Nurit Sherman - PeerSpot reviewer
Content Operations Manager at PeerSpot (formerly IT Central Station)
  • 18
  • 304

How do you plan for a security review for firewalls?

Hi community, 

Is it required in your company to conduct a security review before purchasing a firewall? Also, do you need to perform reviews after (how often)?

What are the common materials you use in the review? Do you have any tips or advice? 

Any pitfalls to watch out for?

PeerSpot user
23 Answers
Roman  Vercetti - PeerSpot reviewer
Aug 10, 2021

Without disclosing much, I can say that almost all Firewalls have a moderate chance of being compromised by suffering supply-chain attack as a very probable vector.

An in-series combination of commercial and open-source firewalls(with IPS and managed threat data) managed by an internal team of IT professionals covers 97% of the risk.

The latter 2% are covered by an FPGA-based whitelist firewall developed in-house that filters traffic by an automated 5 Tuple classification engine negating the risk of port-knocking and other low-level system backdoors.

All in all, there is not a single solution that covers both IPS and firewalling at 99% risk mitigation, you can certainly get to 90% with one solution and call it a day.

However, paranoia doesn't work retroactively, if you wait for the first hit it might as well be the last one.

Therefore a combination of open-source and commercial will surely be a major challenge to the adversaries to the extent where they will reach for the lower hanging fruit.

The most important thing to understand when building a secure network is that absolutely nothing will cover 100% of the exposure and a coordinated attack by a directly interested adversary(APT) will almost never get stopped, at this point the name of the game is disaster recovery protocols, automated reliable offsite network-wide backups and data encryption.

The main rules are:
1. Verify
2. Encrypt
3. Backup
4. Plan for the worst

Regards, a fellow techie.

Search for a product comparison in Firewalls
Norman Freitag - PeerSpot reviewer
Account-Manager at Consist ITU Environmental Software GmbH
Real User
Top 5
Aug 10, 2021

Hi everybody,

What should I add? Thanks to all for your good support.

To sum it up:

Talk to your trusted advisor and together take or create your checklist out of all these stuff and then go ahead with the business case or whatever is needed to get the budget. 

If later this "security thing" gets bigger, you can permanently monitor firewall rules and other rules apllied through a SIEM/SOC like Splunk/Q-Radar to name the two on top.

Stay Healthy :)

Best Regards


Director Solutions Engineering at a tech services company with 51-200 employees
Top 10
Aug 10, 2021

Anyone in the market for any security product needs to find an MSP to have the service monitored and maintained. 

The complexity and the current state of the world it is becoming more important every day to ensure you are monitoring the current state of your network and security posture. 

Most organizations typically deploy and forget and believe because the firewall is in place they are secure. This is the furthest thing from the truth. 

Constant monitoring and adjustment of the firewall and ALL internal security measures are imperative. Most vulnerabilities and breaches occur internally in the network and not externally. Although complete security is never achievable, designing and deploying a multi-layered security posture with continuous monitoring is the best way to ensure a secure environment.

Chris Loehr - PeerSpot reviewer
President at a tech services company with 51-200 employees
Real User
Jul 24, 2018

If you are a small shop, you need to trust your MSP, VAR or another reseller when purchasing a firewall. Don't just go online and buy direct. Resellers have trained people. Most mainstream vendors even have devices that can be deployed ahead of time to get a good idea of your firewall needs. In today's firewall world, it comes down to the software package that you license on your firewall. If you get a firewall without the security software, you are not getting an effective firewall.

If you a midmarket or large company, there are tools such as ThreatCare that can help you test the effectiveness of the firewalls your are putting through proof-of-concept testing. They will test how well the capabilities are working, especially the ones that are in place to ensure confidential information does not go out of your network without authorization.

Gajanan Narwade - PeerSpot reviewer
Team Lead.Tech.Support (Network & Security) at a tech services company with 1-10 employees
Real User
Jul 23, 2018


If you are going to buy hardware firewall there are a number of things to be concerned:

1. What Type of Business Do You Run?
Hardware firewalls may be overkill for some businesses. If your business is a one-man web-based operation that does not store any personal customer data then a software firewall will likely be sufficient. But if your business is a financial firm or you deal with customer accounts then a strong firewall is absolutely necessary.

2. What is the Size of Your Business and Your Bandwidth Needs?
The size of the firewall you will need somewhat depends on the number of users on your network and how much bandwidth is used. In general, the more users on a network, the larger the firewall has to be. It is best to anticipate growth as most firewalls cannot be upgraded.

3. What Type of Firewall Do You Need?
Each type of firewall has its advantages and disadvantages. Research carefully and ask advice of a specialist before making your final decision. Here (link to previous blog)are the main types of firewalls explained.

4. What About Anti-Virus Software?
Even with a firewall you will still need to have a reliable anti-virus software installed on each machine as viruses, worms, Trojan Horses etc. can infect your machine and network from sources such as e-mail links, DVD’s, USB’s and SD cards.

5. Do You Need Data Logging?
Data Logging referrers to the recording of traffic in and out of your site. And depending on the type of site you operate and where you live you may be required by law or company policy to keep your logging records for a certain amount of time. Records can be kept on a disk if your traffic is low to moderate or on a separate device for sites with higher traffic.

6. Do You Need Identity Management (IdM)?
IdM is the task of recognising and authenticating the identity and data of users on a network. Standard firewalls typically can only enforce policies and record traffic against IP addresses where as more advanced firewall (UTMs and NGFWs) are able to integrate with directory services so that the policies can be enforced and traffic recorded for users and user groups.

7. Do You Need Virtual Private Networking (VPN)?
VPN allows users to log into a secure network remotely, this could be site to site Internet Protocol Security (IPSec), so that you can securely connect to remote company locations or third parties. You may need Secure Socket Layer (SSL) VPN’s to allow home workers and roaming workers to connect to your resources securely. The amount of remote workers you have will affect the type of firewall you require and how much it will cost.

8. Do you Need Device Awareness?
Device Awareness facilitate Bring Your Own Device schemes. Some firewalls can control network access for different types of devices that your employees may bring onto your premises enabling you to identify, monitor and report on the types of devices being used in your network and enforce policies based on the device type – this may be a consideration for you when choosing a firewall solution.

9. Do You Need High Availability?
This is typically where you have two firewalls working in a cluster where one is the primary device and the other is the secondary device. All configuration is automatically updated onto both firewalls, so should the primary firewall fail, then the secondary firewall will take over in seconds keeping your business running rather than waiting for hours or even days for you to get a replacement firewall and configure it.

10. Is Ease of Management Important?
Some firewalls are more user friendly than others, it is important to know how well the Graphical User Interface (GUI) is designed and how easy is it to manage and operate the firewall.

Most of all, it is important to remember that your security worries to do not end with the installation of your firewall. Firewalls must be regularly tested and maintained to ensure they run at peak performance. And even the strongest firewalls can be breeched through human error, i.e. weak or re-used passwords, leaving ports open, etc.

Supervisor, Information Technology Consultant at a financial services firm with 5,001-10,000 employees
Jul 24, 2018

Companies generally don’t require a security review before purchasing a firewall but it differs from company to company. There needs to be a business justification for the purchase of a firewall but a full on review is not a requirement in most cases.

The review of a firewall in most cases is performed manually by a human. There are best practice guidelines that you can follow depending on the firewall vendor to further supplement the review. Depending on the scope, you might be asked to complete a full review which would include reviewing the ACL, NAT, IDS/IPS, URL filtering and bandwidth reports.

I can’t think of any pitfalls since the majority of the work is done in read-only mode so the chances of making a configuration mistake are rare.

Find out what your peers are saying about Fortinet, Cisco, Netgate and others in Firewalls. Updated: November 2022.
653,522 professionals have used our research since 2012.
Jul 23, 2018

Well in terms of a review for a firewall or actually any security product your security functionality must come first and the best place to start is using your organization's security policies to see if the firewall will fulfill those policies. Also you need to see how well it will help you to stay in compliance if your company is under one or more regulations such as HIPAA/SOX/GDPR, in other words will it help you to fill a requirement under such regulation?

Then it comes the support there is nothing more frustrating than once you have the product in your network you realize that technical support is a disaster, research in forums or ask the vendor for cases of success and if you can speak with some of them regarding the product. Also is important to have a escalation procedure established with the vendor during an incident you want to have a clear communication channel with the vendor technical support to help you during an incident

As mentioned in other replies you must test, you can arrange such test with the vendor and most vendor will happy to help you with that with a demo unit or something similar, now for the test is advised that you create a series of test cases that allows you to really get the felling on how it operates and its limitations. To generate the test cases again use your security requirements based on your security policy.

Tip: Also integrate into your requirements anything that is not in the current policy but has been detected as something that needs to be mitigated or acquire due a change in processes within the organization or a recent incident.

Security Analyst with 51-200 employees
Jul 23, 2018

Others that posted here are putting you on the right track. Here is my 2 cents added to the pile.

1. Ensure your new firewall can Scan https traffic in an adequate way.
2. When reviewing forum reviews or problem posts keep this in mind (a lot of people rule out point 3 below and are bitter): The firewall gives the customer the tools to secure their network, it is the customers understanding and know how that secures and makes exceptions for your system to function.
3. If doing the legwork others specified or networking is not your cup of tea, hire a consultant to review your needs, present solutions, and implement them. You will be a much happier person.

Syed Khalid Ali - PeerSpot reviewer
Senior Solution Architect at a tech services company with 51-200 employees
Real User
Jul 23, 2018

1- Check if the current vendor product is not End of Full Support and Services. You should be able to get updates and/or upgrades for firmware/OS/UTM subscription.
2- Review you sizing requirement. If the current specifications still apply? For example: concurrent sessions.
3- Review your organization security policy. This should be done on periodic basis. And on very basic, try to comply with Standard Requirement for your business domain. For example, for a financial institution, PCI DSS audit compliance.
4- For a comparison, you can also review latest NSS reports. These are readily available on Internet.

Michael Majeski, Mba,Pmp,Csm - PeerSpot reviewer
Senior Project Manager - IT Security, Governance & Internal Controls at a energy/utilities company with 5,001-10,000 employees
Real User
Jul 23, 2018

Is it required in your company to conduct a security review before
purchasing a firewall?
Firewalls review are usually done annually and equipment is purchased to
protect each network data point

What are the common materials you use in the review?
To verify the open ports, services, and applications of what is allowed and
disallowed. Most companies are moving towards software like TUFIN to help
continually perform these rule deployments and changes globally.

Do you have any tips or advice for the community?
Adapt to a common service platform to connect to service desk,
deployments and regular review to reduce errors and service time to deploy
FW changes.

Any pitfalls to watch out for?
Not being able to survey automatically current FW rules and settings could
leave the company vulnerable to intrusion or failed services for internal

it_user904572 - PeerSpot reviewer
Owner with 1-10 employees
Jul 23, 2018

Yes, I recommend doing a security review regularly. Not necessarily before a firewall purchase unless you have not done one lately. Having the results of the review will help you understand what capabilities you need in a firewall. As an example, if you get a ton of login attempts from outside your country of origin but have no customers or partners outside the country you will want to have "country blocking" capabilities. There are a number of tools that can be used for evaluations. We currently use RMM and Security tools from SolarWinds.

We have other tools as well. To perform a security review you have to have tools do the work. It simply is not possible for an individual to perform a thorough check without significant automation. We offer this as a service as well.

Pro's: SolarWinds has a free version of some of the useful tools such as SIEM Security Information and Event Management (SIEM) Tool. You can rent some tools by going though a partner (such as us BayStateTechnology.com)

Con's: Tools to purchase are a bit expensive. Performance checks that RMM uses is not accurate on large busy machines. Support leaves much to be desired.

Luis Apodaca - PeerSpot reviewer
IT Support and Network Admin at Escuela Carlos Pereyra
Top 5
Aug 8, 2018

Ok there are a few big questions

1) QoS management
2) How its managed the different lists, black and white
3) How is the ISP control, with only one and more than one
4) How is it work with apps control?
5) How much info you can get for reporting
6) How far you can go with IP or host names for block or allow content
7) If you can use Vlans for management
8) If you can have a DB for elements (Vlan, IP etc.)

I think that’s just for made an accurate interview with your favorite IT dealer, and homework for you guys.

Account Manager at Check Point Software
Jul 25, 2018

The best recommendation whether you are preparing to purchase new equipment or simply want to understand where you may have potential vulnerabilities within your network, is to conduct a Security Check Up by a Check Point Representative. It’s a free service and only takes up to two weeks for best results. We can provide the highest level of security throughout the process and no data is retained. Our process and the resulting reporting is “user friendly” and easy to understand. Once you have the final report of your security checkup, you will find our recommendations based upon the results. You don’t have to own any Check Point product to request a security check-up. Since Check Point product is noted by Gartner, NSS Labs, Mericom and many other 3rd party professional evaluations as the highest performing threat prevention product on the market today, you can be assured that we will provide the most accurate assessment above all others. Check Point is 100% pure cybersecurity-focused and has been in the industry longer than any other vendor. Our product is recorded to be faster at detection; more thorough with the largest signature database of any security vendor and we also provide preventive measures for future attacks. We have the greatest level of financial investment in our R&D which is why our product consistently outperforms any other vendor in any capacity. We don’t just detect malware, we actually proactively prevent malware from gaining access to your network. Financially, our product will be a better fit as we decrease the need for remediation as well as lower cost of management.

it_user733791 - PeerSpot reviewer
Account Executive / Business Development with 51-200 employees
Jul 24, 2018

If you are not currently using Fortinet, ask your Fortinet partner for a CTAP - "Cyber Threat Assessment" It takes a couple of weeks and gives a useful (if somewhat marketing-focussed) report that identifies what is going on with your network now, and helps identify answers for the questions raised by the other posters. It shouldn't anything (other than your time) to get this done, and the process is designed to be non-disruptive.

Accountant with 11-50 employees
Jul 24, 2018

How do you plan for a security review for firewalls?

Few steps to follow for Firewall Security Review

A firewall security review examines vulnerabilities associated with a specific vendor's solution, the susceptibility of the firewall to focused connection and information-driven attacks and exploits, and miss-configurations that allow an attacker to overcome specific firewall protections.

* Request Datasheet from top 3-5 FW Vendors

* Request Quote from top 3-5 FW Vendors

* Request Demo from top 3-5 FW Vendors

Is it required in your company to conduct a security review before purchasing a firewall?
No, I work for a distributor, therefore, I sell Firewall to clients, however, Firewall security reviews help the organization to verify that their firewalls adequately protect critical business information and data as required. Firewall reviews are a key requirement within a number of industry related standards and regulations, such as PCI and HIPAA.

What are the common materials you use in the review?
Security experts will work with you and your team to review your firewall and provide recommendations. The review process can be performed remotely through secure communications or onsite.

Do you have any tips or advice for the community?
With constant changes to your network and the necessity for reliable communications via the Internet, your firewall is a critical component to maintaining security. Firewall Review provides an expert analysis of your unique situation and reports any open concerns, threats and/or vulnerabilities in your current configurations.

Any pitfalls to watch out for?
Testing firewall and IDS rules is a regular part of penetration testing or security auditing. However, because of the unique complexity involved in different environments, automated scanners are not able to provide much use in this area. Several free and open source tools exist to help craft packets to test firewalls and IDS rules, which can aid in general assessment. A general working knowledge of TCP/IP is required to make use of such tools, as well as recommended access to a Linux or OS X laptop for portable testing. After obtaining a general assessment of a firewall and its rules, corrections to rules can be updated as appropriate

Noorulhaq Musadiq - PeerSpot reviewer
IT Manager at a tech services company with 11-50 employees
Real User
Jul 24, 2018

yes when we buy security tools we should consider for everything and organization need and challenge my favorite security solutions is pfsense because we can use many packages like snort, Zabbix agent, traffic monitoring like ntop and much more

it_user805710 - PeerSpot reviewer
Technical Support Manager with 201-500 employees
Jul 24, 2018

a number of considerations for security review if it has to do with
purchasing new firewalls namely:

1.Throughout (how much traffic can the firewall process per second at peak
capacity versus how much traffic you intend to push to the firewall)
2. GUI (management interface from GUI perspective provides for easier
firewall management and to some extent prevents misconfigurations. Look out
for good, user-friendly management software)
3. IPS/IDS functionality (verify IPS/IDS capability of the firewall and
determine if the facility is offered as part of the firewall chassis in
software or as a separate module you can plug on the main firewall chassis
or as an entirely separate box. This should help you to decide whether to
place IPS/IDS in-line. Also be sure of sensor and signature update
parameters with regards to IPS/IDS functionality for UTM purposes )
4. Licenses and keys (be sure to find out what additional licenses and keys
would be required for activating additional features such as remote access
VPNs including SSL VPNs etc
5. Support for VPN types including IPSec site to site etc
6. Logging functionality ( Syslog etc) and remote management and monitoring
functionality using SNMP v3 etc

Jul 24, 2018

I would say yes because according to me whenever you are going to purchase any of security device you should conduct a security review so that you can get to know that according to your organizational need which one is best because you will never compromise when it comes to organization security and you should do reviews on regular basis as lot of things/ frequently changes in particular product. The common materials you can use in the review is contact partner/reseller and include them in your review or you can simply visit all OEM's official sites and compare products including Gartner or NSS labs or any of comparison standards.
Tips or advice for the community is include partner/reseller to get review done and end up getting the best product for your organization, because partner/reseller always do reviews on different products regularly and can advice you which one is best according to your requirements.

Co-Owner at Xtreme works inc
Top 5Leaderboard
Jul 24, 2018

Yes, a security review is a must when acquiring a firewall solution.  In particular, one should determine what are the requirements for access for the different user's groups.  This, in turn, will lead to the formulation of the different policies for the access requirements.  All of these will serve as inputs for determining what kind of features would one need for a firewall.  One critical aspect is sizing properly the firewall.  This includes all the policies that one would have to implement as well as the available/required bandwidth for internet access.

Chief of Technical Department at IIA Ltda
Real User
Jul 24, 2018

The security issues of a company, however small or large, must always be analyzed. Safeguard data and information is to think about the welfare of the company.
Faced with this, the important thing to take into account is to consider at least one expert advice on the subject, consider what is indicated not by an msp but by several suppliers, who may even be a first consultant for selling their product, without identifying at least If it is better or worse, how important it is that you deliver and watch over your needs and always look to the future.
There are many solutions today, very similar, so sometimes the difference in what some deliver for the same value is what makes the difference, beyond a specific product.

Jul 23, 2018

I work for a fairly small company and we don't exactly have written policy yet on this (I know we should). However, we did recently switch to a different security appliance and the main concerns were on what is required by the company, and also considering company growth will the device be sufficient for the next few years.

it_user794904 - PeerSpot reviewer
User at a manufacturing company with 1,001-5,000 employees
Jul 23, 2018

I agree with Matthew. First understand requirements and how it fits with your current organisation ( network as well as skill set). FGFW are nowdays way to go. I use fortinet good balance between cost and UTM options.

Matthew Titcombe - PeerSpot reviewer
CEO & Sr. Information Security Consultant at a tech services company with 1-10 employees
Jul 23, 2018

The only question for a review would be based on your requirements. For example, does the firewall meet Common Criteria standards or other security controls.

Generally, we suggest pursuing a NGFW and our initial recommendation is Fortinet. Good news is the NSS results put Fortinet as the #1.

Related Questions
Yunus Yavuz - PeerSpot reviewer
Product Manager at Neteks
Nov 10, 2022
Hi peers,  I am a Product Manager at a small computer networking company. At the moment, I am researching Check Point's products. Is Check Point's software compatible with other products (including firewall products, servers, and more)? If so, which products? Are there products that are not compatible with Check Point's software? In addition, can you provide any specific documentation that ...
See 1 answer
Larry Chisholm - PeerSpot reviewer
Network Engineer at Solvonex
Nov 10, 2022
Checkpoint is an INCREDIBLY secure, but inherently frustrating platform to manage.    The gui/cli must often be used together to effect the changes you're looking for.   Don't get me started on the gaia hardware management interface.    If you must buy it, ensure that you get support.     Personally, I'll take Fortinet, Palo Alto or even Juniper SRX over anything checkpoint.
Divisional Engineer at Aptransco
Aug 18, 2022
Hi members, What kinds of throughputs should we consider while designing/estimating the required firewall throughput in our organization? Thank you.
2 out of 5 answers
Aug 16, 2022
Different vendors have a slower speed for each option you enable on their devices so overestimate the size.  Some vendors will tell you the % of slowdown but consider double the line speed to compensate for the device's slowdown.
Director at REDCO
Aug 16, 2022
Usually, it is the Internet bandwidth, a number of users and (in the case of NGFW) you have to check if you are going to perform SSL filtering and application control, but lately, they are more concerned about the type of link to the Internet.  Almost all manufacturers have a link to check the size of the firewall, but unfortunately, it is for partners only. If it is possible to have more information we can make an approximation with SOPHOS or Fortinet, if you like.
Related Articles
Ariel Lindenfeld - PeerSpot reviewer
Director of Community at PeerSpot
Aug 21, 2022
We’re launching an annual User’s Choice Award to showcase the most popular B2B enterprise technology products and we want your vote! If there’s a technology solution that’s really impressed you, here’s an opportunity to recognize that. It’s easy: go to the PeerSpot voting site, complete the brief voter registration form, review the list of nominees and vote. Get your colleagues to vote, too! ...
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Aug 17, 2022
Hi dear community members, In this edition of PeerSpot's Community Spotlight, you can find out what your peers are discussing and join in the conversation. Ask and answer questions on the topics that interest you most! Read and respond to articles or contribute your own! Trending These are the topics your peers are talking about on PeerSpot this week How do I estimate the requir...
See 1 comment
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Aug 17, 2022
Thank you to all the community members who share their knowledge with other peers! Also, special thanks to the articles' contributors included in this Community Spotlight: @Janet Staver, @Abhirup Sarkar, @Manoj Narayanan, @Beth Safire and @Shibu Babuchandran.
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Jul 5, 2022
Dear PeerSpot community members, This is our latest Community Spotlight for YOU. Here we've summarized and selected the latest posts (professional questions, articles and discussions) contributed by PeerSpot community members.  Check them out! Trending See what your peers are discussing at the moment! What were your main pain points during the SIEM product purchase process? What...
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
May 30, 2022
Hi peers, This is our new bi-weekly Community Spotlight that includes recent contributions (questions, articles and discussions) by the PeerSpot community members.  Articles Check the top products and solutions below (selected based on peer reviews) or contribute your own article! Top Security Orchestration Automation and Response (SOAR) Solutions Top 8 Data Loss Prevention (DL...
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Jul 11, 2022
Hi community members, As usual, this new Community Spotlight shares with you the latest articles, questions and trending discussions from your peers. Trending See what is trending at the moment and chime in to discuss! Top 8 Extended Detection and Response (XDR) Tools 2022 Would you recommend replacing Cisco ASA Firewall with Fortinet FortiGate FG 100F due to cost reasons? What is the...
See 2 comments
Ravi Suvvari - PeerSpot reviewer
Performance and Fault-tolerance Architect with 1,001-5,000 employees
May 30, 2022
Good very informative
Jairo Willian Pereira - PeerSpot reviewer
Information Security Manager at a financial services firm with 5,001-10,000 employees
Jul 11, 2022
Analyze the wave of product at Gartner Hype Cycle. EDR was good in the past. After that, MDR joined the hype and now, XDR is the trend. Wait for more in a couple of months and (sic) know the ZDR!
Related Articles
Ariel Lindenfeld - PeerSpot reviewer
Director of Community at PeerSpot
Aug 21, 2022
PeerSpot User's Choice Award 2022
We’re launching an annual User’s Choice Award to showcase the most popular B2B enterprise technol...
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Aug 17, 2022
Community Spotlight #20
Hi dear community members, In this edition of PeerSpot's Community Spotlight, you can find out w...
Related Categories
Download Free Report
Download our free Firewalls Report and find out what your peers are saying about Fortinet, Cisco, Netgate, and more! Updated: November 2022.
653,522 professionals have used our research since 2012.