Some models are scalable but you have to have VMs to modify resources to get better performance.
Firewalls VM Reviews
Showing reviews of the top ranking products in Firewalls, containing the term VM
Juniper SRX: VM
Cisco ASA Firewall: VM
I'm a solution architect specializing in IT infrastructure designs. I create solutions for clients using Cisco and other products. I've developed solutions with various Cisco Firewall models. I may use an entry-level solution for smaller businesses, like the Cisco 555 Series or 5500. If it's a large enterprise, I may use the 4000 Series, or an ISR router integrated with a firewall for a branch office, and maybe an ISR router, which is integrated with the firewall.
I work with businesses of all sizes, but I see Cisco more often in medium-sized companies or large enterprises. Small businesses often pick Sophos or FortiGate because of the pricing. Large enterprises use Cisco and other products like Palo Alto or Check Point, especially for managing cloud architectures like GCP and AWS.
If the customer only needs a plain firewall, Cisco ASA is sufficient. It can compete with FortiGate or Sophos. When I talk about a next-gen firewall, the basics include malware protection, instruction prevention, URL filtering, etc. Firepower is integrated to address these next-gen requirements.
I may use the tabs for dynamic policy implementation in cloud environments depending on the clients' needs, but not typically VMware. I might get a false positive with the VMware operator and platform layer. If I stop some surveys, my production will stop. In such cases, I cannot just go by dynamic classification blindly. It would be better for the application layer, not the platform layer.
Fortinet FortiGate: VM
Good VPN, both IPSEC and SSL (web-mode, tunnel-mode). An engineer/network administrator has tools to debug VPN issues that can occur during tunnel setup with other vendors' equipment.
SD-WAN feature at no cost. This is really great feature for remote locations (branch offices) and HQ, application steering between many ISP links becomes a simple task. Steering can be done dynamically by measuring link quality (latency, jitter, packet loss, available bandwidth).
Wi-Fi and Switch controller at no cost. FortiSwitch and FortiAP can become a kind of port extender of the firewall, all its ports can be referenced in firewall policies. When you have such management plane consolidation it gives you a simpler way to operate.
Security Fabric Framework is helping in analyzing sudden and rapid changes in whole infrastructure, and gives the ability to simplify daily operations (e.g. address objects synchronization between all firewalls in Fabric, estimating overall security rating, single-sign-on for admin access and many more)
Single Sign On support with deep LDAP integration (several variants for environments with different scales), RADIUS authentication.
Can work as transparent and explicit web-proxy, the last option supports Kerberos authentication which requires no agents installed on any windows server.
Human readable firewall policies with editable security policies and
addresses in single page. This is very useful and time saving feature.
Firmware upgrade process is very simple, even for cluster configurations it is fully automated by default.
Straightforward SNAT and DNAT; you may work in two ways: with Central NAT rules configuration and by applying translation directly inside firewall policies.
Bulk CLI commands are uploaded via gui in script file (portions of config file).
VDOMs are very useful when you need to grant admin role to clients separately. VDOMs in FortiGate can be represented in FortiAnalyzer's ADOMs (administrative domain), which can have different log storage policies, event handling and alerting configurations. You can create one VDOM working in NAT/Route mode, and another VDOM working in Transparent mode.
If you don't want to create and use second VDOM you can still transparently inspect traffic at layer 2 level while having only one VDOM in NAT/Route mode. This is achived by configuring Virtual Wire Pair ports that work like a separate bridge.
Ability to capture packets going through any interface of device (and VM too). You can set number of packets, filter out packets by IP and port number for particular troubleshooting purposes, then download a .pcap file from web gui and analyze it in your favorite programm.
Advanced routing (RIP, OSPF, BGP, PBR). It gives you a seamless and simple integration into a large network.
IPS, AV, Web Filter, AppControl profiles are working very well.
SSL Inspection and CASI (Cloud Access Security Inspection) profiles.
Rich logging options allow you troubleshoot most problems.
Straightforward HA with different redundancy schemas.
This solution is scalable. They have now built hyperscale firewalls and it's very easy. Also VMs, for example, is very easy to scale, you just need to adjust the licensing.
Our primary use case for Fortinet FortiGate is for the center firewalls. We use the VMware server. That seems good and acceptable to the customers.
reviewer1483797 says in a Fortinet FortiGate review
Service Delivery Engineer - Network Security Lead at a tech services company with 51-200 employees
The solution is highly scalable because they have devices that can handle a large amount of traffic. The VM version with the hardware appliances is widely scalable. It can handle small businesses to large scale enterprises. In terms of mode of deployment, you have VM, hardware appliance, and cloud. There is cloud management as well that is scalable. It can suit a number of deployment scenarios.
We currently have 50 employees using the solution, some of our clients that have deployed it has 1000 users and it has not given a problem.
reviewer1470960 says in a Fortinet FortiGate review
Lead Architect at a computer software company with 51-200 employees
If you're a small-medium size business:
- Size your use case carefully as licensing price jumps significantly with HW changes.
- Customizable Forticilent SW can be downloaded for free with FNDN membership
- If you have multi sites and require Fortigate based 2FA then consider getting a dedicated fortiauthenticator (VM) with fortiokens acting a central RADIUS server which can be cheaper than cloud tokens an with additional authentication flexibilities.
I have experience with Fortinet FortiGate. I used to manage the product in the past, but in a different company. I transferred to another company into a new position, and Fortinet FortiGate is being used in my current company.
This product can be deployed both on-premises and on cloud. We use version 300E for on-premises, and VM04 on cloud.
They are doing a lot of things to improve Fortinet FortiGate, that I can't think of anything else I'd like added to it. There's zero trust access, the EDR, and the arrays. I can't really say that there's anything that they have not started. They're able to provide what I want.
We started with 100 users of Fortinet FortiGate in the company, then it went up to 270 users, because we also had a child company with end users of this product.
We didn't have to contact technical support for Fortinet FortiGate, because we had a third-party guy who was helping us, and we seldom contact him. If we find an issue, we just email, and he'll write back to us. We also get advise on the old firmware, for example, that there's a higher chance it's static and could be affected by vulnerabilities. Any help was done quickly, and it was nice. Nowadays, we are doing all the work, e.g. not having to contact our third-party guy.
We don't really need a team for deployment and maintenance. There's another engineer we're sharing ideas with, otherwise, deployment and maintenance are both very straightforward. You just need to know what you're doing, e.g. a good path, IPsec channels, etc., and it'll be much easier.
I can recommend Fortinet FortiGate to others, especially because I understand it the most now. We do know everybody won't choose it, because Check Point, Cisco, and other competitors are coming up with robust devices. Everyone wants to win against their competitors, but I'm happy with FortiGate. It's a product I can recommend to others.
I'm rating Fortinet FortiGate a ten out of ten, because it doesn't give me any issues. It's very easy for me to rate it a ten.
Peter says in a pfSense review
Software Applications Manager at a engineering company with 201-500 employees
I've tried to scale the solution previously. I've got two hardware platforms running. I wasn't quite able to run everything I wanted on a small ARM based device. Therefore, I build my own Super-micro platform based on Intel Denverton.
It's actually easy to scale. It's just moving over most of the configuration: exporting, importing, or even going right into the original XML export file.
There are six users, 3 dozen of devices and a homelab server with VM running behind the solution at this time.
We have a client who's got a number of VMs on a single piece of hardware. They needed to have access over a VPN to those VMs from inside their network. We use pfSense to provide the VPN link using the IPsec.
In others, let's say smaller organizations, we will put a Mini ITX system that then connects into their broadband - typically sort of fiber or something like that - and just gives protection.
The solution also allows us then to manage port forwarding and things like that.
Sophos XG: VM
My advice would be to download the VMware and get to know the interface because running one of these devices is probably not as difficult as you'd think. If you have an onsite level one user, YouTube has online training and Sophos support will help you through it. It's a very easy device for a level one engineer to manage. My advice is to download the free VMware for 30 days and then either buy the platform or install the VMware product.
I rate this solution a 10 out of 10.
reviewer1053252 says in a Sophos XG review
Technical Presales Consultant/ Engineer at a wholesaler/distributor with 10,001+ employees
You need to pay for the license. You need to pay for the hardware as well. The cost depends on the model of the hardware and on which license. They have different editions, and licenses you're going to go with. They have different modules, and the cost depends on which modules you'd like to activate for security features. Not everyone will buy Sophos to utilize all the features. Usually, it's just the firewall, and IPS, sandbox, and the web filter that people are looking for. Not many people have Sophos or VM servers on-prem to protect them.
Cisco Firepower NGFW Firewall: VM
The primary use case is mainly around perimeter security at the HQ and the branch. This will include using the Next-Generation Intrusion Prevention System (NGIPS), using advanced malware protection for networks on the firewall, and remote access VPN as well as site-to-site VPN.
I work for a Cisco partner and managed service provider. We have a number of customers. Typically, the standard setup that we have is a Firepower Management Center Virtual, running in VMware, with physical FTD appliances (as the firewalls) on-premises.
We work with more mid-size organizations who typically have email security, web security, endpoint security, and perimeter security. In terms of products, that would be:
- Cisco Umbrella
- Cisco Cloud Email Security
- Cisco Secure Endpoint
- Firepower, for the perimeter.
That would be a typical technology mix. Sometimes, some customers will consume something like Duo Security for multi-factor authentication.
We are primarily running ASA Firewalls with the FTD image. We are also running some Firepower 1000 Series.
reviewer1627155 says in a Cisco Firepower NGFW Firewall review
Senior Systems Engineer at a tech services company with 201-500 employees
Technically, it is a very good firewall, but some improvements need to be done on the management side. I would advise getting a consultant or someone from Cisco to help you in implementing and using this firewall to its fullest extent.
We don't use workload integration as of now. We also don't use its dynamic policy capabilities to enable tight integration with a secure workload at the application workload level. Similarly, we don't use the solution's tags for VMware, AWS, or Azure for dynamic policies implementation in the cloud.
I would rate Cisco Firepower NGFW Firewall an eight out of 10.
We are using Firepower for outbound/inbound traffic control and management as well as for our internal security. We are using it for LAN security and VMware network security. It is a hardware device, and it is deployed on-prem.
Our target is to make our network 100% secure from the outside and inside traffic. For that, we are using the latest versions, updates, patches, and licenses. We have security policies to enable ports only based on the requirements. Any unnecessary ports are disabled, which is as per the recommendation from Cisco. For day-to-day activity monitoring and day-to-day traffic vulnerabilities, we have monitoring tools and devices. If there is any vulnerability, we can catch it. We are constantly monitoring and checking our outside and inside traffic. These are the things that we are doing to meet our target of 100% security.
We have a number of security tools. We have the perimeter firewalls and core firewalls. For monitoring, we have many tools such as Tenable, Splunk, etc. We have Cisco Prime for monitoring internal traffic. For malware protection and IPS, we have endpoint security and firewalls. The outside to inside traffic is filtered by the perimeter firewall. After that, it goes to the core firewall, where it gets filtered. It is checked at port-level, website-level, and host-level security.
We have the endpoint security updated on all devices, and this security is managed by our antivirus server. For vulnerabilities, we have a Tenable server that is monitoring all devices. In case of any vulnerability or attacks, we get updated. We are also using Splunk as SIEM. From there, we can check the logs. If any device is attacked, we get to know the hostname or IP address. We can then check our monitoring tool and our database list. We can see how this attack happened. We have configured our network into security zones. We have zone-based security.
In some cases that I'm aware of, when moving from specific platforms like Check Point, Firepower has offered a much easier way of working with the platform and deploying changes. For the customer, it's a lot easier in the newer platform than it was in the previous one.
I've done network assessments, where we wanted to get visibility into all flows. I used Firepower boxes for some of those, where we tapped a line and let Firepower see all the traffic. It was incredibly helpful in picking up all of the flows of data. As a result, I was able to give information to the customer, saying, "This is what it's doing and this is what it's seeing in your network." I find it very helpful to get all that type of data. It's got a lot more information than NetFlow-type systems.
There have also been use cases where I'm doing east-west and north-south in the same firewall box. That is possible with SGTs and SD-Access and Firepower. That ability has been critical in some of the designs we've done. A scenario would be that we have an underlay, a corporate network, and a guest network VRF-routed zone; big macro security zones. We are doing micro-segmentation at the edge with SD-Access, but the macro-segmentation between the zones is handled by the firewall. Because we didn't want to split up our east-west and north-south, because there really wasn't a budget for it, they're on the same box. That box is able to do both flows that go towards the internet and flows that go between the different interfaces on the firewall. We're using SGTs in those policies and we're able to extend the logic from the SD-Access environment into the firewall environment, which creates a very unified approach to security.
We're also able to implement dynamic policies for dynamic environments with 7.0. That's becoming more and more important every day. IPs are becoming less important; names and locations and where things live in the cloud mean things are becoming a lot more fluid in the world of security. It's very helpful to have objects and groups that can follow that fluidity along, as opposed to me trying to do it old school and static everything up. No one has time for that. Dynamic policy capabilities enable tight integration with Secure Workload at the application workload level. The IP is less relevant and the application or the VMware tag can be tied to a specific ruleset. It's very helpful to be able to have it be so dynamic now. We're using more and more of those dynamic group concepts.
When it comes to the solution’s tags for dynamic policy implementation in cloud environments, VMware is the primary one I'm seeing these days, but I expect Azure to pick up significantly. The use of these tags for dynamic policy implementation in cloud environments simplifies things. We don't have to have so much static stuff pinned up. We can just have a single rule that says, "If it's this tag, then do this," as opposed to, "If it's this IP and this IP and this other IP, then you're allowed to do this thing." By disconnecting it from the IP address, we've made it very flexible.
Maybe the dashboard could be a bit better. There are some reports where we don't get it. We need a deep dive into a particular URL, however, it provides the URL and the IP address, and there is no more information that can show more details. Basically, the report models can be improved.
With their console, we have to build a separate VM. In some of the products, the management console comes along with the box itself. It'll be one solution to take the backup and keep it. Even if you want to build a DR, it'll be easy. However, the challenge we had is if that VM is down, my team may not able to access the Firepower remotely. Therefore, the management console itself should be built within the Firepower box itself, rather than expecting it to be built in a separate VM.
Untangle NG Firewall: VM
Untangle is open-source software. So, you can get it for free. That has been a benefit, especially for the residential users because it is free. The license costs start at $25 a month for some additional features, including higher tiers of security intrusion prevention. The free version comes with intrusion detection, and then the license version has intrusion prevention. It also has some additional things for active directory connectors, etc.
It starts at $25 a month to cover 12 devices. Then it goes up from $25 to $50 a month for 12 to 25 devices. That's where it really doesn't scale out per site. If you have a site that has more than 50 devices on it, then Untangle quickly becomes cost prohibitive in comparison to several other competitors. They have a weird per-device licensing model, whereas most firewall vendors simply tell you that this is how many devices we expect you to cover and this is what your licensing costs. They don't tier it by the device. Firewalls have different costs and different licensing. So, in a way, it is the same, but Untangle is more upfront about it. They tell you that if you have X amount of devices, this is what your licensing cost is, whereas other firewall vendors tell you that if you're covering this amount of devices, you need this type of firewall that they make, and it's going to cost you this amount a month, which is going to be more, but the price comparison is definitely not favorable for Untangle once you go over 50 devices.
There is an additional cost of the hardware, which you can purchase upfront. You can pay for hardware as a service, or you can deploy it to your own hardware at no additional charge. We can deploy this for free, completely and utterly free and clear, just by simply running a VM and installing the free version of the software on it. So, there are literally no costs to it. The additional costs are basically just completely optional, except in the cases of industries where certain of these other security features are a requirement, but the only costs that you have to pay are the licensing costs. You can choose not to buy their hardware at all and just deploy it in a VM.
Palo Alto Networks VM-Series: VM
reviewer1415460 says in a Palo Alto Networks VM-Series review
Senior Network Architect at a manufacturing company with 5,001-10,000 employees
The VM-Series firewall is part of our overall security solution.
It would be good if the common features work consistently in physical and virtual environments. There was an integration issue in the virtual deployment where it didn't report the interface counters, and we had to upgrade to the latest version, whereas the same thing has been working in the physical deployment for ages now. It seems that it was because of Azure. We were using VMware before, and we didn't have any such issues. We do see such small issues where we expect things to work, but they don't because of some incompatibilities.
There also seems to be a limitation on how to do high availability in a virtualized environment. All features should be consistently available in physical and virtual environments.
It is not always easy to integrate Palo Alto in the network management system. We would like to be able to compare two network management systems. They can maybe allow monitoring an interface through the GUI to create a reference or do a baseline check about whether your network monitoring system is actually giving you the correct traffic figures. You need traffic figures to be able to recognize the trends and plan the capacity.
What I like about the VM-Series is that you can launch them in a very short time. You don't have to wait for the hardware to route for them to be staged and installed. From that perspective, it's easy to launch and it's good because it is more scalable.
The product is quite responsive.
reviewer1303821 says in a Palo Alto Networks VM-Series review
Network Security Engineer at a tech vendor with 51-200 employees
We are a solution provider and the Palo Alto VM-Series is one of the products that we implement for our customers. Our customers use this virtualized next-generation firewall as part of their security solution.
I am the guy they call up first for the central infrastructure and configuration of the malware, firewall, and main applications, and I use Palo Alto Networks VM-Series for that.
With Palo Alto VM-Series, we are capable through a single point of management and visualization both in infrastructure and on premises and in the cloud. This allows us to improve the speed to create new rules, speed up the resolution of problems, having a holistic vision of our firewall infrastructure.
We use the solution for hands-on testing purposes and also for activating firewall re-entries, which is easy to accomplish. We only need to turn up the VM to the firewall. This serves users who are working at home due to the COVID-19 pandemic. We also utilize the solution in respect to several servers which are behind the firewall.
The VM-Series enables us to extend consistent next-generation protection across different infrastructures with a unified policy model, which makes it very easy for us. It is very important that we have this single pane for monitoring all of the network resources and multiple devices because, today, it's a complex environment where you have to take care of many devices.
This solution makes it very easy to quickly migrate workloads to the cloud.
Since we updated the system, the network has been very stable. Previously, there were issues with traffic throughput. With the improved visibility we now have, the traffic is being properly monitored, which means that we are better able to manage it. These are improvements that we saw very quickly.
reviewer1851084 says in a Palo Alto Networks VM-Series review
Manager, Information Technology at a tech services company with 5,001-10,000 employees
I don't think that scaling will be a problem since we can adjust the VM-Series model that we want.
I have around 100 instances protected behind this device.
Fortinet FortiGate-VM: VM
reviewer1428657 says in a Fortinet FortiGate-VM review
IT Director at a retailer with 1,001-5,000 employees
We have been using Fortinet FortiGate-VM for almost two years.
reviewer1238931 says in a Fortinet FortiGate-VM review
Junior Network Engineer at a tech services company with 11-50 employees
The installation process is very easy with FortiGate VM. We can easily deploy it. That said, we did run into issues with some customer requirements and our engineers were forced to get involved. Occasionally, it takes too much time to configure certain aspects. However, a basic configuration is pretty easy.
reviewer1212075 says in a Fortinet FortiGate-VM review
Owner at a financial services firm with 1-10 employees
I would rate Fortinet FortiGate-VM a nine out of ten.
reviewer1504884 says in a Fortinet FortiGate-VM review
Systems Engineer at a tech services company with 501-1,000 employees
Most of the use cases that we have are SD-WAN and perimeter firewall related.
Our clients are mostly small to medium-sized businesses. We also have large enterprise clients that range from 1,000 to 8,000 users. We haven't planned to increase the usage, but we are currently using Fortinet FortiGate-VM for perimeter firewalls and SD-WAN for our branch offices.
reviewer1512672 says in a Fortinet FortiGate-VM review
Project Coordinator at a marketing services firm with 201-500 employees
We use Fortinet FortiGate-VM as a firewall to deliver high-performance network security solutions that protect our network and data from evolving threats.
The solution is FortiGate 60D and FortiGate-VM is FortiOS 5.2.2. I'm not sure which version of the solution we are currently on.
Our company exports this solution to large customers. We're partners with Fortinet.
We have the solution on a local server.
I'd rate the solution at an eight out of ten.
Lindsay Mieth says in a Fortinet FortiGate-VM review
CISO at a religious institution with 501-1,000 employees
We work with the government and the customers do not want the VM solution, they prefer appliance solutions.
reviewer1401510 says in a Fortinet FortiGate-VM review
Team leader technical support at a manufacturing company with 201-500 employees
I would definitely recommend this solution. I was advised to be very skeptical about the performance statistics as indicated in the documentation, but I didn't find that to be the case. It is very scalable with good performance.
I would rate Fortinet FortiGate-VM an eight out of ten.
I would recommend this solution to others. Especially if they are new to these types of solutions, it is easy to understand.
I rate Fortinet FortiGate-VM an eight out of ten.
I have been using Fortinet Fortigate-VM for the past two years.
We installed Fortinet FortiGate-VM for security purposes. Our main motivation is for security reasons and improving networking.
For firewall devices, Fortinet is very good. They can improve on other solutions, I have used some solutions in the past that did not have a good UI. There are other things that Fortinet as a whole can focus on.
I rate Fortinet FortiGate-VM a nine out of ten.
reviewer1602627 says in a Fortinet FortiGate-VM review
Network Security Engineer at a tech company with 201-500 employees
I have been an integrator for Fortinet FortiGate-VM for a couple of years.
reviewer1054542 says in a Fortinet FortiGate-VM review
Consultant at a comms service provider with 11-50 employees
I have been using Fortinet FortiGate-VM for the past three years.
Aurelio Rodas says in a Fortinet FortiGate-VM review
IT Specialist at a tech services company with 51-200 employees
It's very stable. I remember only one case in which we had issues with a routing protocol. This was the big problem that I had with FortiGate, as they had some issues and they reduced the equipment. However, in the last five years, it was the one lone situation that I opened a case for and they took a lot of time to get to the solution, which was an SBS and BGP routing protocol into the FortiGate. That said, that issue was on an appliance, not a VM solution.
reviewer1622106 says in a Fortinet FortiGate-VM review
Project manager at a comms service provider with 10,001+ employees
I would rate Fortinet FortiGate-VM a 10 out of 10. It tops others in terms of performance.
reviewer1641246 says in a Fortinet FortiGate-VM review
Senior Security Engineer at a energy/utilities company with 1,001-5,000 employees
The use case for VMs is if you're going to deploy them like a SaaS edge, to protect your applications or provide deeper visibility into the traffic. Or you could use it in your data centers as well. However, that's not our preference.
We primarily use the solution for network segmentation at our data centers and remote connectivity to our distributed sites.
We use Fortinet FortiGate-VM for managing inbound and outbound internet traffic through our environment. Sometimes, we also use it for managing the site's internet outbound and routing. We also use it for IPSec on Azure. We also have an on-premises environment, and we're using it for IPSec on that environment.
All the routing happens through it because we're swinging all the traffic on the Azure side through a firewall which is basically the gateway. It acts as the gateway and manages outbound traffic in that environment. We have also set up the SSL VPN for users. We do have FortiGate on-premise, and we set up the SSL VPN connection for users.
I have been using Fortinet FortiGate-VM for more than two years.
We are using the latest version.
reviewer1625292 says in a Fortinet FortiGate-VM review
Creative Head/Director at a marketing services firm with 1-10 employees
We use the solution for creating IPsec tunnels and web and application filters. We use it for monitoring virtual traffic on platforms including VMware solutions.
reviewer1651302 says in a Fortinet FortiGate-VM review
Director Of Technology at a tech services company with 1,001-5,000 employees
Fortinet FortiGate-VM may be installed on Azure or AWS.
You can either install it in your data center alongside your virtual applications or put it in the public cloud to secure it.
Edd Bautista says in a Fortinet FortiGate-VM review
Engineering Manager at Primatel Communication Snd Bhd
We're using FortiGate-VM on-prem for our firewalls. The Fortinet component in the cloud is FortiGuard. We get our virus definitions regularly updated from the cloud, but the FortiGate firewalls are all on-prem. While the virtual firewalls are created inside the physical firewall, there is an option for a virtual machine firewall where we'll give you the VHD file, and you can install it to a server.
Virtual machines aren't widely used in Brunei because the Brunei government isn't ready for these things yet. They're more confident in hardware, but everything is slowly starting to head in this direction. Others are watching what will happen when people use the apps before they try them.
I've been using FortiGate-VM for six years.
reviewer1280259 says in a Fortinet FortiGate-VM review
Information Security Manager at a financial services firm with 501-1,000 employees
We use FortiGate-VM to access clients' networks. These are generally Azure cloud environments in which we set up resources for clients to use.
We use Fortinet FortiGate-VM as an SD-WAN solution and for security profiles.
I do not recall which version we are using.
I have been working with FortiGate products for the past five years and with Fortinet FortiGate-VM for the past year.
I occasionally implement Fortinet for clients.
In the most recent instance, we had a cloud implemented and I was driving the infrastructure. The client had separate areas inside it purposely. They needed to implement a FortiGate solution in the same client, with different VMs, for different clients, to make different areas for these clients.
reviewer1718730 says in a Fortinet FortiGate-VM review
User at a hospitality company with 10,001+ employees
Fortinet FortiGate-VM is easy to use.
reviewer1691751 says in a Fortinet FortiGate-VM review
Principal Network Engineer at a computer software company with 201-500 employees
reviewer1125813 says in a Fortinet FortiGate-VM review
IT Support Team Leader at a tech services company with 201-500 employees
We are using FortiGate-VM for the protection of our internal network and also for VPN services. Right now, there are about 200 end users in our main office and in other business units we have an additional 100-200 end users. We have about five different firewalls, yet almost all of our units are using FortiGate-VM. So, in total, we have about 500-600 users.
reviewer1752144 says in a Fortinet FortiGate-VM review
Cyber Security Analyst at a tech services company with 501-1,000 employees
FortiGate-VM's firewall is excellent.
We use Fortinet FortiGate-VM as a firewall for our internet.
KhalidMohamed says in a Fortinet FortiGate-VM review
Programmer / Analyst at Maridive & Oil Services
I found the Antivirus and Anti-spam features most valuable in this solution. I'm happy with FortiGate-VM because it's good for our servers. It stopped many attacks, including spam, over our networks.
reviewer1140930 says in a Fortinet FortiGate-VM review
Technical Lead at a government with 1,001-5,000 employees
We use Fortinet FortiGate-VM as a network firewall.
This product is very scalable. I always buy hardware that can handle a lot of connections and a lot of users. So, in terms of scalability, all you have to do is upgrade your hardware. Or, it is especially scalable if you use the VM version because you only have to provision more resources.
We regularly have between 20 and 50 users, although sometimes it is as little as 5 or 10.
Its pricing is unbeatable in comparison to other firewalls. You can have a small instance that could be €80 a month with the hardware underneath. Azure Firewall and FortiGate are out of the question at this price.
If you are on a public cloud, you need the underlying infrastructure. Other than that, there is no additional cost. If you have it on-prem, you have to buy the server or the appliance. The hardware cost is replaced with the infrastructure cost in the cloud. You also have costs for the public IPs and underlying VMs, but that's not related to OPNsense. It would be the same for a FortiGate deployment on Azure. You need a FortiGate license, and you need the underlying infrastructure that scales up depending on your needs.
Check Point NGFW: VM
Arun Jethy says in a Check Point NGFW review
Sr. Network Engineer at a tech services company with 51-200 employees
We are using this solution for the security enhancement of our internal company network. This is to protect our customers as well as internal users from the untrusted network or outside world.
I am using the physical appliances of Check Point Firewall as well as virtual machines (VMs). We are using the same versions of R80 on our VMs that we are using for our physical appliances.
reviewer1721655 says in a Check Point NGFW review
Networking engineer at Hewlett Packard Enterprise
The solution should be evaluated and a trial run should be done in the lab as Check Point provides VM instances that can be installed on an open server box. Make sure to check with sales about the features and if they require additional licenses before purchasing.
We have evaluated Palo Alto Networks VM-Series to see what was available, and recently, I researched the Azure VM series to know how it worked.
I use it as well as a VM. We use it a lot because we have all fiber optic connections, so we could use almost all of that. The federation is beautiful because I can transfer all traffic to my main site where I can use just one link to the internet, and I can use it as a proxy as well. It is good to keep control and security.
The perimeter antivirus can be improved. It's not as good as other leaders.
Additional features that could be good to have/improved include:
- Modular capabilities
- Integration with VMware and NSX products per client requirement
- 3rd Party support product is very limited
The solution can integrate with other vendors to form IPsec connectivity with redundancy - which is only possible now between the CP to CP FW only.
The licensing part is a bit tricky. The product can simplify this further for ease of use.
They need to work on log size optimization.
Antivirus signatures should be updated in real-time.
JavierTan says in a Check Point NGFW review
IT Manager at a tech services company with 5,001-10,000 employees
The solution is great for cyber attack prevention, data bridges, and other threats. You need intelligent and effective solutions to minimize cyber attacks and Check Point gave me peace in December when they had an unidentified log4j vulnerability.
Our main benefit was the elimination of a server/VM from our data center and the usage of a cloud solution.
Having all the features on the cloud was also a benefit since some products when migrated to cloud solutions lose some features - but not his one.
The setup is a little bit rough and requires some technical expertise, however, this is expected with a solution as complete as a firewall and especially a Check Point one.
We use Check Point as well as Cisco. The firewall is used in order to continue filtering with VMware VMotion on different data centers.
I have a relatively small infrastructure, with a VMware Vsphere running all my servers on virtual machines. My network consists of approximately 30 workstations. The Check Point NGFW helps detect attacks against enterprise applications.
It can enforce application functionality specific controls, monitor application data and content, and monitor HTTP, HTTPS, SMTP and other application protocols for better protection. I can audit applications running on my network, monitor their content and data, identify hosts on which applications are running, and identify users of the applications.
reviewer1895619 says in a Check Point NGFW review
Information Technology Security Specialist at AKBANK TAS
The product is basically for completing a firewall task. On top of that, the aim is to find a comprehensive solution with the innovations from next-gen. We made an isolated zone in a small part of the company. Here, we aimed to provide basic security features with few security devices. In this context, we ran the Check Point appliance by opening almost all the blades on it. The Check Point software architecture was able to provide quite good results because it ran on its own OS. It's pretty good as a VM. At a point where we wanted to isolate VM devices, we provided a solution with a VM series of Check Point.
This is something that doesn't directly affect us. However, I know VMware is not supported by the platform.
Also, it seems that plenty of features you may not know even exist unless you do some extensive, deep digging as they're not coming up in the initial configuration, so you have to go through the documentation to realize their existence.
Support is really good, so you may rely on them to learn more about these coded features I'm talking about, also to make the proper calibration for the rules/policies you're applying as they may not turn the results expected from the first config.
Palo Alto Networks NG Firewalls: VM
reviewer1232628 says in a Palo Alto Networks NG Firewalls review
Solutions Architect at a computer software company with 10,001+ employees
We use both the NG and VM series of Palo Alto firewalls. We sell and install them for clients to provide the best security that money can buy. Additionally, adding SD WAN on the same edge device has made an all-in-one, security-edge-intelligent routing solution possible without sacrificing performance or a secure environment.
reviewer1447032 says in a Palo Alto Networks NG Firewalls review
Senior Network Engineer at a tech services company with 201-500 employees
The best feature of this solution is the GlobalProtect, followed by the App-ID feature which is very good. I also like the VMS feature.
reviewer1461459 says in a Palo Alto Networks NG Firewalls review
Team Lead Network Infrastructure at a tech services company with 1-10 employees
The solution can be used in the data center it can be used as perimeter firewalls and gateways as well. It can be used anywhere. From the systems side, the data center side, or I typically recommend that it be deployed in a VM, as it may be able to see the internet traffic and specifically it would basically look into the details of a virtualized environment as well.
The initial setup is pretty straightforward. We just had to do the initial configuration of hardware, deploy our Panorama VM and integrate with hardware firewall, and it is pretty simple. It's also quite self-explanatory.
Gerry Hicks says in a Palo Alto Networks NG Firewalls review
CyberSecurity Network Engineer at a university with 5,001-10,000 employees
We're slowly migrating our on-premises solutions to the cloud. We implemented the next largest size VM for the PA-7050s because we're using 7050s on-premises, due to the bandwidth requirement of 100 GBS.
After changing our firewalls to 7050s last year and this year, both our internal firewalls and our border firewalls are 7050s.
Reviewer32052 says in a Palo Alto Networks NG Firewalls review
Presales Specialist at a tech services company with 1-10 employees
We have had a couple of big projects with government companies here in Ukraine. One of those projects involved three data centers with a lot of security and network requirements, and we implemented Palo Alto as part of this project.
The use case was to build the new data centers with a firewall that would not only work on the perimeter but also for internal traffic. We deployed eight PA-5200 Series firewalls and integrated them with VMware NSX, and they're working together.
I rate Palo Alto Networking Next-Gen Firewalls seven out of ten. I have to qualify that by saying that I probably don't know enough about Palo Alto Networks technology because we don't have advanced projects in Poland. I want more opportunities to develop my skills with this technology. I want to know more about Prisma Cloud and Strata products.
Depending on the client's infrastructure, I would recommend a different Palo Alto firewall. I would use PA 220 or maybe a PA 420 maybe for a small office. These devices are for small and medium-sized businesses. We would use a 52 and a 54 series or a 7000 series for a large enterprise.
A VM deployment might be suitable for some security projects. We've even deployed Palo Alto in Polish government institutions. For example, I implemented a VM 500 security solution two years ago. This device works in high availability mode. I think VM is a good starting point for a customer. It allows them to try the security product, open the Web UI, etc. After that, we should develop a proof of concept test and show the customer how this device works on their infrastructure.
I would recommend a Palo Alto firewall with next-generation security functions like IPS, and the ability to use user or application IDs. I will tell my customers about dynamic functionality and threat intelligence in the Palo Alto Networks cloud.
I would rate this solution an eight out of ten.
In terms of a trade-off between security and network performance, I would rate it more toward network security. We have a lot of other alternatives for monitoring but not for the security side or antivirus detection.
I would highly recommend Palo Alto. If you want a cheap solution, I would recommend Sophos. But if someone is looking for real-time protection, I would suggest that they go with the virtual instance of Palo Alto, which is PA-200 VM, because it simply fulfills our requirements.
For personal use or SMEs, the price of PA-400 is high, but the security and performance are worth it.
I am not absolutely certain they have done a good job in scaling out. They may start to suffer now and going forward because there are other, more cloud-ready platforms out there starting to shine over Palo Alto. They are not the prodigal son anymore.
It has limited scalability since it is still very hardware-centric. They have a cloud VM model, but I haven't had too much experience with it.
On certain levels, it protects our information. Luckily, I had switched to Palo Alto as our VPN solution for our users. We finished that in December of 2019, just in time for COVID to hit. We had a system that was able to support 650 to 700 users remoting into our campus through the VPN. This was a huge use case for us, as it was not intended to be the solution for COVID, but it turned out to be the solution for COVID. So, it was a great use case. Obviously, we want to protect our servers, virtual servers in the cloud, and on-prem.
We have the eighth fastest supercomputer in the world. Unfortunately, we don't get to protect that because it has so much data going through it, i.e., petabytes a day. There isn't a firewall that can keep up with it. We just created a science DMZ for that kind of stuff as well as large data movers since we do weather data for the world. We research the ocean, sky, and solar weather. We have 104 universities who work with us around the world. Therefore, we need to have data available for all of them. We need to be protected as much as we can.
We started with Palo Alto 5060, then the 3060 came in, which was the next form. We have now switched to an HA system and have four firewalls as our base: a pair of 5220s and a pair of 5250s. We have been running the different OSs from PAN-OS 8.0, 8.1, 9.0, 9.1, and then 10.1. We are about to move to 10.2. We are in the process of doing that over the next week. We like to stay on the cutting edge because they are always adding more features and security.
We have it deployed in a number of different ways. We have our four main firewalls, which have two high availability pairs. One is set primarily for users and outward-facing functions. Therefore, our DMZ servers, staff, and guest networks are on one pair of firewalls. Back behind the scenes, labs and our HR department are on a separate set of firewalls. We call them: untrust and trust. Then, we have another set of firewalls, both in our Wyoming supercomputing center and in our Boulder main campus, which runs a specific program that has a DOD contract that requires more security, so they have their own set of firewalls. We also have firewalls in Azure Cloud for our tests and production environments. I am in the process of purchasing another VM firewall to put on the AWS Cloud. The last set that we have is at our Mauna Loa Solar Observatory, where we have an HA pair of just 800s because we only have a one gig radio link down the side of the volcano to the University of Hawaii.
We have between 1,200 and 1400 staff at any given time. Essentially all of them use the solution one way or another, either to access systems or through the VPN. We also have remote users who aren't employees but instead collaborators, and they can be anywhere in the world and remote into our systems. We then have people who are doing PhD programs at universities around the world who need to get into our systems to download data sets as part of their PhD or Master's program. Thus, the solution is not limited to our employees.
Fortinet FortiOS: VM
I think Fortinet needs to improve their support. They are not one of the gold star rating support companies. There are a few big vendors like Cisco, EMC, VMware with gold star support rating. The support is sometimes not up to the mark.
Azure Firewall: VM
reviewer1574409 says in an Azure Firewall review
Cloud Architect at a tech services company with 10,001+ employees
When it comes to firewalls or any other type of security device, it is more of an analysis done by your security team to determine whether or not it meets your security requirements. If we are only talking about product and features, I would recommend it because from a cloud perspective, and specifically, if you are using Azure, it is quite easy from a manageability, operations, and configuration standpoint, with respect to the PaaS services.
Whereas if you deploy other vendors on Azure, managing the PaaS services would be difficult because Azure uses service tags, which you can simply configure in Azure Firewall for your PaaS services and other, even VMs. However, if you use other product vendors, there will be some kind of IP address restriction.
If you're in an Azure environment, I'd recommend Azure Firewalls. If it is any other type of environment, we will most likely have to reassess it.
As of now, it is pretty easy to rate it as nine. I won't rate it as 10 because we haven't searched much of the features. I would rate Azure Firewall a nine out of ten.
Palo Alto Networks K2-Series: VM
SonicWall NSV: VM
Niranjan Prajapati says in a SonicWall NSV review
Network & System Support Engineer at ITCG Solutions Pvt Ltd
The initial setup is straightforward. It is easy to deploy.
I've done a number of deployments for our clients. We haven't had any difficulties. It's working well.
I am familiar with the GUI, which helps with the deployment process.
The deployment is normally 20 to 30 minutes, but it depends on the hardware configuration.
For example, when we deploy in a VMware platform or a Hyper-V platform it can take anywhere from 25 to 45 minutes to complete.
Check Point CloudGuard Network Security: VM
Our company works in the area of developing and delivering online gambling platforms. The Check Point Next-Generation Firewalls are the core security solution that we use for the protection of our DataCenter environment located in Asia (Taiwan).
The environment has about 50 physical servers as virtualization hosts, and we have two HA Clusters that consist of 2x5400 hardware appliances, managed by an OpenServer Security Management Server on a Virtual Machine (KVM), all running on R80.10 with the latest JumboHotfix.
The Check Point Virtual Systems are activated on the NGFWs to logically divide the firewall into two parts. One is for serving internal, intra-VLAN traffic, and the other is for serving the external traffic coming from the Internet.
reviewer1518027 says in a Check Point CloudGuard Network Security review
Electronic Engineer at a tech vendor with 11-50 employees
We're solutions providers. We're partners with Check Point. We offer integrations and support. This is one of the products we offer to our clients.
We're using the latest version of the solution. The platform is R80.40. It's deployed on VMware's virtual environment.
I'd recommend the solution to other organizations. The likelihood of running into issues is low.
I'd rate the solution at a nine out of ten. We've largely been satisfied with the product.
reviewer1213497 says in a Check Point CloudGuard Network Security review
DBA Team Lead with 51-200 employees
After I made up my mind to migrate it to another solution, I was kind of checking all the other firewalls, the FortiGate, Check Point, pfSense and OPNsense, and Check Point has pretty simple solutions, like the virtual appliance which you just download and it is imported into VMware and you just start using it. You just have to know Check Point's GUI so you can manage your IP addresses and access rules and stuff. But as I said, Check Point is really advanced and the GUI is kind of advanced, which the customer reports actually prove.
reviewer1670154 says in a Check Point CloudGuard Network Security review
Firewall Engineer at a logistics company with 1,001-5,000 employees
Having the whole environment be under the same management is definitely is a plus.
Using a scale set to increase/decrease the amount of firewalls in the cloud helps with saving costs in the long run, as they will only increase if traffic increases and therefore saving us on licensing costs. For a normal Cloud Guard you pay for each core, so using the SS you don't have to fully size and pay for the maximum amount of traffic.
It's possible to sync the Check Point Management with the cloud portal, therefore allowing automated rules to be set in place whenever creating a new VM.
The initial setup was pretty straightforward. It's like running our VM on cloud, just speeding it up. When it comes to implementation strategy, we need to list all the assets or the traffic VLANs or network segmentation we want to monitor. From there, we assess how many nodes CloudGuard Network Security needs to monitor all those VLANs. It then takes two to three weeks to implement, given the likelihood of some challenges along the way. Deployment is carried out using a mix of Check Point engineers and in-house IT people.
Sophos XGS: VM
The first time a person sets it up, they will need training.
We’d like to see an easy migration. They did an upgrade on VMware that might have affected things. We’d like them to return to something like they were running before from 2018 going to 2019.
The scalability could be better.