2020-06-05T11:20:00Z
Srinivas_K - PeerSpot reviewer
Sr. Network Engineer at Medha
  • 15
  • 2717

Best firewall models for 750 to 1000 users

We need a hardware Firewall for 750-1000 users to provide restricted Internet access, business email access, and remote access for 300 users. Please suggest suitable models.

18
PeerSpot user
18 Answers
Frank Theilen - PeerSpot reviewer
IT Adviser/Manager with 51-200 employees
Real User
Top 10
2020-06-09T10:03:51Z
Jun 9, 2020

You might look into a Sophos or Meraki, but I suggest to consider a more holistic approach. If you have 1000 user at one location, I suggest to look into more than one FW in case one is broken or needs maintenance, also to split the bandwidth and support 2+1 Providers. Also the protection of the devices should not stop if they move to another location. With Sophos you could combine the AV/Client Protection with the FW and stay save when moving home or somewhere else. Meraki offers good value and a cloud management but only works for the network part. Advantage is you don't need a FW expert to care for it.
Access to Email needs more information. What do you access from where? If it is a cloud based Email Solution like Office 365, than you need a client protection not a FW to access this more securely. If the solution is on premise, again you will not pass through the FW. If you talk about remote access to an on premise solution, I suggest to get something in the cloud to protect it, like Cloudflare, AWS or better a Email Cloud Service like Mimecast.

Search for a product comparison in Firewalls
Rupsan Shrestha - PeerSpot reviewer
Technical Presales Engineer at Dristi Tech Pvt.ltd
Real User
2020-06-09T04:28:13Z
Jun 9, 2020

You can go with any reputed brands like Cisco, Fortinet, Palo Alto, checkpoint, Sophos. Features sets like malware protection, 360 visibility, spam/web filter, URL filter are available in almost all firewall vendors but in different licensing types. First, choose a suitable vendor that may heavily dictate the pricing of the device itself. For example, Sophos is obviously cheaper than Palo Alto, however, Palo Alto does provide that extra set of features for the price.

And the other thing you need is to consider your bandwidth and business requirements. Maybe you have servers that need to be accessed from outside, or maybe you just need to defend the perimeter and protect from outside; decide what your business really needs.

Then depending on your budget, you can go for the brand of your choice.
I would suggest a baseline something like this;
1. Fortinet 200E
2. Cisco 2100 series
3. Palo Alto 820
4. Sophos 210/230
And please do keep in mind that a firewall is just a tiny part of your network and security architecture. There is no guarantee that you are completely secure from attacks just because you have a firewall. Firewalls can also be evaded which is also based on how you have configured the device. You may also need additional protections like email security, antivirus, and so on.

Aleksandar Jovanovic - PeerSpot reviewer
System Engineer at E-smart systems
Real User
2020-06-08T07:23:41Z
Jun 8, 2020

Palo Alto PA820 with URL filtering, threat prevention and wildfire subscriptions, HA pair or spare device optional. If remote workers uses linux or android, you'll need a Global Protect licence also.

AB
Solutions Architect at a computer software company with 10,001+ employees
MSP
Top 5
2020-06-09T00:13:46Z
Jun 9, 2020

Without knowing the applications your users are accessing and the file transfers you are seeing, I would need to ask how much bandwidth you are consuming. Bulky, chatty applications with a lot of file transfer can be throughput intensive, so a good start is to look at your current bandwidth reports. If you do not have any handy, you can obtain them from your ISP.

Don't go cheap on security; break-ins cost more, a lot more. That said, you would be in good hands with anything Palo Alto, since you have options to filter URLs with App ID, adding in a very powerful IPS platform and remote access. That said, going with an option like the PA-3220 will provide all of the aforementioned services, while allowing for enough bandwidth to future-proof your edge. That appliance can provide TP up to 2.4Gbps. You would save a lot with the PA-820, but the throughput for protection is 800Mbps. Again, your final decisions is dependent upon the bandwidth you see today and what you expect to see tomorrow. Do find out if there are thoughts for heavy expansion within your organization; you don't want to have to upgrade your firewall next year.

KD
Network Engineer with self employed
User
2020-06-08T20:02:33Z
Jun 8, 2020

Cisco is still the benchmark for firewalls although Palo Alto and Checkpoint both provide excellent equipment.

Model selection is dependant on anticipated bandwidth and utilization selection solely on user count is an ineffective way to select a firewall.

Stuart Berman - PeerSpot reviewer
CTO at a tech company with 11-50 employees
Real User
Top 10
2020-06-08T18:29:41Z
Jun 8, 2020

At a minimum I would recommend a Fortinet FG-100F
The "F" series is their latest ASIC and it outperforms the E series by x4 or better.
I like to oversize the firewalls to get more life out of them, although we usually use virtual appliances (FG-VM02v or greater)
If I had to choose an older model would go with FG-600E or higher depending upon discount.
The next higher F model is FG-1800F which is a beast and overkill.

Find out what your peers are saying about Fortinet, Cisco, Netgate and others in Firewalls. Updated: November 2022.
654,658 professionals have used our research since 2012.
Syed Khalid Ali - PeerSpot reviewer
Senior Solution Architect at a tech services company with 51-200 employees
Real User
2020-06-08T08:00:58Z
Jun 8, 2020

There are variety of product options such Cisco, Fortinet, Sophos, Sangfor or Palo Alto.

And you may also need to consider other factors including:
1- Total available bandwidth (Internet + WAN + or any other)
2- What other inspection engines will you use other than the basic firewalling. For example: IPS, AV (or Anti-malware), URL, Sandbox, SSL etc...
3- New Sessions Per Second
4- Total/Concurrent Session

As a baseline, you can begin with:
1- Fortinet 300E
2- Cisco FPR2110
3- Sangfor M5200/5250
4- Sophos XG210/230

Consider All-In-One subscription license, as it will cost less compared to individual subscriptions.

Real User
2020-06-09T08:34:58Z
Jun 9, 2020

I would recommended you Cisco NGFW FTD or Fortinet FW

Al Faruq Ibna Nazim - PeerSpot reviewer
Head of Technology at Computer Services Ltd.
MSP
2020-06-09T07:58:43Z
Jun 9, 2020

I would say you need to know whats your existing network infrastructure built on. Only considering Firewall with lots of functionalities rather which is firewall like UTM you can consider Fortinet or Sophos. But if you have a security system like NAC or SANDBOX you need to consider firewalls according to its functionality and support.

Let's say you are using Cisco ISE with TG - then its definitely Cisco FPR with APX license you need to consider. But else a segment by segment network built considering product base (which I do not recommend) you can check any competitive ranking list to choose.

Security management is a holistic approach that should be well planned to support interdependency while in action. Which makes it well workable as well as easily manageable and quickly responsive to any incidents. But if you only like to concentrate on the UTM type box to manage a firewall you can go with Fortinet. But my all-time favorite used to be Checkpoint.

OSSENI Adé Adam - PeerSpot reviewer
Senior Network Engineer & Technical Instructor at Improtech
Real User
2020-06-09T05:18:46Z
Jun 9, 2020

Per your demand and features required, I will suggest Fortinet FortiGate 900D/1000D model.

Manjil Bhetwal - PeerSpot reviewer
Presales Engineer at a tech services company with 11-50 employees
Real User
Top 5
2020-06-08T17:13:46Z
Jun 8, 2020

Can you use Fortinet NGFW firewall 401E with UTM license and integrate FortiClient EMS( EndPoint Management System) for restricted access from anywhere whether they are In-home or in office.

Jason Best - PeerSpot reviewer
Data center network architect at Cloudwire
Real User
Top 10Leaderboard
2020-06-08T15:02:40Z
Jun 8, 2020

Depending on the number and type of remote users you might want to consider webabased solutions such as Palo Alto Prism or Zscaler rather than a straightforward SSL VPN/IPSEC tunnel.

SImoneGebellato - PeerSpot reviewer
Group IT Architect & Network Engineer at a engineering company with 11-50 employees
Real User
2020-06-08T14:46:26Z
Jun 8, 2020

We're using PA820 with more than 1000users and with VPN and SSLVPN. So, in my opinion, these are very good devices.

VG
IT Security Head with 1,001-5,000 employees
Real User
2020-06-08T10:58:32Z
Jun 8, 2020

Best firewall models for 750 to 1000 users.

We need a hardware firewall for 750-1000 users to provide restricted internet access, business email access, and remote access for 300 users. Please suggest suitable models.

# I will prefer Palo Alto 3220 or 3250 model with a threat prevention subscription where I will be getting IPS / IDS, Anti Virus protection, SPAM, and go for HIP profile license also where you can provide SSL VPN access without much security worry.

Deployment is quite easy and I can help you out if you need any assistance.

UM
Presales Manager Fortinet, Cisco, PostMaster & Makerbot with 1-10 employees
User
2020-06-08T10:31:14Z
Jun 8, 2020

Best Suitable Firewall FortiGate-300E is for 900-1000 users setup.

Tomislav Stanojevic - PeerSpot reviewer
Network & Security Specialist at Fonicom
Real User
2020-06-08T09:49:26Z
Jun 8, 2020

Cisco FPR 21xx

GP
Network Security Expert at sysman LTD
User
2020-06-08T08:30:29Z
Jun 8, 2020

The best is Palo Alto pa3220 model in H A.

SB
Technical Consultant at a tech services company with 201-500 employees
User
2020-06-08T08:14:54Z
Jun 8, 2020

If your budget permits, you can look at Palo Alto. This is the best firewall in all aspects. And if you want to discuss more regarding this you can connect me on shyam.biswas@inflowtechnologies.com

Related Questions
Yunus Yavuz - PeerSpot reviewer
Product Manager at Neteks
Nov 10, 2022
Hi peers,  I am a Product Manager at a small computer networking company. At the moment, I am researching Check Point's products. Is Check Point's software compatible with other products (including firewall products, servers, and more)? If so, which products? Are there products that are not compatible with Check Point's software? In addition, can you provide any specific documentation that ...
See 1 answer
Larry Chisholm - PeerSpot reviewer
Network Engineer at Solvonex
Nov 10, 2022
Checkpoint is an INCREDIBLY secure, but inherently frustrating platform to manage.    The gui/cli must often be used together to effect the changes you're looking for.   Don't get me started on the gaia hardware management interface.    If you must buy it, ensure that you get support.     Personally, I'll take Fortinet, Palo Alto or even Juniper SRX over anything checkpoint.
RV
Divisional Engineer at Aptransco
Aug 18, 2022
Hi members, What kinds of throughputs should we consider while designing/estimating the required firewall throughput in our organization? Thank you.
2 out of 5 answers
Aug 16, 2022
Different vendors have a slower speed for each option you enable on their devices so overestimate the size.  Some vendors will tell you the % of slowdown but consider double the line speed to compensate for the device's slowdown.
CR
Director at REDCO
Aug 16, 2022
Usually, it is the Internet bandwidth, a number of users and (in the case of NGFW) you have to check if you are going to perform SSL filtering and application control, but lately, they are more concerned about the type of link to the Internet.  Almost all manufacturers have a link to check the size of the firewall, but unfortunately, it is for partners only. If it is possible to have more information we can make an approximation with SOPHOS or Fortinet, if you like.
Related Articles
Ariel Lindenfeld - PeerSpot reviewer
Director of Community at PeerSpot
Aug 21, 2022
We’re launching an annual User’s Choice Award to showcase the most popular B2B enterprise technology products and we want your vote! If there’s a technology solution that’s really impressed you, here’s an opportunity to recognize that. It’s easy: go to the PeerSpot voting site, complete the brief voter registration form, review the list of nominees and vote. Get your colleagues to vote, too! ...
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Aug 17, 2022
Hi dear community members, In this edition of PeerSpot's Community Spotlight, you can find out what your peers are discussing and join in the conversation. Ask and answer questions on the topics that interest you most! Read and respond to articles or contribute your own! Trending These are the topics your peers are talking about on PeerSpot this week How do I estimate the requir...
See 1 comment
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Aug 17, 2022
Thank you to all the community members who share their knowledge with other peers! Also, special thanks to the articles' contributors included in this Community Spotlight: @Janet Staver, @Abhirup Sarkar, @Manoj Narayanan, @Beth Safire and @Shibu Babuchandran.
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Jul 5, 2022
Dear PeerSpot community members, This is our latest Community Spotlight for YOU. Here we've summarized and selected the latest posts (professional questions, articles and discussions) contributed by PeerSpot community members.  Check them out! Trending See what your peers are discussing at the moment! What were your main pain points during the SIEM product purchase process? What...
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
May 30, 2022
Hi peers, This is our new bi-weekly Community Spotlight that includes recent contributions (questions, articles and discussions) by the PeerSpot community members.  Articles Check the top products and solutions below (selected based on peer reviews) or contribute your own article! Top Security Orchestration Automation and Response (SOAR) Solutions Top 8 Data Loss Prevention (DL...
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Jul 11, 2022
Hi community members, As usual, this new Community Spotlight shares with you the latest articles, questions and trending discussions from your peers. Trending See what is trending at the moment and chime in to discuss! Top 8 Extended Detection and Response (XDR) Tools 2022 Would you recommend replacing Cisco ASA Firewall with Fortinet FortiGate FG 100F due to cost reasons? What is the...
See 2 comments
Ravi Suvvari - PeerSpot reviewer
Performance and Fault-tolerance Architect with 1,001-5,000 employees
May 30, 2022
Good very informative
Jairo Willian Pereira - PeerSpot reviewer
Information Security Manager at a financial services firm with 5,001-10,000 employees
Jul 11, 2022
Analyze the wave of product at Gartner Hype Cycle. EDR was good in the past. After that, MDR joined the hype and now, XDR is the trend. Wait for more in a couple of months and (sic) know the ZDR!
Related Articles
Ariel Lindenfeld - PeerSpot reviewer
Director of Community at PeerSpot
Aug 21, 2022
PeerSpot User's Choice Award 2022
We’re launching an annual User’s Choice Award to showcase the most popular B2B enterprise technol...
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Aug 17, 2022
Community Spotlight #20
Hi dear community members, In this edition of PeerSpot's Community Spotlight, you can find out w...
Related Categories
Download Free Report
Download our free Firewalls Report and find out what your peers are saying about Fortinet, Cisco, Netgate, and more! Updated: November 2022.
DOWNLOAD NOW
654,658 professionals have used our research since 2012.