2019-10-07T19:54:00Z

If you could go back, would you change your decision to buy that firewall and why?

RZ
  • 31
  • 102
PeerSpot user
40

40 Answers

GV
Real User
Top 20
2019-10-08T03:13:11Z
Oct 8, 2019

This answer depends on the provider one has. These days people in enterprise are moving away from big names to Fortinet, WatchGuard.
I would recommend them to stick to secure architecture than just names. Check the frequency at which their threat database is updated. Ask them about their threat Intelligence provider. Is it in-house vs third-party? Check if they have an integrated suite rather than just a one-off product. See how long have they been in the market and where are they positioned in Gartner Report. Now coming to the original question, do I want to change my Vendor for my security services. My answer is no.

Search for a product comparison in Firewalls
WS
User
2019-10-08T13:49:20Z
Oct 8, 2019

If I could go back and buy a different firewall, I would do so immediately.

The main reason is that when layer 7 capabilities are implemented, everything changes in terms of:

* Performance
* Functionalities
* Routing
* Reliability

I would buy a much stronger firewall i.t.o. CPU power, more ethernet ports.
Salespersons always try to sell you what they think will be best, but the technical person should have the final say in the decision-making process.
.

RB
User
2019-11-08T00:35:23Z
Nov 8, 2019

I read below the following: QUOTE Sophos XG Firewall a couple of years ago came up with the deployment wizard option. This has made a really easy deployment. UNQUOTE

I read this and it comes to my mind that because of this the product is really effective? What is the balance of real efficiency against how nice the interface is?

Where I work now I was asked to quote FortiGate but because it was more expensive than Sophos and they had friendships with that provider, they purchased Sophos. Then if they enabled the antivirus the CPU was running at 90%, slow traffic and it blocks things it should not.

So, I am confused and cannot discern anymore any logic/s, if that ever exists. But I am quite sure that the book I wish to write: Inefficiency by incapacity, maybe more a library as a single book may not be enough?

ST
Real User
2019-11-06T08:44:04Z
Nov 6, 2019

I'm not sure if this is the correct question. If the question is: Would you consider another firewall every year? then the answer is yes. The technology landscape is changing so often today that we can no longer invest and hope for it to last 3-5 years. Sometimes a small new feature could make the difference and make you choose another product. So keep checking what is out there every year and you will know when it's time for a change.

SA
MSP
Top 10
2019-10-08T18:18:00Z
Oct 8, 2019

I would change my firewalls with NSX edge gateways, which have all the basic functionality of firewall and For NG inspection and defense I will implement FTD or PaloAlto VM.

it_user1140060 - PeerSpot reviewer
Real User
Top 20
2019-10-08T16:43:52Z
Oct 8, 2019

No, it was a good decision to buy this firewall. It is perfect for my usage (small company, 8 users) and easy to manage with OPNSense.

Find out what your peers are saying about Netgate, Fortinet, OPNsense and others in Firewalls. Updated: February 2024.
763,955 professionals have used our research since 2012.
it_user983334 - PeerSpot reviewer
Vendor
2019-10-08T16:00:44Z
Oct 8, 2019

No, I will keep my FortiGates thank you very much and here’s why:

* Traffic visibility is now 20/20 or better.
* Troubleshooting time has been reduced drastically.
* On-the-fly packet captures isolates or eliminates areas of focus.
* Rulesets are intelligently implemented because there is a holistic view of the entire policy and active feedback on non-compliant, duplicate, or shadow rules in real-time.
* Integration into roadmap items such as SD-WAN, WiFi, port security, etc.

it_user1143093 - PeerSpot reviewer
Real User
2019-10-08T12:11:44Z
Oct 8, 2019

If it is about saving money answer is no. Saving money is not aways the case. Some products has easy way of maintaining than other.

RS
Real User
2019-10-08T10:55:25Z
Oct 8, 2019

With the Cisco Meraki and FortiGate solutions, we have no regrets. It does what it's designed to do and just keeps on getting better on the deployment side. From security to performance, these solutions just work. Fair understanding is required to set up properly but once configured it's almost set and forget. Reporting is also a plus on these 2. No fancy configuration of an on-premise analyzer solution required.

FM
User
2020-03-10T00:23:54Z
Mar 10, 2020

Not at all, or maybe would go for stronger firewall for several clients as it can be quickly overwhelmed by traffic.

SW
User
2020-02-20T23:03:33Z
Feb 20, 2020

Not yet have answer for that question, so far still can afford my needs. Find more inform info@jedi.id

GM
Real User
2020-02-07T20:16:02Z
Feb 7, 2020

I wouldn't change my choice. It is a solid product.

NS
Real User
2019-10-12T11:49:07Z
Oct 12, 2019

If I could go back, then I would buy a Fortinet FortiGate firewall. Fortinet has a complete end to end security portfolio and the Firewall is better then all others which include powerful hardware with Multiprocessor and the operating system FortiOS robust.

RB
User
2019-10-12T05:00:45Z
Oct 12, 2019

I am a Cisco awarded trainer and used to have a Cisco ASA 5506. I got rid of it straight away. I will not touch it ever again. Yes, it may sound, but you are a Cisco trainer, ok? Yes, and I do like and respect Cisco when it comes to routers and switches but I purchased a Fortinet product and will not change it for anything else in the world.

I have not found in my usage (yes, I have one deployed at home and deployed others, 18 of them, in medical centers) nothing else comes close. Their ASIC chips can handle speed and many other features. Are they 100% perfect? No, but, again, they are the best. They have Forticlient, but when it comes to endpoint security, Symantec Endpoint eats them for breakfast. I do not like the Forticlient at all. Not because I do not like, they do not perform as Symantec Endpoint does, simple as that. In addition to email spam, I did get 3 spams in my mail server regardless of anything else. Why? Well, that story costs $150K US dollars. And when someone knows how things work, even I take the Netflix content, and I will stop here. Simple as that. Summary, Fortigate is a 99 out of 100 product. I will not change the decision to buy another one since I have not used, test and demonstrate to me there is something better.

EL
Real User
2019-10-09T10:44:48Z
Oct 9, 2019

No, we're happy.

SM
Real User
2019-10-09T07:06:46Z
Oct 9, 2019

No, I wouldn't change my decision because it was proved that it was the correct selection.

IC
Reseller
2019-10-08T14:20:04Z
Oct 8, 2019

No, I wouldn't change my mind but would add "XG from Sophos".

Sophos XG Firewall a couple of years ago came up with the deployment wizard option. This has made a really easy deployment. Comprehensive security with outstanding user experience. Sophos has simplified the approach for the SMB, middle-market and pragmatic enterprises who value a complete security set (and easy to use)
• On-Box Logging & Reporting Our built-in reporting the admins know exactly what's happening and are able to fix problems fast, and shape policies to keep users secure
• Endpoint/Network Security Heartbeat proven endpoint agent and firewall technology to create a security link connecting multiple points of security via the network.
• Connect remote offices easily with Sophos RED (Remote Ethernet Device) provides secure remote access to a branch with no need to centrally manage multiple UTMs Sophos offers a web-based interface integrated into all the devices. Admins can access a single device from anywhere in the world (depending on configuration) using a recent browser. There is no specific need to use a CLI, scripts, special tools, or a Windows application for management. Web management is integrated in all the physical and virtual devices and does not require a separate management device. Users also have access to a self-service portal for certain functions including application access, remote browser session (HTML5 VPN), Wireless access and more.

So, I would add Sophos too.

JR
User
2019-10-08T13:24:10Z
Oct 8, 2019

I would not manage our network without a firewall. There are to many threats from around the world, the firewall is the most important line of defense. Also, we use our firewall to do NAT.

HL
Real User
2019-10-08T13:19:56Z
Oct 8, 2019

I would have to agree with the reviewers that suggest which essential firewall features to examine the various firewall vendors.
It ultimately comes down to the prior experience with the vendor and if you trust their firewall product since it is either of great help or a problem that never goes away until you replace the unit years after the purchase, configuration, and implementation.

RH
User
2019-10-08T12:36:48Z
Oct 8, 2019

We are happy with the Fortinet firewall, it is a thousand times better than our previous firewall.

2019-10-08T12:05:53Z
Oct 8, 2019

I wouldn't make the decision of purchasing a solution and then need to go back and change my decision but in case I find that my calculations do not meet the requirements then I would go to make a change or increase the throughput of the same firewall so that it will meet my requirements.

MH
Real User
2019-10-08T11:31:04Z
Oct 8, 2019

I am working with WatchGuard and Sonicwall firewalls but after to work with WatchGuard I think it is easier than Sonicwall but sometimes still lacking little thinks like as for you see what is the wired speed while you are in troubleshooting, you need to go to the web interface because within the WSM (centralized manangement software) you don´t have how to see it. For example, some things about the cluster you need to use the WSM software to make it easy and another thinks it´s better to use the web interface. Some things make me think about making a change but in the end, I prefer WatchGuard than Sonicwall.

KT
Real User
2019-10-08T10:23:51Z
Oct 8, 2019

I wouldn't change my decision to buy Fortinet. Fortinet gives us full control of network traffic and gives us the possibility to deploy more IPS without charge firewalls CPU.

The only thing that I want to buy with Fortinet next time is FortiAnalyzer to get a unique endpoint for management.

SM
User
2019-10-08T09:34:54Z
Oct 8, 2019

In my opinion, It will depend on the security solution purchased. For some solutions instead of buying a physical firewall for network security, you can go for a service provider who is offering a managed cloud firewall. That will reduce the total cost of ownership as well as device handling and installation costs.

PC
Real User
2019-10-08T08:34:47Z
Oct 8, 2019

I would have never changed my decision on buying a firewall the reason being that a firewall is an important pillar in defending networks from cyber threats that are ever-increasing each day and also give you an insight on what will be happening within one's network.
Besides the firewall protecting information from external threats, it also helps with internal company policies eg what users can and cannot access when they are connected to the organization internet.

CM
Reseller
2019-10-08T06:53:35Z
Oct 8, 2019

I think the decision to buy the firewall at that time was probably the best with the information that I/we had then. Security threats are theoretically not predictable. Manufacturers try to cover as many possible angles from new threat vectors. With that in mind, it is advisable to have a scalable solution that can be complemented over time then eventually replaced with up to date infrastructure. Replacing security infrastructure can be quite costly, it would be advisable to have a model that can also factor in this shift while keeping the customer secure.

MJ
Reseller
2021-09-01T05:33:53Z
Sep 1, 2021

In consideration of usage requirements and company budget, I will not consider changing my original ideas.

JG
Real User
2021-08-31T17:44:39Z
Aug 31, 2021

I believe the main issue is a bad project. 


You have to understand your infrastructure and have in mind that sometimes, just one firewall isn't enough: north-south security, east-west security. Wich feature you will enable on what rule. 


Gartner is a good way to choose your solution. 

CB
Real User
2021-08-31T12:22:52Z
Aug 31, 2021

I think I'd try more than changing a brand/model of a firewall to one superior model. 


Currently, with web filter, AV, layer 7,..., sometimes my firewalls go a bit slow. 


You have to understand that the price of bandwidth is decreasing and we (in almost one year) have twice the bandwidth that the last year and more services on the internet, with a lot of services in the cloud. 


At last, you need more compute effort in firewalls, more flow connections and, nowadays, you don't have a layer-3 firewall that only checks ports, source and target IPs addresses. Now it has the URL reputation to check, IDS, VA, etc.

GY
Real User
2021-08-31T08:03:57Z
Aug 31, 2021

Greetings,


We must not "fall in love" with our choices for information security systems.


The field of information security is changing and there are constantly new threats and different responses.


Today it's possible to install some of the protections in the cloud and some locally on-site.


Proper conduct requires regular examination of threats and adaptation of systems to recommended threats:

1. Examine the threats regularly.


2. Check the fit of the installed systems.


3. Adapt them to the new threats.




Regards,


G.Y.

Luis Apodaca - PeerSpot reviewer
User
Top 5
2021-08-30T21:58:30Z
Aug 30, 2021

The first time with "Unifi USG"... but let me be clear: it's not because it was a bad choice (not if you set it up it in the rigth place). 


I made a wrong choice from the very beginning. The need was bigger than the USG capabilities. I've been forced to change it for an Edge Infinity Router (same brand) and it's great!

In other places, with several clients, I still use the USG and it's also great!!!

Real User
2020-03-10T08:07:29Z
Mar 10, 2020

lernen

it_user1301319 - PeerSpot reviewer
User
2020-03-09T18:15:51Z
Mar 9, 2020

The answer is NOT.

Actually I feel fine with my Firewall, related to cost, performance, and benefits, also Web Interface is very easy and intuitive, that's a great choice.

JR
User
2020-02-21T15:25:49Z
Feb 21, 2020

Yes, I bought two Juniper SRX4100's and the GUI are completed useless. I would go back to Cisco ASDM in a heartbeat. Also, the Cisco TAC is exponentially better then Juniper's JTAC.

PB
Real User
2019-11-01T14:06:18Z
Nov 1, 2019

No.

MM
Real User
2019-10-11T03:17:58Z
Oct 11, 2019

No, because it fulfills our requirements. What I might change is the reseller or the interaction with the principal directly, in order to get the most out of the purchased products. Sometimes, the competency and commitment of the reseller are more crucial than the product itself.

it_user1146165 - PeerSpot reviewer
Real User
2019-10-09T15:30:46Z
Oct 9, 2019

Eso depende de la experiencia de servicio de soporte e implementación que tienes con tu proveedor actual. La plataforma puede ser muy buena, pero si se maneja mal, vas a experimentar la misma mala experiencia que equivaldría un mal producto. Es como ir en una super autopista conduciendo un ferrari revolucionado en el primer o segundo cambio.

AJ
Real User
2019-10-08T06:58:37Z
Oct 8, 2019

It was the best spending money. I never regret it.

Porleng Phatt - PeerSpot reviewer
Reseller
Top 5
2019-10-08T06:14:20Z
Oct 8, 2019

A firewall is a network security device to monitor and control both incoming and outgoing traffic in the network. The reason why to buy a firewall is to secure your data, your client from the attackers and malware to still your sensitive information and data breach and it helps your organization with better security.

NM
User
2019-10-08T03:05:35Z
Oct 8, 2019

The ASA5516-X is a good firewall. I really like the dashboard IP connections report, it shows which IPs are trying to hack and their geo location. It lets me blacklist them with a right-click.

Firewalls
A firewall is a device used for network security. It monitors network traffic (both incoming and outgoing) and then, based on a set of security rules, either permits or blocks data packets.
Download Firewalls ReportRead more

Related Q&As

Firewalls experts

Adrian Cambronero - PeerSpot reviewer
Prateek Agarwal - PeerSpot reviewer
Diana Alvarado - PeerSpot reviewer
Jonathan Ramos G. - PeerSpot reviewer
Nagendra Nekkala - PeerSpot reviewer
Sachin Vinay - PeerSpot reviewer
Hugo Alexis Espinoza Naranjo - PeerSpot reviewer
Edwin Solano Salmeron - PeerSpot reviewer