Senior Riverbed (WAN,APM,NPM) Consultant at NetConsulting
User
2021-05-17T08:15:51Z
May 17, 2021
Over 50% of security vulnerabilities are non-Web based traffic, such as DNS, DDOS etc and this is where some Web Proxys fall short as they only inspect the Web traffic that is forwarded to them, NGFW's provide superior protection at the edge to inspect all traffic for on-prem users locally.
This is where a SASE solution can help for remote working by providing best of both worlds capabilities such as SWG, NGFW, ZTNA, CASB etc delivered from a Cloud architecture in a unified (single-pass) manor, protecting 'All Traffic from Any user/device anywhere not just Web.
Chief Executive Officer at a tech services company with 1-10 employees
Real User
Top 5
2021-05-13T07:28:55Z
May 13, 2021
Use a Web Proxy that will protect your users when they are working at home as well. The FW will provide protection when the user is behind it. The web proxy will protect the user at any place, anytime.
Networking Specialist at a healthcare company with 1,001-5,000 employees
Real User
Top 5
2021-05-17T07:47:51Z
May 17, 2021
Web Proxy like Cisco Umbrella works very well, you have protection at home and at office, with a lot of employees working some days at home and others at the office is a great solution.
NGFW does streaming based scanning it means it will pass the packet as it received due to which there is high probability of malware getting passed via Firewall. Where as Proxy wait for complete
IT Support and Network Admin at Escuela Carlos Pereyra
User
Top 5
2021-05-13T13:03:05Z
May 13, 2021
Hi Edwin
organization size ? usual final users behavior? how strong its the security you want ? budget ?
if what you need its not that big i allways recomend kind a free solution as a " Pihole server " (in a virtual container its the best way) but,,, also you can find a SOPHOS UTM as the best solution either or maybe a Unifi USG Router or unifi dream machine, of course if your budget allows it
I think the NGFW should do all the work for you if configured properly eg deep packet inspection and not just certificate inspection mode on the policies.
With deep packet inspection the Firewall will deconstruct and reconstruct the packet this will give you full visibility into network traffic and network protection.
The NGFW like fortigate will also give you protection when connected to the public network through sslvpn with tunnel mode enabled such that all your traffic goes through the HQ when browsing resulting in the same policies that you use when onsite to be the same when you are offsite.
@PrideChieza NGFW coupled with internal resources, e.g. domain controllers, gives a great breakdown per area and scopes well. A FortiGate integrated with user groups can act as a firewall and per group web filter, and yes, if deep packet inspection is really needed can be tweaked to allow very specific traffic. +1 for it doing the had work for you.
SE at a comms service provider with 11-50 employees
Real User
Top 10
2021-05-13T06:08:29Z
May 13, 2021
This depends on many factors like size of organization, how organization is geo-spread, type of NGFW and Proxy you are looking at or you have. And where proxy is deployed, onprem or cloud? With cloud you have additional options and companies like Zscaler and Netskope started to eat this part of market.
Hello peers,
I work at a media company and am researching firewalls.
What are the differences between WatchGuard 390 and FortiGate 80F? Which solution do you prefer and why?
Thank you for your help.
Instrutor at a tech services company with 1,001-5,000 employees
Dec 20, 2022
Hello, The 820 and 850 belong to the family 800 of Palo Alto Firewall.I caught a comparison between both firewalls on the Palo Alto site and I believe it will help with your decision.Regards820 and 850 comparison
Hello peers,
We are looking for a firewall solution in Fortigate for a software training institution with 2000 students. Each student has one laptop and two mobile phones (maximum). There are four Internet connections, two broadbands, and two leased lines (optical fiber). There is no need for content filtering and application control. We need a solution for load balancing and traffic shaping.
...
Regional Manager/ Service Delivery Manager at ASPL INFO Services
Dec 7, 2022
Hi @Gulzar C , Some of the preferred solutions seen in educational institutes are mentioned below:
Sophos.
Fortinet Fortigate.
Juniper SRX Firewall.
SonicWall.
Untangle was born in the educational sector, and now it has been acquired by Arista in case you would like to check it out. Any solution is recommended, it all depends on the budget, you can also check pfSense which is free. fatpipeinc.com is a native solution for balancing WAN, VERSA for 8 wan, FortiGate, Sophos, VMware and Cisco are the leaders on Gartner. Greetings
We’re launching an annual User’s Choice Award to showcase the most popular B2B enterprise technology products and we want your vote!
If there’s a technology solution that’s really impressed you, here’s an opportunity to recognize that. It’s easy: go to the PeerSpot voting site, complete the brief voter registration form, review the list of nominees and vote. Get your colleagues to vote, too!
...
Hi dear community members,
In this edition of PeerSpot's Community Spotlight, you can find out what your peers are discussing and join in the conversation. Ask and answer questions on the topics that interest you most! Read and respond to articles or contribute your own!
Trending
These are the topics your peers are talking about on PeerSpot this week
How do I estimate the requir...
Director of Community at PeerSpot (formerly IT Central Station)
Aug 17, 2022
Thank you to all the community members who share their knowledge with other peers!
Also, special thanks to the articles' contributors included in this Community Spotlight:
@Janet Staver, @Abhirup Sarkar, @Manoj Narayanan, @Beth Safire and @Shibu Babuchandran.
Dear PeerSpot community members,
This is our latest Community Spotlight for YOU. Here we've summarized and selected the latest posts (professional questions, articles and discussions) contributed by PeerSpot community members.
Check them out!
Trending
See what your peers are discussing at the moment!
What were your main pain points during the SIEM product purchase process?
What...
Hi peers,
This is our new bi-weekly Community Spotlight that includes recent contributions (questions, articles and discussions) by the PeerSpot community members.
Articles
Check the top products and solutions below (selected based on peer reviews) or contribute your own article!
Top Security Orchestration Automation and Response (SOAR) Solutions
Top 8 Data Loss Prevention (DL...
Hi community members,
As usual, this new Community Spotlight shares with you the latest articles, questions and trending discussions from your peers.
Trending
See what is trending at the moment and chime in to discuss!
Top 8 Extended Detection and Response (XDR) Tools 2022
Would you recommend replacing Cisco ASA Firewall with Fortinet FortiGate FG 100F due to cost reasons?
What is the...
Information Security Manager at a retailer with 10,001+ employees
Jul 11, 2022
Analyze the wave of product at Gartner Hype Cycle. EDR was good in the past. After that, MDR joined the hype and now, XDR is the trend. Wait for more in a couple of months and (sic) know the ZDR!
Over 50% of security vulnerabilities are non-Web based traffic, such as DNS, DDOS etc and this is where some Web Proxys fall short as they only inspect the Web traffic that is forwarded to them, NGFW's provide superior protection at the edge to inspect all traffic for on-prem users locally.
This is where a SASE solution can help for remote working by providing best of both worlds capabilities such as SWG, NGFW, ZTNA, CASB etc delivered from a Cloud architecture in a unified (single-pass) manor, protecting 'All Traffic from Any user/device anywhere not just Web.
Use a Web Proxy that will protect your users when they are working at home as well. The FW will provide protection when the user is behind it. The web proxy will protect the user at any place, anytime.
Hi @Oleg Pekar and @Manish Nalawade. Can you share your thoughts?
You are analyzing a central solution (perimeter), correct?
So, NGFW with URL filtering is simple & easy to go live without any issues.
But, what is going on with the endpoints, local URL filtering?
Web Proxy like Cisco Umbrella works very well, you have protection at home and at office, with a lot of employees working some days at home and others at the office is a great solution.
NGFW does streaming based scanning it means it will pass the packet as it received due to which there is high probability of malware getting passed via Firewall. Where as Proxy wait for complete
Hi Edwin
organization size ?usual final users behavior?
how strong its the security you want ?
budget ?
if what you need its not that big i allways recomend kind a free solution as a " Pihole server " (in a virtual container its the best way) but,,, also you can find a SOPHOS UTM as the best solution either or maybe a Unifi USG Router or unifi dream machine, of course if your budget allows it
good luk.
I think the NGFW should do all the work for you if configured properly eg deep packet inspection and not just certificate inspection mode on the policies.
With deep packet inspection the Firewall will deconstruct and reconstruct the packet this will give you full visibility into network traffic and network protection.
The NGFW like fortigate will also give you protection when connected to the public network through sslvpn with tunnel mode enabled such that all your traffic goes through the HQ when browsing resulting in the same policies that you use when onsite to be the same when you are offsite.
@PrideChieza NGFW coupled with internal resources, e.g. domain controllers, gives a great breakdown per area and scopes well. A FortiGate integrated with user groups can act as a firewall and per group web filter, and yes, if deep packet inspection is really needed can be tweaked to allow very specific traffic. +1 for it doing the had work for you.
This depends on many factors like size of organization, how organization is geo-spread, type of NGFW and Proxy you are looking at or you have. And where proxy is deployed, onprem or cloud? With cloud you have additional options and companies like Zscaler and Netskope started to eat this part of market.