2019-10-07T19:54:00Z
RZ
  • 31
  • 454

If you could go back, would you change your decision to buy that firewall and why?

Hi peers, 

If you could go back in time, would you change your decision to buy that firewall and why?


40
PeerSpot user
40 Answers
MJ
Vice President & Product Manager at Tocloud
Reseller
Top 20
2021-09-01T05:33:53Z
Sep 1, 2021

In consideration of usage requirements and company budget, I will not consider changing my original ideas.

Search for a product comparison in Firewalls
JG
Solutions Architect at a tech services company with 51-200 employees
Real User
Top 5
2021-08-31T17:44:39Z
Aug 31, 2021

I believe the main issue is a bad project. 


You have to understand your infrastructure and have in mind that sometimes, just one firewall isn't enough: north-south security, east-west security. Wich feature you will enable on what rule. 


Gartner is a good way to choose your solution. 

CB
Networking Specialist at a healthcare company with 1,001-5,000 employees
Real User
Top 10
2021-08-31T12:22:52Z
Aug 31, 2021

I think I'd try more than changing a brand/model of a firewall to one superior model. 


Currently, with web filter, AV, layer 7,..., sometimes my firewalls go a bit slow. 


You have to understand that the price of bandwidth is decreasing and we (in almost one year) have twice the bandwidth that the last year and more services on the internet, with a lot of services in the cloud. 


At last, you need more compute effort in firewalls, more flow connections and, nowadays, you don't have a layer-3 firewall that only checks ports, source and target IPs addresses. Now it has the URL reputation to check, IDS, VA, etc.

GY
Owner at a security firm with 1-10 employees
Real User
2021-08-31T08:03:57Z
Aug 31, 2021

Greetings,


We must not "fall in love" with our choices for information security systems.


The field of information security is changing and there are constantly new threats and different responses.


Today it's possible to install some of the protections in the cloud and some locally on-site.


Proper conduct requires regular examination of threats and adaptation of systems to recommended threats:

1. Examine the threats regularly.


2. Check the fit of the installed systems.


3. Adapt them to the new threats.




Regards,


G.Y.

Luis Apodaca - PeerSpot reviewer
IT Support and Network Admin at Escuela Carlos Pereyra
User
Top 5
2021-08-30T21:58:30Z
Aug 30, 2021

The first time with "Unifi USG"... but let me be clear: it's not because it was a bad choice (not if you set it up it in the rigth place). 


I made a wrong choice from the very beginning. The need was bigger than the USG capabilities. I've been forced to change it for an Edge Infinity Router (same brand) and it's great!

In other places, with several clients, I still use the USG and it's also great!!!

GV
Architect - Cloud Serviced at a comms service provider with 10,001+ employees
Real User
Top 20
2019-10-08T03:13:11Z
Oct 8, 2019

This answer depends on the provider one has. These days people in enterprise are moving away from big names to Fortinet, WatchGuard.
I would recommend them to stick to secure architecture than just names. Check the frequency at which their threat database is updated. Ask them about their threat Intelligence provider. Is it in-house vs third-party? Check if they have an integrated suite rather than just a one-off product. See how long have they been in the market and where are they positioned in Gartner Report. Now coming to the original question, do I want to change my Vendor for my security services. My answer is no.

Learn what your peers think about Palo Alto Networks NG Firewalls. Get advice and tips from experienced pros sharing their opinions. Updated: March 2023.
690,226 professionals have used our research since 2012.
WS
Product Specialist at a comms service provider with 1-10 employees
User
2019-10-08T13:49:20Z
Oct 8, 2019

If I could go back and buy a different firewall, I would do so immediately.

The main reason is that when layer 7 capabilities are implemented, everything changes in terms of:

* Performance
* Functionalities
* Routing
* Reliability

I would buy a much stronger firewall i.t.o. CPU power, more ethernet ports.
Salespersons always try to sell you what they think will be best, but the technical person should have the final say in the decision-making process.
.

RB
Networking Security Expert at SR Technologies
User
Top 5
2019-11-08T00:35:23Z
Nov 8, 2019

I read below the following: QUOTE Sophos XG Firewall a couple of years ago came up with the deployment wizard option. This has made a really easy deployment. UNQUOTE

I read this and it comes to my mind that because of this the product is really effective? What is the balance of real efficiency against how nice the interface is?

Where I work now I was asked to quote FortiGate but because it was more expensive than Sophos and they had friendships with that provider, they purchased Sophos. Then if they enabled the antivirus the CPU was running at 90%, slow traffic and it blocks things it should not.

So, I am confused and cannot discern anymore any logic/s, if that ever exists. But I am quite sure that the book I wish to write: Inefficiency by incapacity, maybe more a library as a single book may not be enough?

ST
MD at a computer software company with 11-50 employees
Real User
2019-11-06T08:44:04Z
Nov 6, 2019

I'm not sure if this is the correct question. If the question is: Would you consider another firewall every year? then the answer is yes. The technology landscape is changing so often today that we can no longer invest and hope for it to last 3-5 years. Sometimes a small new feature could make the difference and make you choose another product. So keep checking what is out there every year and you will know when it's time for a change.

SA
IT Solution Architect at Dimension Data
MSP
Top 10
2019-10-08T18:18:00Z
Oct 8, 2019

I would change my firewalls with NSX edge gateways, which have all the basic functionality of firewall and For NG inspection and defense I will implement FTD or PaloAlto VM.

it_user1140060 - PeerSpot reviewer
Machine designer at La Poste
Real User
Top 20
2019-10-08T16:43:52Z
Oct 8, 2019

No, it was a good decision to buy this firewall. It is perfect for my usage (small company, 8 users) and easy to manage with OPNSense.

it_user983334 - PeerSpot reviewer
Network Architect at Finastra
Vendor
2019-10-08T16:00:44Z
Oct 8, 2019

No, I will keep my FortiGates thank you very much and here’s why:

* Traffic visibility is now 20/20 or better.
* Troubleshooting time has been reduced drastically.
* On-the-fly packet captures isolates or eliminates areas of focus.
* Rulesets are intelligently implemented because there is a holistic view of the entire policy and active feedback on non-compliant, duplicate, or shadow rules in real-time.
* Integration into roadmap items such as SD-WAN, WiFi, port security, etc.

it_user1143093 - PeerSpot reviewer
IT Network Engineer at Brunnel
Real User
2019-10-08T12:11:44Z
Oct 8, 2019

If it is about saving money answer is no. Saving money is not aways the case. Some products has easy way of maintaining than other.

RS
Technical Operations Manager at Turrito Networks
Real User
2019-10-08T10:55:25Z
Oct 8, 2019

With the Cisco Meraki and FortiGate solutions, we have no regrets. It does what it's designed to do and just keeps on getting better on the deployment side. From security to performance, these solutions just work. Fair understanding is required to set up properly but once configured it's almost set and forget. Reporting is also a plus on these 2. No fancy configuration of an on-premise analyzer solution required.

FM
Systems and Networks Administrator at a tech services company with 51-200 employees
User
2020-03-10T00:23:54Z
Mar 10, 2020

Not at all, or maybe would go for stronger firewall for several clients as it can be quickly overwhelmed by traffic.

SW
Manager at a tech services company with 11-50 employees
User
2020-02-20T23:03:33Z
Feb 20, 2020

Not yet have answer for that question, so far still can afford my needs. Find more inform info@jedi.id

GM
Head Of Technical Operations at Boylesports
Real User
2020-02-07T20:16:02Z
Feb 7, 2020

I wouldn't change my choice. It is a solid product.

NS
Solution Architect at Brillbean Ventures Pvt ltd
Real User
2019-10-12T11:49:07Z
Oct 12, 2019

If I could go back, then I would buy a Fortinet FortiGate firewall. Fortinet has a complete end to end security portfolio and the Firewall is better then all others which include powerful hardware with Multiprocessor and the operating system FortiOS robust.

RB
Networking Security Expert at SR Technologies
User
Top 5
2019-10-12T05:00:45Z
Oct 12, 2019

I am a Cisco awarded trainer and used to have a Cisco ASA 5506. I got rid of it straight away. I will not touch it ever again. Yes, it may sound, but you are a Cisco trainer, ok? Yes, and I do like and respect Cisco when it comes to routers and switches but I purchased a Fortinet product and will not change it for anything else in the world.

I have not found in my usage (yes, I have one deployed at home and deployed others, 18 of them, in medical centers) nothing else comes close. Their ASIC chips can handle speed and many other features. Are they 100% perfect? No, but, again, they are the best. They have Forticlient, but when it comes to endpoint security, Symantec Endpoint eats them for breakfast. I do not like the Forticlient at all. Not because I do not like, they do not perform as Symantec Endpoint does, simple as that. In addition to email spam, I did get 3 spams in my mail server regardless of anything else. Why? Well, that story costs $150K US dollars. And when someone knows how things work, even I take the Netflix content, and I will stop here. Simple as that. Summary, Fortigate is a 99 out of 100 product. I will not change the decision to buy another one since I have not used, test and demonstrate to me there is something better.

EL
Business Owner at Anyshape
Real User
2019-10-09T10:44:48Z
Oct 9, 2019

No, we're happy.

SM
Solutions Architect at a tech services company with 11-50 employees
Real User
Top 5
2019-10-09T07:06:46Z
Oct 9, 2019

No, I wouldn't change my decision because it was proved that it was the correct selection.

IC
CIO LATAM at i-Track Systems Development, S.A. de C.V.
Reseller
2019-10-08T14:20:04Z
Oct 8, 2019

No, I wouldn't change my mind but would add "XG from Sophos".

Sophos XG Firewall a couple of years ago came up with the deployment wizard option. This has made a really easy deployment. Comprehensive security with outstanding user experience. Sophos has simplified the approach for the SMB, middle-market and pragmatic enterprises who value a complete security set (and easy to use)
• On-Box Logging & Reporting Our built-in reporting the admins know exactly what's happening and are able to fix problems fast, and shape policies to keep users secure
• Endpoint/Network Security Heartbeat proven endpoint agent and firewall technology to create a security link connecting multiple points of security via the network.
• Connect remote offices easily with Sophos RED (Remote Ethernet Device) provides secure remote access to a branch with no need to centrally manage multiple UTMs Sophos offers a web-based interface integrated into all the devices. Admins can access a single device from anywhere in the world (depending on configuration) using a recent browser. There is no specific need to use a CLI, scripts, special tools, or a Windows application for management. Web management is integrated in all the physical and virtual devices and does not require a separate management device. Users also have access to a self-service portal for certain functions including application access, remote browser session (HTML5 VPN), Wireless access and more.

So, I would add Sophos too.

JR
Administrator, Networks with 11-50 employees
User
2019-10-08T13:24:10Z
Oct 8, 2019

I would not manage our network without a firewall. There are to many threats from around the world, the firewall is the most important line of defense. Also, we use our firewall to do NAT.

HL
systems engineer at a retailer with 11-50 employees
Real User
2019-10-08T13:19:56Z
Oct 8, 2019

I would have to agree with the reviewers that suggest which essential firewall features to examine the various firewall vendors.
It ultimately comes down to the prior experience with the vendor and if you trust their firewall product since it is either of great help or a problem that never goes away until you replace the unit years after the purchase, configuration, and implementation.

RH
IT Manager with 51-200 employees
User
2019-10-08T12:36:48Z
Oct 8, 2019

We are happy with the Fortinet firewall, it is a thousand times better than our previous firewall.

2019-10-08T12:05:53Z
Oct 8, 2019

I wouldn't make the decision of purchasing a solution and then need to go back and change my decision but in case I find that my calculations do not meet the requirements then I would go to make a change or increase the throughput of the same firewall so that it will meet my requirements.

MH
IT Security Analyst at a tech services company with 11-50 employees
Real User
2019-10-08T11:31:04Z
Oct 8, 2019

I am working with WatchGuard and Sonicwall firewalls but after to work with WatchGuard I think it is easier than Sonicwall but sometimes still lacking little thinks like as for you see what is the wired speed while you are in troubleshooting, you need to go to the web interface because within the WSM (centralized manangement software) you don´t have how to see it. For example, some things about the cluster you need to use the WSM software to make it easy and another thinks it´s better to use the web interface. Some things make me think about making a change but in the end, I prefer WatchGuard than Sonicwall.

KT
IT Manager at Cloudjet
Real User
2019-10-08T10:23:51Z
Oct 8, 2019

I wouldn't change my decision to buy Fortinet. Fortinet gives us full control of network traffic and gives us the possibility to deploy more IPS without charge firewalls CPU.

The only thing that I want to buy with Fortinet next time is FortiAnalyzer to get a unique endpoint for management.

SM
Snr Product Manager at a tech services company with 5,001-10,000 employees
User
2019-10-08T09:34:54Z
Oct 8, 2019

In my opinion, It will depend on the security solution purchased. For some solutions instead of buying a physical firewall for network security, you can go for a service provider who is offering a managed cloud firewall. That will reduce the total cost of ownership as well as device handling and installation costs.

PC
Network Security Engineer at ZOL Zimbabwe
Real User
2019-10-08T08:34:47Z
Oct 8, 2019

I would have never changed my decision on buying a firewall the reason being that a firewall is an important pillar in defending networks from cyber threats that are ever-increasing each day and also give you an insight on what will be happening within one's network.
Besides the firewall protecting information from external threats, it also helps with internal company policies eg what users can and cannot access when they are connected to the organization internet.

CM
Principal Cyber Security Architect at a comms service provider with 5,001-10,000 employees
Reseller
2019-10-08T06:53:35Z
Oct 8, 2019

I think the decision to buy the firewall at that time was probably the best with the information that I/we had then. Security threats are theoretically not predictable. Manufacturers try to cover as many possible angles from new threat vectors. With that in mind, it is advisable to have a scalable solution that can be complemented over time then eventually replaced with up to date infrastructure. Replacing security infrastructure can be quite costly, it would be advisable to have a model that can also factor in this shift while keeping the customer secure.

Real User
2020-03-10T08:07:29Z
Mar 10, 2020

lernen

it_user1301319 - PeerSpot reviewer
Network security manager at a tech services company with 1-10 employees
User
2020-03-09T18:15:51Z
Mar 9, 2020

The answer is NOT.

Actually I feel fine with my Firewall, related to cost, performance, and benefits, also Web Interface is very easy and intuitive, that's a great choice.

JR
Administrator, Networks with 11-50 employees
User
2020-02-21T15:25:49Z
Feb 21, 2020

Yes, I bought two Juniper SRX4100's and the GUI are completed useless. I would go back to Cisco ASDM in a heartbeat. Also, the Cisco TAC is exponentially better then Juniper's JTAC.

PB
WCOIL/IT Department at Lima Central Catholic
Real User
2019-11-01T14:06:18Z
Nov 1, 2019

No.

MM
Head, Information Technology at a construction company with 201-500 employees
Real User
2019-10-11T03:17:58Z
Oct 11, 2019

No, because it fulfills our requirements. What I might change is the reseller or the interaction with the principal directly, in order to get the most out of the purchased products. Sometimes, the competency and commitment of the reseller are more crucial than the product itself.

it_user1146165 - PeerSpot reviewer
Cibersecurity Pre-Sales at Ingram Micro Inc.
Real User
2019-10-09T15:30:46Z
Oct 9, 2019

Eso depende de la experiencia de servicio de soporte e implementación que tienes con tu proveedor actual. La plataforma puede ser muy buena, pero si se maneja mal, vas a experimentar la misma mala experiencia que equivaldría un mal producto. Es como ir en una super autopista conduciendo un ferrari revolucionado en el primer o segundo cambio.

AJ
System Engineer at E-smart systems
Real User
2019-10-08T06:58:37Z
Oct 8, 2019

It was the best spending money. I never regret it.

Porleng Phatt - PeerSpot reviewer
Pre-Sales Engineer at eCam Solution Co., Ltd
Real User
Top 20
2019-10-08T06:14:20Z
Oct 8, 2019

A firewall is a network security device to monitor and control both incoming and outgoing traffic in the network. The reason why to buy a firewall is to secure your data, your client from the attackers and malware to still your sensitive information and data breach and it helps your organization with better security.

NM
Supervisor of Computer Operations at Neil McFadyen
User
2019-10-08T03:05:35Z
Oct 8, 2019

The ASA5516-X is a good firewall. I really like the dashboard IP connections report, it shows which IPs are trying to hack and their geo location. It lets me blacklist them with a right-click.

Related Questions
RC
Specialist at Bloque de Armas
Jan 3, 2023
Hello peers,  I work at a media company and am researching firewalls. What are the differences between WatchGuard 390 and FortiGate 80F? Which solution do you prefer and why? Thank you for your help.
See 2 answers
AN
Instrutor at a tech services company with 1,001-5,000 employees
Dec 20, 2022
Hello, The 820 and 850 belong to the family 800 of Palo Alto Firewall.I caught a comparison between both firewalls on the Palo Alto site and I believe it will help with your decision.Regards820 and 850 comparison
LJ
Head of Customer Success at a tech services company with 51-200 employees
Jan 3, 2023
Firewall - Appliance Performance Analysis S.No Technical Parameter Watchguard M390 Fortigate 80F 1 IPS Throughput 3.3 Gbps 1.4 Gbps 2 NGFW 5.8 Gbps 1 Gbps 3 Threat Protection 1.47 Gbps 900 Mbps 4 Total no of RJ45 ports 8 GbE Ports 8 GbE Ports 5 Concurrent Sessions 4.5 million 1.5 million 6 New Sessions per second 98000 45000 The WatchGuard M390 NGFW Appliance gives on average 2 + times better performance than the FortiGate 80F
Gulzar C - PeerSpot reviewer
Senior IT Consultant at Gateway information networks
Jan 13, 2023
Hello peers, We are looking for a firewall solution in Fortigate for a software training institution with 2000 students. Each student has one laptop and two mobile phones (maximum). There are four Internet connections, two broadbands, and two leased lines (optical fiber). There is no need for content filtering and application control. We need a solution for load balancing and traffic shaping. ...
2 out of 7 answers
Shibu Babuchandran - PeerSpot reviewer
Regional Manager/ Service Delivery Manager at a tech services company with 201-500 employees
Dec 7, 2022
Hi @Gulzar C ​, Some of the preferred solutions seen in educational institutes are mentioned below: Sophos. Fortinet Fortigate. Juniper SRX Firewall. SonicWall.
CR
Director at REDCO
Dec 7, 2022
Untangle was born in the educational sector, and now it has been acquired by Arista in case you would like to check it out. Any solution is recommended, it all depends on the budget, you can also check pfSense which is free. fatpipeinc.com is a native solution for balancing WAN, VERSA for 8 wan, FortiGate, Sophos, VMware and Cisco are the leaders on Gartner. Greetings 
Related Articles
Ariel Lindenfeld - PeerSpot reviewer
Director of Community at PeerSpot
Aug 21, 2022
We’re launching an annual User’s Choice Award to showcase the most popular B2B enterprise technology products and we want your vote! If there’s a technology solution that’s really impressed you, here’s an opportunity to recognize that. It’s easy: go to the PeerSpot voting site, complete the brief voter registration form, review the list of nominees and vote. Get your colleagues to vote, too! ...
EB
Director of Community at PeerSpot (formerly IT Central Station)
Aug 17, 2022
Hi dear community members, In this edition of PeerSpot's Community Spotlight, you can find out what your peers are discussing and join in the conversation. Ask and answer questions on the topics that interest you most! Read and respond to articles or contribute your own! Trending These are the topics your peers are talking about on PeerSpot this week How do I estimate the requir...
See 1 comment
EB
Director of Community at PeerSpot (formerly IT Central Station)
Aug 17, 2022
Thank you to all the community members who share their knowledge with other peers! Also, special thanks to the articles' contributors included in this Community Spotlight: @Janet Staver, @Abhirup Sarkar, @Manoj Narayanan, @Beth Safire and @Shibu Babuchandran.
EB
Director of Community at PeerSpot (formerly IT Central Station)
Jul 5, 2022
Dear PeerSpot community members, This is our latest Community Spotlight for YOU. Here we've summarized and selected the latest posts (professional questions, articles and discussions) contributed by PeerSpot community members.  Check them out! Trending See what your peers are discussing at the moment! What were your main pain points during the SIEM product purchase process? What...
EB
Director of Community at PeerSpot (formerly IT Central Station)
May 30, 2022
Hi peers, This is our new bi-weekly Community Spotlight that includes recent contributions (questions, articles and discussions) by the PeerSpot community members.  Articles Check the top products and solutions below (selected based on peer reviews) or contribute your own article! Top Security Orchestration Automation and Response (SOAR) Solutions Top 8 Data Loss Prevention (DL...
EB
Director of Community at PeerSpot (formerly IT Central Station)
Jul 11, 2022
Hi community members, As usual, this new Community Spotlight shares with you the latest articles, questions and trending discussions from your peers. Trending See what is trending at the moment and chime in to discuss! Top 8 Extended Detection and Response (XDR) Tools 2022 Would you recommend replacing Cisco ASA Firewall with Fortinet FortiGate FG 100F due to cost reasons? What is the...
See 2 comments
RS
Performance and Fault-tolerance Architect with 1,001-5,000 employees
May 30, 2022
Good very informative
Jairo Willian Pereira - PeerSpot reviewer
Information Security Manager at a retailer with 10,001+ employees
Jul 11, 2022
Analyze the wave of product at Gartner Hype Cycle. EDR was good in the past. After that, MDR joined the hype and now, XDR is the trend. Wait for more in a couple of months and (sic) know the ZDR!
Related Categories
Related Articles
Ariel Lindenfeld - PeerSpot reviewer
Director of Community at PeerSpot
Aug 21, 2022
PeerSpot User's Choice Award 2022
We’re launching an annual User’s Choice Award to showcase the most popular B2B enterprise technol...
EB
Director of Community at PeerSpot (formerly IT Central Station)
Aug 17, 2022
Community Spotlight #20
Hi dear community members, In this edition of PeerSpot's Community Spotlight, you can find out w...
Download Free Report
Download our free Palo Alto Networks NG Firewalls Report and get advice and tips from experienced pros sharing their opinions. Updated: March 2023.
DOWNLOAD NOW
690,226 professionals have used our research since 2012.