A Firewall is only one brick in your cyber-security wall, if you will, but an important one.
Considerations - you have endpoints (laptops) that may travel in and out of network, connecting to the internet while not on your local network. They have the potential to bring problems with them when they come back into the network, especially if they have been infected with a cryptolocker virus and have shared network drives when they reconnect. A firewall, no matter how good it is, won't protect you from this.
Are you willing and budgeting for paying for license renewals every year?
How much CyberSecurity are you going to put on your firewall, vs offloaded to other systems - spam management for email is a good example of this.
What other security solutions are you also using, such as Barracuda email essentials, OpenDNS (Umbrella), file and image-level backups at the endpoint, enterprise grade AV, etc>
Are you protecting application servers?
Do you have compliance requirements such as HIPAA or PCI you have to manage?
You've asked a very generic question, so the answers you get as to the criteria required to evaluate an appropriate solution will be just as generic. In the world of security, Sophos and Fortinet are very good solutions if you want the best of the best, and those aren't always the best solution for the application - if there's no servers, the endpoints (desktops and laptops) are hardened, everything is backed up, and there's no critical data floating around, then a reasonable firewall with great throughput like a Ubiquiti UDM Pro could be a great solution that doesn't ransom you for an annual license fee.
In other words, without being more specific about your application, you're not going to get a lot of really useful responses here.
You should defer on what purpose you want to use the firewall and who is supporting it.
Means: If you like to use a firewall to protect the computer users from accessing the internet, you should look for integration with your other security aspects like AV, IPS, EMail Protection, classification service catalog, integration in Cloud-based management or SIEM, life protection with isolation or network disruption, reporting to fulfill certification audits like SOX, remote management and location awareness, SSL VPN Clients, access security with 2.nd factor, Active directory integrated security groups, other security products from the same vendor to extend portfolio but keep management in one tool, VPN to other branches, multi-vendor VPNs, throughput with all FW features in place, how many physical network ports you can configure internal/external, multi internet provider network ports to get redundant provider setups, failover or both at the same time, traffic management features to limit the traffic is due to application or service using it (VOIP, Netflix, ...).
Also, you should think of what part this firewall takes in due to your other chain of security. Does it fit to them? Do you want to change them in the future as well?
Last but not least is the amount of knowledge and support/maintenance the firewall solution would need. DO you want to keep/have an expert just for that? Is it going to be integrated into other management services (AV/Data Gov./Compliance), can you provide compliance access to the reports without compromising internal security? Can you restrict access to browsing or user history but grant access to security alarms and actions?
If you have a security concept it should be easy to find the right FW. If not, start with that.
In the educational sector, the main challenge is to have control over all content that students or educators will be accessing.
We have many vendors that offer this service, a few examples will be Fortigate, Sonicwall, Cisco, and Sophos.
Now it will depend on what aspect of firewall that you want to focus on if you want content filtering I would recommend going for Sophos.
With Sophos, everything has been made simple to manage and not really need to be an expert to maintain this nice piece of technology.
I.T Director at a healthcare company with 11-50 employees
User
2020-06-02T15:38:52Z
Jun 2, 2020
I support about 100 employees with a WatchGuard Firebox. There easy to configure and support is great if you do need help. They make many models to fit you business.
For vendors, I think there are more options in the US but I would like to know how their support and expertise is in case you need assistance in configuring the firewall and pricing.
For devices, I think it depends on what your needs are because there are very basic firewalls and there are ones that have lots of modules. I would also consider the user interface and ease of configuring. Also, consider the cost of license renewal.
As per you description situation, you can consider at least the following aspects.
Financial Aspect: What amount do you expect to spend for this device. If you have online payments, if the availability is one of your constraints so you will need two for failover and load balance;
Support Aspect: Its difficult to evaluate this point as allmost all vendors says that they have a good support methodology and expert teams, so you need to consider all aspect of the SLA, regarding what you company can pay;
Cybersecurity Aspect: So, if you need firewall means you have mail and web services at least. At this point you need to take a look at what vendors say about this ourdays problems, our they face it, where is the vendors on Gartner Quadrant. Most of the expensive one are not good enough but visionars and chanllenger can be considered. Of course you kind of service and kind of data your dealing with is one of aspects you must consider too.
You can design a table/check list with all aspects you need to consider, like throughtput you need, No. of VPN/Branch office and some other features you need to safe you environment and put values on it and some assumptions that you need to consider and at last you decide and i believe you will do the best.
Head of Infrastructure Solutions at Thakral One (Pvt) Ltd
Real User
2020-06-03T05:34:27Z
Jun 3, 2020
There are more than half a dozen of reliable vendor options are available for small organization.
Evaluation criteria need to align with the identified requirement; such as if the requirement is for.
* Secure the network from outside attacks?
* Control outgoing traffic?
* Remote network access?
* Integration with End devices?
* Network visibility?
* Added features such as; spam filtering, Data leakage prevention etc?
Once the requirement is identified, as with any other networking procurement evaluation, following criteria can be looked at for evaluation.
* How long the vendor has been in the industry
* Reviews by 3rd party evaluators such as Gartner
* Customer references related to the same industry
* Capacity criteria such as; number of interfaces, total throughput, session capacity
* Cost aspects such as; TCO for 3~5 years, warranty and replacement service levels, technical support levels
First, research the quality of the device, reputation and reviews. Generally speaking they don't fail often except for power surges. Second, licence terms and service options. Third, is local service support available? Review the service dept history, quality of employees and turnover. Generally, local support is better, you can go to their office and get in their face. Hmmm, Education eh? student hackers are always a possibility. Prepare questions to the vendor about security features, reverse hacking and spying. Nothing more satisfying than catching the gremlins red handed.
IT Manager at a hospitality company with 201-500 employees
Real User
Top 5
2020-06-02T12:32:33Z
Jun 2, 2020
What is your current firewall infrastructure?
Basic is the budget... Apart from the amount of money, some of the following are mandatory to think about:
1. How many concurrent users internal (on-premise)
2. How many concurrent users through VPN?
3. How many Firewall devices?
4. IPS, URL filtering, antimalware, AV
5. UX/UI, easy-going management
6. Type of warranty & support
7. Advanced security licenses
8. Google SafeSearch and YouTube for Schools (MX Meraki option)
9. Integration with AD
10. Cloud management
Hello peers,
I work for a large tech services company.
I am currently researching firewalls and am looking for the best solution. Which Firewall solution would you recommend and why?
Thank you for your help.
IT Infrastructure and Security Manager at a logistics company with 1,001-5,000 employees
Aug 22, 2023
For features and functionality, take a look at Palo Alto and Fortinet. Cisco is very good, however, they are not at the level for Next-gen features when compared to Palo Alto and Fortinet. If you have cloud infrastructure then you may wish to look at Zscaler. CheckPoint and Juniper are also very good options. If you are looking at open source then look at pfSense. Take a look at this article: 7 Best Firewall Solutions for Enterprises in 2023 (enterprisenetworkingplanet.com)
Hi Hwaeum, Outta my experience Cisco and Paloalto, both have its own USP's, also it depends on the use case. whether it's for gateway level or at branch level and depends on the usage of the end users. hope you've already considered all these parameters. 1. Cisco - Now the NGFW with new FTD software is really working out good with Enterprise customers, also the operational point of view ease to manage it with the help of FMC gives very good dashboard experience too. ( https://www.cisco.com/site/in/...)2. Paloalto - When application usage is maximum at the Network this helps better. ( https://www.paloaltonetworks.c...)
Hello,
I am looking at firewall options to support an SMB with 50 employees and approximately 100 devices. The ISP provides 1 Gbps service, however, I do not have data regarding specific VPN requirements, concurrent connections, etc.
Untangle, pfSense, Cisco, and Palo Alto are currently being looked at, with hardware and virtualized solutions being considered.Thank you.
We’re launching an annual User’s Choice Award to showcase the most popular B2B enterprise technology products and we want your vote!
If there’s a technology solution that’s really impressed you, here’s an opportunity to recognize that. It’s easy: go to the PeerSpot voting site, complete the brief voter registration form, review the list of nominees and vote. Get your colleagues to vote, too!
...
Hi dear community members,
In this edition of PeerSpot's Community Spotlight, you can find out what your peers are discussing and join in the conversation. Ask and answer questions on the topics that interest you most! Read and respond to articles or contribute your own!
Trending
These are the topics your peers are talking about on PeerSpot this week
How do I estimate the requir...
Director of Community at PeerSpot (formerly IT Central Station)
Aug 17, 2022
Thank you to all the community members who share their knowledge with other peers!
Also, special thanks to the articles' contributors included in this Community Spotlight:
@Janet Staver, @Abhirup Sarkar, @Manoj Narayanan, @Beth Safire and @Shibu Babuchandran.
Dear PeerSpot community members,
This is our latest Community Spotlight for YOU. Here we've summarized and selected the latest posts (professional questions, articles and discussions) contributed by PeerSpot community members.
Check them out!
Trending
See what your peers are discussing at the moment!
What were your main pain points during the SIEM product purchase process?
What...
Hi peers,
This is our new bi-weekly Community Spotlight that includes recent contributions (questions, articles and discussions) by the PeerSpot community members.
Articles
Check the top products and solutions below (selected based on peer reviews) or contribute your own article!
Top Security Orchestration Automation and Response (SOAR) Solutions
Top 8 Data Loss Prevention (DL...
Hi community members,
As usual, this new Community Spotlight shares with you the latest articles, questions and trending discussions from your peers.
Trending
See what is trending at the moment and chime in to discuss!
Top 8 Extended Detection and Response (XDR) Tools 2022
Would you recommend replacing Cisco ASA Firewall with Fortinet FortiGate FG 100F due to cost reasons?
What is the...
Information Security Manager at a retailer with 10,001+ employees
Jul 11, 2022
Analyze the wave of product at Gartner Hype Cycle. EDR was good in the past. After that, MDR joined the hype and now, XDR is the trend. Wait for more in a couple of months and (sic) know the ZDR!
A Firewall is only one brick in your cyber-security wall, if you will, but an important one.
Considerations - you have endpoints (laptops) that may travel in and out of network, connecting to the internet while not on your local network. They have the potential to bring problems with them when they come back into the network, especially if they have been infected with a cryptolocker virus and have shared network drives when they reconnect. A firewall, no matter how good it is, won't protect you from this.
Are you willing and budgeting for paying for license renewals every year?
How much CyberSecurity are you going to put on your firewall, vs offloaded to other systems - spam management for email is a good example of this.
What other security solutions are you also using, such as Barracuda email essentials, OpenDNS (Umbrella), file and image-level backups at the endpoint, enterprise grade AV, etc>
Are you protecting application servers?
Do you have compliance requirements such as HIPAA or PCI you have to manage?
You've asked a very generic question, so the answers you get as to the criteria required to evaluate an appropriate solution will be just as generic. In the world of security, Sophos and Fortinet are very good solutions if you want the best of the best, and those aren't always the best solution for the application - if there's no servers, the endpoints (desktops and laptops) are hardened, everything is backed up, and there's no critical data floating around, then a reasonable firewall with great throughput like a Ubiquiti UDM Pro could be a great solution that doesn't ransom you for an annual license fee.
In other words, without being more specific about your application, you're not going to get a lot of really useful responses here.
You should defer on what purpose you want to use the firewall and who is supporting it.
Means: If you like to use a firewall to protect the computer users from accessing the internet, you should look for integration with your other security aspects like AV, IPS, EMail Protection, classification service catalog, integration in Cloud-based management or SIEM, life protection with isolation or network disruption, reporting to fulfill certification audits like SOX, remote management and location awareness, SSL VPN Clients, access security with 2.nd factor, Active directory integrated security groups, other security products from the same vendor to extend portfolio but keep management in one tool, VPN to other branches, multi-vendor VPNs, throughput with all FW features in place, how many physical network ports you can configure internal/external, multi internet provider network ports to get redundant provider setups, failover or both at the same time, traffic management features to limit the traffic is due to application or service using it (VOIP, Netflix, ...).
Also, you should think of what part this firewall takes in due to your other chain of security. Does it fit to them? Do you want to change them in the future as well?
Last but not least is the amount of knowledge and support/maintenance the firewall solution would need. DO you want to keep/have an expert just for that? Is it going to be integrated into other management services (AV/Data Gov./Compliance), can you provide compliance access to the reports without compromising internal security? Can you restrict access to browsing or user history but grant access to security alarms and actions?
If you have a security concept it should be easy to find the right FW. If not, start with that.
In the educational sector, the main challenge is to have control over all content that students or educators will be accessing.
We have many vendors that offer this service, a few examples will be Fortigate, Sonicwall, Cisco, and Sophos.
Now it will depend on what aspect of firewall that you want to focus on if you want content filtering I would recommend going for Sophos.
With Sophos, everything has been made simple to manage and not really need to be an expert to maintain this nice piece of technology.
I support about 100 employees with a WatchGuard Firebox. There easy to configure and support is great if you do need help. They make many models to fit you business.
For vendors, I think there are more options in the US but I would like to know how their support and expertise is in case you need assistance in configuring the firewall and pricing.
For devices, I think it depends on what your needs are because there are very basic firewalls and there are ones that have lots of modules. I would also consider the user interface and ease of configuring. Also, consider the cost of license renewal.
As per you description situation, you can consider at least the following aspects.
Financial Aspect: What amount do you expect to spend for this device. If you have online payments, if the availability is one of your constraints so you will need two for failover and load balance;
Support Aspect: Its difficult to evaluate this point as allmost all vendors says that they have a good support methodology and expert teams, so you need to consider all aspect of the SLA, regarding what you company can pay;
Cybersecurity Aspect: So, if you need firewall means you have mail and web services at least. At this point you need to take a look at what vendors say about this ourdays problems, our they face it, where is the vendors on Gartner Quadrant. Most of the expensive one are not good enough but visionars and chanllenger can be considered. Of course you kind of service and kind of data your dealing with is one of aspects you must consider too.
You can design a table/check list with all aspects you need to consider, like throughtput you need, No. of VPN/Branch office and some other features you need to safe you environment and put values on it and some assumptions that you need to consider and at last you decide and i believe you will do the best.
There are more than half a dozen of reliable vendor options are available for small organization.
Evaluation criteria need to align with the identified requirement; such as if the requirement is for.
* Secure the network from outside attacks?
* Control outgoing traffic?
* Remote network access?
* Integration with End devices?
* Network visibility?
* Added features such as; spam filtering, Data leakage prevention etc?
Once the requirement is identified, as with any other networking procurement evaluation, following criteria can be looked at for evaluation.
* How long the vendor has been in the industry
* Reviews by 3rd party evaluators such as Gartner
* Customer references related to the same industry
* Capacity criteria such as; number of interfaces, total throughput, session capacity
* Cost aspects such as; TCO for 3~5 years, warranty and replacement service levels, technical support levels
I second those observations.
First, research the quality of the device, reputation and reviews. Generally speaking they don't fail often except for power surges. Second, licence terms and service options. Third, is local service support available? Review the service dept history, quality of employees and turnover. Generally, local support is better, you can go to their office and get in their face. Hmmm, Education eh? student hackers are always a possibility. Prepare questions to the vendor about security features, reverse hacking and spying. Nothing more satisfying than catching the gremlins red handed.
What is your current firewall infrastructure?
Basic is the budget... Apart from the amount of money, some of the following are mandatory to think about:
1. How many concurrent users internal (on-premise)
2. How many concurrent users through VPN?
3. How many Firewall devices?
4. IPS, URL filtering, antimalware, AV
5. UX/UI, easy-going management
6. Type of warranty & support
7. Advanced security licenses
8. Google SafeSearch and YouTube for Schools (MX Meraki option)
9. Integration with AD
10. Cloud management