5 Questions to Ask when Choosing Firewalls for Your Company

For many enterprise organizations, firewalls are critical for protecting networks and appliances from unauthorized incoming and outgoing access. According to IDC, this interest in firewalls is not declining anytime soon.

There are many firewalls to choose from in the industry, such as Fortinet FortiGate, Check Point NGFW, pfSense, Cisco Firepower NGFW, and Sophos XG, among others. Each solution has its own benefits and valuable features, which can make choosing the right solution for your company all the more daunting.

To help with this process, we have turned to the PeerSpot community for their advice, and asked them what questions must be addressed when selecting a firewall for a specific organization? Here are their answers:

1. “How much visibility does it offer?”

Firewalls are the key to network visibility. Without firewalls, visibility into your network is compromised. With firewalls, you gain deeper insights and are guaranteed protection from brute force, DOS, and DDOS attacks. Firewalls also allow you to prevent and monitor insider threats, secure applications, improve incident response and forensics efficiency, and much more.

“The way it can block certain content is very useful for us. It gives you a good heads up as to what streams are being blocked from the network, which helps with visibility.”
- J.T., CEO/CTO

"The most important features are the intrusion prevention engine and the application visibility and control. The Snort feature in Firepower is also valuable.”
- Andreas P., Systems Engineer at a tech services company

“I've done network assessments, where we wanted to get visibility into all flows. I used Firepower boxes for some of those, where we tapped a line and let Firepower see all the traffic. It was incredibly helpful in picking up all of the flows of data. As a result, I was able to give information to the customer, saying, "This is what it's doing and this is what it's seeing in your network." I find it very helpful to get all that type of data. It's got a lot more information than NetFlow-type systems.”
- Engineering Services Manager at a tech services company

2. “How easy is it to manage?”

Firewalls are commonly deployed throughout organizations and more often than not, the process of managing and controlling them is cumbersome due to management complexities and inconsistencies between individual devices and centralized management interfaces. The result is an increase in administrative efforts and associated costs. To avoid this, make sure to choose a firewall product with a centralized management system that provides global visibility and control over multiple networks.

“You want to spend less time fighting with your remote access solution or your firewall solution and work on other problems. It should not be a difficult thing, and yet, a lot of people struggle with that. Especially today with the pandemic, they have to be able to have access to their stuff and that's crucial. That's the biggest takeaway. Is it easy to manage it, is it easy to connect? If so, it's worth the investment.”
- Spencer M., Owner at Tech Exchange

“One of the reasons why I started using the product was their single pane of management. I can deploy their line of firewalls in conjunction with their switching and access points, and I can manage the entire network from one interface.”
- Eric S., Solutions Engineer/Consultant at a tech services company

“We have better manageability: opening and closing ports/services, adding addresses is done very quickly (can be done in a single page of the web GUI).”
- Chingiz A., Director at an integrator firm

3. “Are these firewalls flexible enough to handle my company’s needs?”

When planning your next firewall purchase, ensure that the product has the right set of features to handle your organization’s unique requirements - to meet your needs today and those in the future as well.

"What I found most valuable is the cost of the platform, the flexibility of the platform, and the fact that the ongoing fees are not there as they are with the competitor. Some people may think you're taking a risk with using opensource. I think it just provides the end user, specifically for us small, medium business providers of services, the flexibility we need at the right cost to provide them a higher end, almost enterprise type service.”
- T.O., VP of Business Development at a tech services company

“The flexibility of adding new kinds of services without spending any money can't be beaten. We can compare services like IP blocking, blacklisting and DNS blocking, content filtering, and even deep packet inspection with other larger enterprise firewalls.”
- Malik Y., Solution Architect, Managed Services & System Integration at Transmeet Technologies

“The solution offers excellent flexibility. You can either install pfSense just on a machine, on your local PC, or you can buy an appliance. You can even buy your own hardware and install it on your own. Of course, if you choose that route, you need to have a technical expert on your team. For us, as a software company, that's not a problem.”
- CTO, Software Architect, founder at a tech services company

4. “What kind of security features does it have?”
A firewall is a security system that monitors and controls incoming and outgoing traffic based predominantly on security rules. Organizations can integrate their firewalls with other security solutions to accelerate the response to security alerts and help staff investigate security incidents. In order to truly protect your network, it is of utmost importance to ensure the firewall you choose has top-notch security features.

"Content protection, content inspection, and the application level firewall are all good features.”
- Bojan O., CEO at In.sist d.o.o.

“The solution has built-in features for web filtering that are great. It categorizes it nicely for you.”
- Network Security Engineer at a performing arts firm

“Better security posture: safe web surfing, less spam and viruses in incoming email messages, very granular AppControl, blocking vulnerability exploitation attempts and traffic anomalies by IPS, preventing DoS attacks by DoS policies.”
- Chingiz Abdukarimov, Director at a integrator firm

5. “What do other people in my industry think about these tools?”

People across all industries no longer see firewalls as an accessory, but rather as a necessity. Without a firewall, you are putting your organization at risk, leaving your networks with complete open access and susceptible to incoming threats. Intruders can engage in malicious activities like gaining control over your computer or network, deleting your data, or using your personal information to commit identity theft and other online frauds.

“It is quite an awesome product with so many good things packed into it. I am happy with the EPLS, the radius, and I am happy with the captive portal. All in all, it's a good product. And considering that I get it for paying nothing, it's really worth the time invested in it.”
- Leon P., Consultant and Head of Services at ILANZ LLC

“The most valuable aspect of the solution is the way it can browse packages on the internet. The initial setup is very easy. We've found the stability to be very good overall. The product can scale if you need it to.”
- IT analyst

Aside from these initial questions, the IT Central Station community also recommends continuously searching for user feedback. Learning more about your colleagues’ personal experiences with a wide array of firewalls is invaluable, and will help give you the important information that you need to ultimately make that investment.

If you have any questions, ask in our firewall community forum.

For many enterprise organizations, firewalls are critical for protecting a company’s network and appliances from unauthorized incoming and outgoing access. According to IDC, this interest in firewalls is not declining anytime soon.  

There are many firewalls to choose from in the industry, such as Fortinet FortiGate, Cisco ASA, Palo Alto Networks WildFire, Sophos UTM and pfSense, among others. Each solution has its own benefits and valuable features, which can make choosing the right solution for your company all the more daunting.

To help with this process, we have turned to the IT Central Station community for their advice. Here are five questions that our users commonly ask in their own searches for business intelligence software.

1. “How much visibility does it offer?”

For many IT Central Station users, this is one of the most essential features that they pay attention to when searching for their company’s firewall. In large corporations that utilize many types of applications and platforms on a daily basis, visibility is ultimately what determines whether or not a firewall will be effective.

Kiarash B., Security Designer at ODI

“You can extend your visibility in network infrastructure for monitoring. You can absolutely give your users a better experience. When you use .1X for user authentication, users login just one time and you can control all user access to the Internet, data center resources, and across the network.”

Luis F., Senior Systems Administrator/Network Engineer at a retailer

“[This solution offers] much more visibility during an attack lifecycle; found a lot of infected hosts and vulnerabilities. It IS a bit expensive, but I think you get what you pay for. Value is there.”

Simon C., ICT Solutions Engineer at an aerospace/defense firm

“You can create multiple virtual domains (VDOMs) which are treated as separate firewall instances. The reporting you get out of this appliance is excellent and you don't need an external management system.”

2. “How easy is it to manage?”

According to many IT Central Station users, firewalls function typically in complex, heterogenous security environments. Therefore, a firewall that is easy to manage by people in the company with varying skill levels will have an immediate advantage over other solutions in the market.

Davide M., Senior Security Consultant at a tech services company

“Customers have more time to focus on security because maintaining the firewalls is completely hassle-free. It has complete and cost-effective next-generation firewall features with app identification, and IPS and URL filtering with SSL inspection.”

Jinlong Y., HTS Engineering - Heat Transfer Solutions at a construction company

“Any new hire straight out of school who has network knowledge is able to operate the software without the complication of a CLI.”

Carlos E., IT Manager at a government agency

“The most important features are performance and ease of management. The solution helped in the identification and categorization of access and provided a high index of traffic analysis.”

3. “Are these firewalls flexible enough to handle my company’s needs?”

Flexibility is another highly valuable feature for firewalls, especially when operating in large companies that have many different uses for such a solution. With a flexible firewall, users can ensure better control of their network according to its specific needs.

Alin P., Network Security Administrator at a tech company

“It helped us and our customers implement more granular and flexible connections to and from our/their environments, building a trust relation between all of us, having the confidence that our exchanged information is occurring in a highly secure manner.”

Dragan P., Head of IT at a construction company

“After migrating to Sophos XG and the new XG OS, things got easier, more secure, and more interesting. Specifically, we had the ability to generate different reports for different protection types, different end users, or different services. With the new XG OS, I have better control of my network and I can easily detect malicious and unnecessary traffic.”

4. “What kind of security features does it have?”

At its foundation, firewalls are important because they protect key IT assets from security threats. So if you’re looking into firewalls, this should be a question that you are asking during the search process.

Brent A., Senior Network and Security Engineer

“WildFire has been instrumental in blocking a number of new threats, before common desktop anti-virus tools were able to detect them. When Wannacry first came out, wildfire was detecting it and dropping incoming threats within seconds. We were dropping over 10,000 files per day with no additional firewall load at all.”

Adriana Y., IT Infrastructure Engineer at a tech company

“Routing and security policies, central management and all of the other features help us to improve network performance and implement organizational policies.”

Jeff B., Network Engineer at a legal firm

“Before using the Sophos appliance, we consistently struggled with users clicking on things they shouldn't be. This led to virus/malware infections that seemed to propagate through the network at an alarming speed. Since we incorporated the appliance into our network, we don't have to worry as much since it does in-line virus checking, and if a computer does get infected the Sophos appliance lets us know via its Advanced Threat Protection so we can get a much faster response time.”

5. “What do other people in my industry think about these tools?”

Aside from these initial questions, the IT Central Station community also recommends continuously searching for user feedback. Learning more about your colleagues’ personal experiences with a wide array of firewalls is invaluable, and will help give you the important information that you need to ultimately make that investment.

If you have any questions, ask in our firewall community forum.