2021-05-11T09:23:00Z
EO
Regional Solutions Manager at Infodata Professional Services
  • 8
  • 1874

NGFW with URL Filtering vs Web Proxy

Should one go for a URL Filtering as an add-on to NGFW or just deploy a Web proxy, instead?

I am one who advocates that firewalls with URL Filtering can't serve better than Web security solutions (i.e., a Web proxy).

What's your opinion?

9
PeerSpot user
9 Answers
MH
Senior Riverbed (WAN,APM,NPM) Consultant at NetConsulting
User
2021-05-17T08:15:51Z
May 17, 2021

Over 50% of security vulnerabilities are non-Web based traffic, such as DNS, DDOS etc and this is where some Web Proxys fall short as they only inspect the Web traffic that is forwarded to them, NGFW's provide superior protection at the edge to inspect all traffic for on-prem users locally.


This is where a SASE solution can help for remote working by providing best of both worlds capabilities such as SWG, NGFW, ZTNA, CASB etc delivered from a Cloud architecture in a unified (single-pass) manor, protecting 'All Traffic from Any user/device anywhere not just Web. 

Search for a product comparison in Firewalls
AL
Chief Executive Officer at a tech services company with 1-10 employees
Real User
Top 5
2021-05-13T07:28:55Z
May 13, 2021

Use a Web Proxy that will protect your users when they are working at home as well. The FW will provide protection when the user is behind it. The web proxy will protect the user at any place, anytime. 

EB
Director of Community at PeerSpot (formerly IT Central Station)
Community Manager
2021-05-12T02:16:57Z
May 12, 2021

Hi @Oleg Pekar and @Manish Nalawade. Can you share your thoughts?

VB
IT Manager at a hospitality company with 201-500 employees
Real User
Top 5Leaderboard
2021-07-26T13:36:47Z
Jul 26, 2021

You are analyzing a central solution (perimeter), correct? 
So, NGFW with URL filtering is simple & easy to go live without any issues.


But, what is going on with the endpoints, local URL filtering? 

CB
Networking Specialist at a healthcare company with 1,001-5,000 employees
Real User
Top 5
2021-05-17T07:47:51Z
May 17, 2021

Web Proxy like Cisco Umbrella works very well, you have protection at home and at office, with a lot of employees working some days at home and others at the office is a great solution.

BD
Senior Manager at a financial services firm with 10,001+ employees
Real User
Top 5Leaderboard
2021-05-14T00:54:05Z
May 14, 2021

NGFW does streaming based scanning it means it will pass the packet as it received due to which there is high probability of malware getting passed via Firewall. Where as Proxy wait for complete

Learn what your peers think about Fortinet FortiGate. Get advice and tips from experienced pros sharing their opinions. Updated: January 2023.
670,400 professionals have used our research since 2012.
Luis Apodaca - PeerSpot reviewer
IT Support and Network Admin at Escuela Carlos Pereyra
User
Top 5
2021-05-13T13:03:05Z
May 13, 2021

Hi Edwin

organization size ?
usual final users behavior?
how strong its the security you want ?
budget ?

if what you need its not that big i allways recomend kind a free solution as a " Pihole server " (in a virtual container its the best way) but,,, also you can find a SOPHOS UTM as the best solution either or maybe a Unifi USG Router or unifi dream machine, of course if your budget allows it

good luk.


PC
Network Security Engineer at ZOL Zimbabwe
Real User
2021-05-13T12:22:44Z
May 13, 2021

I think the NGFW should do all the work for you if configured properly eg deep packet inspection and not just certificate inspection mode on the policies.


With deep packet inspection the Firewall will deconstruct and reconstruct the packet this will give you full visibility into network traffic and network protection.


The NGFW like fortigate will also give you protection when connected to the public network through sslvpn with tunnel mode enabled such that all your traffic goes through the HQ when browsing resulting in the same policies that you use when onsite to be the same when you are offsite.

LN
User
May 15, 2021

@PrideChieza NGFW coupled with internal resources, e.g. domain controllers, gives a great breakdown per area and scopes well. A FortiGate integrated with user groups can act as a firewall and per group web filter, and yes, if deep packet inspection is really needed can be tweaked to allow very specific traffic. +1 for it doing the had work for you.

PeerSpot user
DI
SE at a comms service provider with 11-50 employees
Real User
Top 10
2021-05-13T06:08:29Z
May 13, 2021

This depends on many factors like size of organization, how organization is geo-spread, type of NGFW and Proxy you are looking at or you have. And where proxy is deployed, onprem or cloud? With cloud you have additional options and companies like Zscaler and Netskope started to eat this part of market. 

Related Questions
RC
Specialist at Bloque de Armas
Jan 3, 2023
Hello peers,  I work at a media company and am researching firewalls. What are the differences between WatchGuard 390 and FortiGate 80F? Which solution do you prefer and why? Thank you for your help.
See 2 answers
AN
Instrutor at a tech services company with 1,001-5,000 employees
Dec 20, 2022
Hello, The 820 and 850 belong to the family 800 of Palo Alto Firewall.I caught a comparison between both firewalls on the Palo Alto site and I believe it will help with your decision.Regards820 and 850 comparison
LJ
Head of Customer Success at a tech services company with 51-200 employees
Jan 3, 2023
Firewall - Appliance Performance Analysis S.No Technical Parameter Watchguard M390 Fortigate 80F 1 IPS Throughput 3.3 Gbps 1.4 Gbps 2 NGFW 5.8 Gbps 1 Gbps 3 Threat Protection 1.47 Gbps 900 Mbps 4 Total no of RJ45 ports 8 GbE Ports 8 GbE Ports 5 Concurrent Sessions 4.5 million 1.5 million 6 New Sessions per second 98000 45000 The WatchGuard M390 NGFW Appliance gives on average 2 + times better performance than the FortiGate 80F
Jan 13, 2023
Hello peers, We are looking for a firewall solution in Fortigate for a software training institution with 2000 students. Each student has one laptop and two mobile phones (maximum). There are four Internet connections, two broadbands, and two leased lines (optical fiber). There is no need for content filtering and application control. We need a solution for load balancing and traffic shaping. ...
2 out of 7 answers
SB
Regional Manager/ Service Delivery Manager at ASPL INFO Services
Dec 7, 2022
Hi @Gulzar C ​, Some of the preferred solutions seen in educational institutes are mentioned below: Sophos. Fortinet Fortigate. Juniper SRX Firewall. SonicWall.
CR
Director at REDCO
Dec 7, 2022
Untangle was born in the educational sector, and now it has been acquired by Arista in case you would like to check it out. Any solution is recommended, it all depends on the budget, you can also check pfSense which is free. fatpipeinc.com is a native solution for balancing WAN, VERSA for 8 wan, FortiGate, Sophos, VMware and Cisco are the leaders on Gartner. Greetings 
Related Articles
Ariel Lindenfeld - PeerSpot reviewer
Director of Community at PeerSpot
Aug 21, 2022
We’re launching an annual User’s Choice Award to showcase the most popular B2B enterprise technology products and we want your vote! If there’s a technology solution that’s really impressed you, here’s an opportunity to recognize that. It’s easy: go to the PeerSpot voting site, complete the brief voter registration form, review the list of nominees and vote. Get your colleagues to vote, too! ...
EB
Director of Community at PeerSpot (formerly IT Central Station)
Aug 17, 2022
Hi dear community members, In this edition of PeerSpot's Community Spotlight, you can find out what your peers are discussing and join in the conversation. Ask and answer questions on the topics that interest you most! Read and respond to articles or contribute your own! Trending These are the topics your peers are talking about on PeerSpot this week How do I estimate the requir...
See 1 comment
EB
Director of Community at PeerSpot (formerly IT Central Station)
Aug 17, 2022
Thank you to all the community members who share their knowledge with other peers! Also, special thanks to the articles' contributors included in this Community Spotlight: @Janet Staver, @Abhirup Sarkar, @Manoj Narayanan, @Beth Safire and @Shibu Babuchandran.
EB
Director of Community at PeerSpot (formerly IT Central Station)
Jul 5, 2022
Dear PeerSpot community members, This is our latest Community Spotlight for YOU. Here we've summarized and selected the latest posts (professional questions, articles and discussions) contributed by PeerSpot community members.  Check them out! Trending See what your peers are discussing at the moment! What were your main pain points during the SIEM product purchase process? What...
EB
Director of Community at PeerSpot (formerly IT Central Station)
May 30, 2022
Hi peers, This is our new bi-weekly Community Spotlight that includes recent contributions (questions, articles and discussions) by the PeerSpot community members.  Articles Check the top products and solutions below (selected based on peer reviews) or contribute your own article! Top Security Orchestration Automation and Response (SOAR) Solutions Top 8 Data Loss Prevention (DL...
EB
Director of Community at PeerSpot (formerly IT Central Station)
Jul 11, 2022
Hi community members, As usual, this new Community Spotlight shares with you the latest articles, questions and trending discussions from your peers. Trending See what is trending at the moment and chime in to discuss! Top 8 Extended Detection and Response (XDR) Tools 2022 Would you recommend replacing Cisco ASA Firewall with Fortinet FortiGate FG 100F due to cost reasons? What is the...
See 2 comments
RS
Performance and Fault-tolerance Architect with 1,001-5,000 employees
May 30, 2022
Good very informative
Jairo Willian Pereira - PeerSpot reviewer
Information Security Manager at a retailer with 10,001+ employees
Jul 11, 2022
Analyze the wave of product at Gartner Hype Cycle. EDR was good in the past. After that, MDR joined the hype and now, XDR is the trend. Wait for more in a couple of months and (sic) know the ZDR!
Related Articles
Ariel Lindenfeld - PeerSpot reviewer
Director of Community at PeerSpot
Aug 21, 2022
PeerSpot User's Choice Award 2022
We’re launching an annual User’s Choice Award to showcase the most popular B2B enterprise technol...
EB
Director of Community at PeerSpot (formerly IT Central Station)
Aug 17, 2022
Community Spotlight #20
Hi dear community members, In this edition of PeerSpot's Community Spotlight, you can find out w...
Download Free Report
Download our free Fortinet FortiGate Report and get advice and tips from experienced pros sharing their opinions. Updated: January 2023.
DOWNLOAD NOW
670,400 professionals have used our research since 2012.