching for their company’s firewall. In large corporations that utilize many types of applications and platforms on a daily basis, visibility is ultimately what determines whether or not a firewall will be effective.

Kiarash B., Security Designer at ODI

“You can extend your visibility in network infrastructure for monitoring. You can absolutely give your users a better experience. When you use .1X for user authentication, users login just one time and you can control all user access to the Internet, data center resources, and across the network.”

Luis F., Senior Systems Administrator/Network Engineer at a retailer

“[This solution offers] much more visibility during an attack lifecycle; found a lot of infected hosts and vulnerabilities. It IS a bit expensive, but I think you get what you pay for. Value is there.”

Simon C., ICT Solutions Engineer at an aerospace/defense firm

“You can create multiple virtual domains (VDOMs) which are treated as separate firewall instances. The reporting you get out of this appliance is excellent and you don't need an external management system.”

2. “How easy is it to manage?”

According to many IT Central Station users, firewalls function typically in complex, heterogenous security environments. Therefore, a firewall that is easy to manage by people in the company with varying skill levels will have an immediate advantage over other solutions in the market.

Davide M., Senior Security Consultant at a tech services company

“Customers have more time to focus on security because maintaining the firewalls is completely hassle-free. It has complete and cost-effective next-generation firewall features with app identification, and IPS and URL filtering with SSL inspection.”

Jinlong Y., HTS Engineering - Heat Transfer Solutions at a construction company

“Any new hire straight out of school who has network knowledge is able to operate the software without the complication of a CLI.”

Carlos E., IT Manager at a government agency

“The most important features are performance and ease of management. The solution helped in the identification and categorization of access and provided a high index of traffic analysis.”

3. “Are these firewalls flexible enough to handle my company’s needs?”

Flexibility is another highly valuable feature for firewalls, especially when operating in large companies that have many different uses for such a solution. With a flexible firewall, users can ensure better control of their network according to its specific needs.

Alin P., Network Security Administrator at a tech company

“It helped us and our customers implement more granular and flexible connections to and from our/their environments, building a trust relation between all of us, having the confidence that our exchanged information is occurring in a highly secure manner.”

Dragan P., Head of IT at a construction company

“After migrating to Sophos XG and the new XG OS, things got easier, more secure, and more interesting. Specifically, we had the ability to generate different reports for different protection types, different end users, or different services. With the new XG OS, I have better control of my network and I can easily detect malicious and unnecessary traffic.”

4. “What kind of security features does it have?”

At its foundation, firewalls are important because they protect key IT assets from security threats. So if you’re looking into firewalls, this should be a question that you are asking during the search process.

Brent A., Senior Network and Security Engineer

“WildFire has been instrumental in blocking a number of new threats, before common desktop anti-virus tools were able to detect them. When Wannacry first came out, wildfire was detecting it and dropping incoming threats within seconds. We were dropping over 10,000 files per day with no additional firewall load at all.”

Adriana Y., IT Infrastructure Engineer at a tech company

“Routing and security policies, central management and all of the other features help us to improve network performance and implement organizational policies.”

Jeff B., Network Engineer at a legal firm

“Before using the Sophos appliance, we consistently struggled with users clicking on things they shouldn't be. This led to virus/malware infections that seemed to propagate through the network at an alarming speed. Since we incorporated the appliance into our network, we don't have to worry as much since it does in-line virus checking, and if a computer does get infected the Sophos appliance lets us know via its Advanced Threat Protection so we can get a much faster response time.”

5. “What do other people in my industry think about these tools?”

Aside from these initial questions, the IT Central Station community also recommends continuously searching for user feedback. Learning more about your colleagues’ personal experiences with a wide array of firewalls is invaluable, and will help give you the important information that you need to ultimately make that investment.

If you have any questions, ask in our firewall community forum.

Related Categories: Firewalls

Find out what your peers are saying about Fortinet, Check Point, Netgate and others in Firewalls. Updated: January 2022.
563,208 professionals have used our research since 2012.
author avatarreviewer690582 (COO/CTO at a pharma/biotech company with 11-50 employees)
Real User

Thank you, Andrew, for your clarification. My company is around 10% of your size. My subscription is 24/7 so I get the intention. My notices were always within a few minutes of the event and I called as soon as I could sit down and work through it. Once done, the fixes were usually very solid- there were no "slips" once the settings were corrected. Sometimes, I had to run up and down stairs to figure out the source(s), but that was my delay, not the support. To your first point: "-- After a vulnerability is disclosed in the industry, how long does the vendor take to get it rolled out into new firmware (or provide some other enterprise-worthy workaround)?" My former Fortigate provider was always right on top of the patch - sometimes, it was done and I didn't have to lift a finger - they just told me about it and when the patch was installed directly from them onto my router system. Any subsequent system adjustments were also recommended. My subscription provider was also pro-active and led the efforts sometimes if I was unfamiliar with what was going on.

I agree - it should be as close to instant as possible to avoid or avert any infection, right? It appears that is what you are implying as your ideal response mode. However, from our being busy and not sitting on top of our system 24/7, we are part of the response profile.

author avatarreviewer690582 (COO/CTO at a pharma/biotech company with 11-50 employees)
Real User

That depends on the type of subscription that accompanies your device(s). You can always add more service or usually add appliance capability with firmware/software upgrades, however I have found my ability to understand all the new capabilities runs short on time. That is when I believe it is wise to buy a service/support subscription for at least the first year - that way, you buy someone else's deep experience with your set-up, helping you to avoid a lot of wasted time, learning curve-related correct response delays and worse, inbound threats.

All of my support was worth the $ to buy those support packages. It was quick, it was accurate and it was "done"

What is "quick" to you - measuring in seconds or minutes? Are you there to take the call and work through the issue, putting all else aide? For me, that was critical.

author avatarAndrew S. Baker (ASB)

My suggested question is independent of the support packages. If you're paying for 24x7 support, you expect 24x7 support. But that doesn't address the following scenarios:

-- After a vulnerability is disclosed in the industry, how long does the vendor take to get it rolled out into new firmware (or provide some other enterprise-worthy workaround)?

-- When you discover a legitimate bug during a troubleshooting and support call/exchange, how long does it take to get permanently resolved? (Depends on severity, of course, but let's talk Sev-1)

-- How closely does the organization stick to their SLAs for service, support and fixes?

ITCS user