2017-03-10T00:10:00Z
Terry Stokes - PeerSpot reviewer
Information Technology Manager at a healthcare company with 51-200 employees
  • 101
  • 147

​What do you recommend for a corporate firewall implementation?

I have a web-based firewall solution from our telecom vendor which is not user friendly nor does it show you the traffic on the firewall.

I have six geographically dispersed locations. What do you recommend for a corporate firewall implementation? 

83
PeerSpot user
83 Answers
it_user359346 - PeerSpot reviewer
ISV/IT Consultant at a tech vendor
Vendor
2017-03-14T02:45:58Z
Mar 14, 2017

I would recommend Sophos UTM9. We've been using it for more than 2 years and it's stable. Although Sophos is already recommending their newest XG line the UTM9 version is very stable and still has a large community support. The UI is intuitive and features are up to par for your most demanding policy enforcement. Like all the posts before, you have to determine appropriately the scale and expected TPT for your traffic so that your organization can decide the appropriate device model for the task. Sophos also has a unified Management UI for managing all your firewalls in one place called Sophos Firewall Manager. Whether you like to deploy a full blown firewall appliance per site or RED devices, Sophos Firewall would most probably be one of your organizations top choice.

Search for a product comparison in Firewalls
it_user3498 - PeerSpot reviewer
Architect at IBM
MSP
2017-03-13T16:11:09Z
Mar 13, 2017

pfSence will easily let you interconnect all 6 locations. It has a terrific GUI interface and fantastic tools for openvpn. The support guys are the best I have ever worked with. And once you master it, it is entirely free.

it_user245049 - PeerSpot reviewer
Ejecutiva de Cuentas Corporativas at a tech vendor
Real User
2017-06-20T16:24:55Z
Jun 20, 2017

Yo recomiendo FortiGate de Fortinet, que tiene una administración muy sencilla pero que es lider en el cuadrante de Gartner en UTM

OsamaMunir - PeerSpot reviewer
Network Administrator at a energy/utilities company with 1,001-5,000 employees
Real User
2017-03-14T05:34:01Z
Mar 14, 2017

Go for Fortinet Firewall, Its interface is very user friendly, multiple features and easy implementation low cost compared to other high-end firewalls and good technical support.

At Corporate Headquarter analyze one of the following models.

FG-200D FG-200E FG-300D FG-500D FG-600D

At remote site following models are recommended

FG/FWF-30E FG/FWF-50E FG/FWF-60D FG/FWF-60E FG-80D

Specification can be compared on the following link. However please note the specs are for ideal situations. I recommend to analyze each specs by 1/3 factor for practical implementation.

https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/Fortinet_Product_Matrix.pdf

Stuart Berman - PeerSpot reviewer
CTO at a tech company with 11-50 employees
Real User
Top 10
2017-03-13T20:09:41Z
Mar 13, 2017

The FortiGate line is great for global networks. You need to size them for your traffic and type of protection (web filtering; IPS; antivirus; VPN; BotNet protection; etc) since each additional service enables requires a larger system. We find the FortiGates very affordable and very effective at keeping our networks secure globally. One bit of advice is that you consider the series when choosing hardware - a FG-100E is more powerful than a FG-100D and far more powerful than a 'C' series (although those should no longer be sold).

it_user609903 - PeerSpot reviewer
CTO & VP Systems Technology at a tech consulting company with 1,001-5,000 employees
Consultant
2017-03-13T18:21:48Z
Mar 13, 2017

I would recommend Palo Alto networks. Their NGFW platform is one of the only vendors affecting single pass. Single pass means no matter what services are turned on it's a single pass across the box. Also SSL decryption is need in this day an age with the ever increasing https traffic that is out there. They also have a great AWS solution for auto scaling VPN for remote users.

Learn what your peers think about Check Point CloudGuard Network Security. Get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
655,465 professionals have used our research since 2012.
it_user625443 - PeerSpot reviewer
Vice President of Service Delivery at a tech services company with 51-200 employees
Consultant
2017-03-13T17:02:18Z
Mar 13, 2017

pfSense can do what you need it to do. We've deployed many firewalls for companies with geographically-dispersed locations, all with different needs and requirements. Hub and spoke could very well be the solution here. With the easy-to-use GUI and robust feature set, you'll certainly be happier with it than you are with your current product. Our professional services team can handle the configuration and deployment for you.

it_user68991 - PeerSpot reviewer
Manager of Engineering with 1,001-5,000 employees
Vendor
2017-03-13T17:01:04Z
Mar 13, 2017

Check out Palo Alto Networks, maybe the PA-800 Series. You can manage all 6 locations from a single interface with Palo Alto Panorama. If you need expertise just find a local partner in your area with this link: http://locator.paloaltonetworks.com/

SI
Network and System Administrator at a pharma/biotech company with 501-1,000 employees
Real User
2017-03-13T16:57:31Z
Mar 13, 2017

Hi,
choosing right FW solution is not simple. must have on mind what we want to achieve, IT staff experience and etc. there are not good or bad solutions, only good or bad deployment.
in your case, i will suggest Meraki MX appliance.
cloud based management, automatically VPN between devices into same organization unit, L3-L7 FW, content filtering, AD integration, easy web management and many more.
BR

it_user227805 - PeerSpot reviewer
Chief Information Officer-Tryke Companies/Reef Dispensaries, Preident-Tryke Labs at a government
Vendor
2017-03-13T16:27:37Z
Mar 13, 2017

Look at. Cisco's - Meraki - product line. Check out their waps as well as their security appliances (firewalls).

Forget all that code and text interface nonsense.

Meraki rocks. Cisco bought this company because they were such a threat. Thank me later

Frank Horwich
303.601.4009

it_user433407 - PeerSpot reviewer
IT Infrastructure Engineer at a tech company with 11-50 employees
Real User
2017-03-13T16:26:02Z
Mar 13, 2017

I recommend FortiGate firewalls, but more information its needed (the scope, traffic, what to protect ...) to determine the model.
With FortiCloud service you can monitor the traffic (its not needed to be the administrator). You also, can schedule daily reports to send to a specific e-mail address.
Fortinet solutions are designed to work together as an integrated and collaborative security fabric to provide a powerful, integrated end-to-end security solution across the entire attack surface.
FortiGate also can act as an wireless controller, switch controller.
offers two factor authentication using FortiTokens (hardware or Mobile tokens)
you can create virtual domains without any additional license
another point is endpint managment
etc...
With FortiManager you can manage all FortiGates from a single platform or can create Administrative Domains based on geographically locations or your administrators access.

it_user138336 - PeerSpot reviewer
General Manager with 1-10 employees
Vendor
2017-03-13T16:16:17Z
Mar 13, 2017

Sir,
I recommend SOPHOS in Head Office XG-310 & branches XG-85 or XG-105
Head Office Users 50 -100 / Branches Users from 5 - 25

Alberto E. Luna Rodriguez - PeerSpot reviewer
Network Security Coordinator at a energy/utilities company with 1,001-5,000 employees
Real User
2017-03-13T16:04:29Z
Mar 13, 2017

I agree you could look into Fortinet solutions. They're cost effective and offer a lot of other features you might want look at (UTM, WLAN Controllers, etc.). They're also fairly simple to configure and operate and can be centrally managed via FortiManager if it makes sense to you and your budget.

it_user368916 - PeerSpot reviewer
Sales Director
Vendor
2017-03-13T15:56:56Z
Mar 13, 2017

Hello,
i can highly recommend to use Sophos XG firewall as they are extremely easy to use, with all functions you ever need built in. You can also fully manage WI-Fi access points and VPN devices straight for firewall web interface.
As for monitoring there are many solutions - Sophos support more than 1000 reports on usage, but if you need real time security monitoring there is nothing batter than SIEM solutions.
Personally prefer Alien Vault a as customization to your needs are unlimited
Hope this helps :)

it_user625392 - PeerSpot reviewer
Senior Information Technology Support Analyst at E-Solution Tecnologia da Informação
Consultant
2017-03-13T15:52:29Z
Mar 13, 2017

Hello, arguably the Fotigate meets your need, with the Fortiview that is a feature present on the equipment itself, you can show all network traffic, with ports, Protocol, users, if the connection is TCP or UDP and for which firweall rule is coming out.
And to further expand the display, hire the Fortinet Forticloud service. Well, these are just examples, the Fortigate has more resources to provide for the protection of your company's networks.

it_user447975 - PeerSpot reviewer
IT support at a tech services company
Consultant
2017-03-13T15:52:17Z
Mar 13, 2017

Hi,

I'm a big fan of opensource solution, now i'm very satisfied with
pfsense (https://www.pfsense.org/) you can use your own hw or buy some
appliance from https://netgate.com/ ( sponsor of pfsense)

Other payed solution can be Mikrotik (is a linux base), Ubiquiti
https://www.ubnt.com/products/#edgemax or Fortinet
https://www.fortinet.com/

it_user794904 - PeerSpot reviewer
User at a manufacturing company with 1,001-5,000 employees
User
2018-07-23T17:54:57Z
Jul 23, 2018

I use Fortigates as well - those are solid devices - @LZ good writeup in past firmware 5.0 and below Fortinet had issue with firmware upgrades, now it is very clean process. Also I would always recommend A/A or A/P configuration.

it_user226269 - PeerSpot reviewer
EMEA Corporate Business Development Director at a consultancy
Consultant
2017-07-12T10:28:53Z
Jul 12, 2017

I would recommend Zscaler and can introduce you to the head of technical operations who would be very happy to discuss this with you. No appliance required and can indeed replace much of your appliance based stack in your HQ. Cloud based solution, eliminates backhauling and reduces latency to cloud based apps. Takes out need for VPN. Gartner and Forrester leader. Get in touch with me and I will introduce you. Great company and great software.

it_user689088 - PeerSpot reviewer
Managing Director at DWN - Specializes in Meraki-Cisco since 2009
Real User
2017-06-21T16:25:13Z
Jun 21, 2017

All UTM is okay to use, however, I do highly recommend you with Cisco Meraki MX Security appliance (UTM) - the latest technology that all BIG Corp have applied it more and more recently.

Since the most important points you may need to consider for your company is
+ HOW to helps you centralised manage 6 sites with ability to remote control,
+ Intuitive interface to know what's happening at real time,
+ Save lots of cost from your IT labour work, and specially
+ Eliminate your VPN annual services among all the sites (such as MPLS, leaseline, etc) thanks to Meraki WAN optimization (iWAN) .
+ Finally, the cost-investment in long-term is very competitive with BIG SAVINGS compared to all other UTM solutions.

In brief, it does not only helps escape you from the heavy & tough work-load, but also is an effective-investment solution for your company (your boss) and increase the capacity & development at each site.
Hope my sharing is helpful for you, and also to other friends. Thanks & Cheers!

it_user648771 - PeerSpot reviewer
User at Akamai
Real User
2017-05-23T18:05:41Z
May 23, 2017

Akamai has a comprehensive set of WAF solutions in the cloud. No capital expenditure, therefore no long term commitment to hardware that quickly becomes obsolete. The added value is increased performance, user friendly and a leading cloud security solution used by the worlds largest enterprises globally.

robofl - PeerSpot reviewer
User
User
2017-03-21T00:45:05Z
Mar 21, 2017

We have been using Sonicwall for about 12 years but over the last couple of years have been moving to the Sophos SG Series. I know many people complain about Sonicwall reliability issues, but for us the UI just didn't keep up with the features they have added on over the years. I also don't care for the perpetual "early release" firmware. We also have a couple of Fortigate units for specific uses. Very reliable but not nearly as user friendly.

IY
Assistant Manager (Infrastructure) at SISTIC
User
2017-03-15T07:23:40Z
Mar 15, 2017

I'm also evaluating firewall: Checkpoint, Fortigate, Sonicwall, Sophos, Huawei, Cisco ASA, Cisco FirePOWER, Juniper

Technical spec i won't say much here, it has to depends on your need (feature to turn on), size (office/datacenter/etc) and budget.
They (firewall maker) can say they are the leader, they have special ability (*haha), best in the world, etc.. but actually they have same purpose, the only difference is marketing term like AMP, ATP, Sandblast, Wildfire etc.

No perfect solution, if you have budget you can go for carrier grade firewall, is like no one can stop you to buying Ferrari.

Below is my view:
1. Checkpoint:
Pros - Good in security, pure-play security company, long history, very clean GUI, very user friendly GUI, large community, large knowledge base, complex deployment, good documentation but not so straight forward.
Cons - Expensive, due to the architecture easily get under size.

2. Fortigate:
Pros - Reasonable price with performance, purpose build ASIC to provide very high network throughput, very high VPN throughput among the competitor, large community, large knowledge base, complex deployment, good documentation and easy to understand explanation.
Cons - Got a lot of feedback that there are some issues when update the firmware (Suspect because ASIC chip compatibility with different firmware)

3. Sonicwall:
Pros - Seldom see in complex deployment but good in office/branch deployment, cheaper, clean GUI, user friendly GUI, good documentation some even have video.
Cons - Due to the Dell acquisition the development has slowdown, they told me they are catching up now, only 1 sale engineer in my country.

4. Sophos:
Pros - Seldom see in complex deployment but good in office/branch deployment, cheaper, clean GUI, very good integrate with their end point solutions.
Cons - There are a lot of users feedback that DPI slowdown the internet speed, very little referrer, they might more focus on their end point solutions.

5. Huawei:
Pros - Cheaper.
Cons - Very little referrer, consume more rack space.

6. Cisco ASA:
Pros - Stable, reliable, good CLI, large user community, good documentation but not so straight forward, more discount if you are Cisco house.
Cons - Need put more effort to understand how to use, GUI is not so user friendly, security is just a part of their business, a lot console need to take care.

7. Cisco FirePOWER (new firmware) :
Pros - FTD will be integrate NGFW feature (VPN and multi context still not support yet)
Cons - Is new release so no comment.

Please let me know if i was wrong, I looking if someone more experience can share his view so that i can add to my evaluation list.

Iz

it_user626613 - PeerSpot reviewer
User at a tech company with 51-200 employees
Vendor
2017-03-14T19:40:50Z
Mar 14, 2017

Good Day Terry,

If you are looking to get out of the security hardware business then I think you will want to review the capabilities of Network Box USA. We provide a Managed Security Services solution that does not require you to purchase any hardware or manage the hardware based on our 24x7x7 managed service from our Security Operations Center in Houston, TX.

I would be glad to discuss our unique approach which can be very cost effective and get you away from managing appliances for your six locations.

Mark Manion
National Sales Manager
mark.manion@networkboxusa.com
www.networkboxusa.com
716-989-1134

it_user258042 - PeerSpot reviewer
Sr. Security Architect with 1,001-5,000 employees
Vendor
2017-03-14T14:55:39Z
Mar 14, 2017

Depending on the size of the company, most enterprise-level firewalls will demonstrate a centralized management console capable of managing many disparate firewall locations, as well as the virtual elements within each. If you are at this level, my preference would be the Palo Alto system, that allows the administrator to create rules, and abstractions that ultimately lead to an administrator putting together a policy like: "Inbound reverse web proxy" -> "any external system" -> "our reverse proxies" -> "web protocols". So while, this terminology is still ancient rule-base logic, the wording of the policy is actually readable. in other areas of the system you define; what IP address belong to your reverse proxies; what web protocols you will allow, etc..

Like many complex systems, these FWs may be more capable than you need; IPS, FW, threat intelligence, malware detection, etc... just ignore the added features until you find the need to expand your requirements, and they will come naturally if needed.

Finally, traffic analysis - it too is there in the PAs, but relatively rudimentary. It will show volumes, but not keep the kind of traffic history that a good analyzer would provide. Still useful, but your requirements may be more complex than what can be presented.

it_user535599 - PeerSpot reviewer
Marketing at FireMon
Vendor
2017-03-14T14:51:56Z
Mar 14, 2017

Hi Terry - Management of diversified firewalls is at the heart of our FireMon solution. We can aggregate all of your firewall traffic, regardless of location and firewall vendor, into a web-based firewall management platform that provides continuous visibility into and analysis of your network security policies and underlying IT risks. The platform proactively delivers cleanup, compliance, and change management through a centralized dashboard. FireMon simply needs to have connectivity from where the FireMon data collector is deployed, along with the traffic and change logs. If you already have a central locations for logs like a SIEM, that can also be used. Check out the list of firewall vendors we support @ https://www.firemon.com/about-us/technology-partners/ , as well as our capabilities @ https://www.firemon.com/try-it-free/ .

it_user405342 - PeerSpot reviewer
Senior Network and Security Engineer at a tech services company with 51-200 employees
Consultant
2017-03-14T14:08:38Z
Mar 14, 2017

I recomend you to go with Fortinet or Sonicwall.

it_user286170 - PeerSpot reviewer
DevOps Engineer at a consultancy with 51-200 employees
Real User
2017-03-14T07:42:18Z
Mar 14, 2017

The original question did mention ease of use, showing throughput, and the need to connect several regions which is why I recommended Meraki products. IMO they are by far the easiest firewall to set up and a total no-brainer for distributed use. It is nigh on impossible to accidentally disconnect your remote offices due to configuration mess up and even if you do then the out-of-band management will allow you to correct the issue.

If you know what you're doing then I'd go with pfSense. Powerful and affordable (free even if you can do without the support).

We have Meraki MX in our HQ office as the needs there are simple and ease of management is a top priority along with all the stuff the Advanced Security license brings. We use pfSense in our data centre rack.

Having spent a long time with Cisco ASAs I'd certainly not recommend them to the OP due to being far too complex to set up without experience or training. Although they're rather good if you know what you're doing.

it_user514128 - PeerSpot reviewer
User at a printing company with 51-200 employees
Vendor
2017-03-14T07:13:03Z
Mar 14, 2017

Fortigate Firewalls are best suited for these purpose. You may select the appropriate model either by comparing specs on their website or talking to one of their consultant. Only, shortfall with Fortigate is, one needs to be trained to configure and manage these devices. So, you either learn it yourself or signup a support partner. Online support is not very great for setting the device up. But, pretty quick and efficient in helping resolve specific issues faced.

it_user625953 - PeerSpot reviewer
System Engineer at a retailer
Vendor
2017-03-14T07:08:06Z
Mar 14, 2017

Please follow answer of Irvin Gaerlan for sophos UTM.

it_user326550 - PeerSpot reviewer
Associate Consultant at a tech services company with 10,001+ employees
Consultant
2017-03-14T05:51:40Z
Mar 14, 2017

Please reply the below questions
what kind of traffic to be allowed ? example https, FTP, SFTP etc.,
How many Users will have connection to the Firewall?
Do you want IPS to protect the network ?
Do you want Firewall with redundancy or Standalone ?
Whether Site to Site VPN or Remote Access VPN required ?
Would recommend Cisco Next Generation Firewall Cisco ASA 5500-FTD-X Model based on the business requirement.

it_user232641 - PeerSpot reviewer
Senior Network Engineer at a financial services firm with 501-1,000 employees
Vendor
2017-03-14T04:55:18Z
Mar 14, 2017

I think you can use, Fortigate Firewall, Barracuda WebFilter Firewall. They are user friendly and you can generate an efficient reports etc. We are also using Fortigate 310B for web filtering.

it_user471162 - PeerSpot reviewer
Netwrok Admin IT INFRA Team Leader at a comms service provider with 1,001-5,000 employees
Vendor
2017-03-14T04:52:42Z
Mar 14, 2017

I would recommend you fortunate firewall, its provide user friendly gui interface. and nice UTM protection. you can monitor your want traffic on dashboard.

it_user625893 - PeerSpot reviewer
Network Engineer at a manufacturing company
Vendor
2017-03-14T04:29:36Z
Mar 14, 2017

Let me start by asking, what vendors, equipment is in your infrastructure? What are you and your team familiar with? I ask for this reason, I am familiar with Cisco, that may not be what you are familiar with.

it_user499773 - PeerSpot reviewer
President with 501-1,000 employees
MSP
2017-03-14T03:37:40Z
Mar 14, 2017

We have been successful with Fortinet.
The advantage is that depending on the sites, you might want to setup higher levels in one location and lower level firewalls in others, but since all of them use the same Operating system you can program them similarly.
The other advantages are that you get many functions from these firewalls such as:

1. Fastest firewalls
2. Next Generation Firewalls
3. NSS Labs Recommended
4. ICSA Labs Certifications – 1. Anti-Virus 2. Firewall-Corporate 3. IPSEC-Basic 4. SSL-VPN 5. Network IPS
5. Real-time updates 24x7 from Fortinet automatically
6. Anti-Virus
7. Anti-Malware (ATP)
8. Anti-Spam
9. Web Content Filtering
10. Intrusion Detection and Prevention
11. Firewall
12. Data Loss Protection (DLP)
13. And many more functions….
As to traffic, you can see all of them separately or you can get the FortiAnalyzer and analyze traffic from all of them since you would point all of them to the FortiAnalyzer for that.
For management of all the firewalls and for updating them uniformly, I suggest getting the FortiManager – that will help tremendously.

For FortiAnalyzer - https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/FortiAnalyzer.pdf
For FortiManager - https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/FortiManager.pdf
For FortiOS (Fortigate Operating System ) - https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/fortiOS_54.pdf

it_user141780 - PeerSpot reviewer
Engineer at a energy/utilities company
Vendor
2017-03-14T03:00:26Z
Mar 14, 2017

I would use Cisco ASA NG appliances.

Vendor
2017-03-14T01:18:29Z
Mar 14, 2017

I recommended fortigate 100d firewall..

Vendor
2017-03-14T01:05:51Z
Mar 14, 2017

Cisco is always a good bet. They are reliable and support is good. The down side is that the more advanced features are done via script. Their UI is not that fantastic. Maybe that’s because I am using the old ASA model. However, Cisco engineer are a plenty so it will be easy to get support. I am testing out Fortigate now and their UI is a lot better. Much easier to administer though.

it_user8967 - PeerSpot reviewer
Senior Manager of IT at a retailer with 51-200 employees
Vendor
2017-03-14T00:15:19Z
Mar 14, 2017

Depending on size FortiNet for small to medium-sized and Palo Alto for
larger deployments and/or complexity. IMHO

it_user104280 - PeerSpot reviewer
User at a tech services company
Real User
2017-03-13T21:37:33Z
Mar 13, 2017

If you are not a regular firewall service manager and this is a first run into the corporate firewall systems, I might suggest checkpoint solutions as a first name in easy to learn and quick to get up and running appliances. Check point take a very logical approach to security and it is up there with the best. As for bells and whistles, get a briefing from a vendor and see if it is a fit for your finances, pretty sure your 6 sites will be managed with ease.
Regards,
Nige Williamson
Black Dragon Limited

it_user229830 - PeerSpot reviewer
Lead System Administrator at a manufacturing company with 51-200 employees
Vendor
2017-03-13T21:05:10Z
Mar 13, 2017

Personally i suggest pfSense.

I used it for over 6 years in a corporate with 6 different locations and it works perfectly.
It scale very well from small offices to big company datacenter with multiple Gpbs internet connection.

The support team, if you paid for it, is great.

Fred Fish - PeerSpot reviewer
Network Administrator at a non-profit with 501-1,000 employees
Real User
2017-03-13T20:37:28Z
Mar 13, 2017

I've been running Cyberoam (now SOPHOS) for over 10 years for my firewalls. I've really enjoyed the Cyberoam Support over the years those guys are great to work with. I have also been looking at the Meraki units for future upgrades to save a bit of money, and get a bit more visibility in one the traffic. You really have to weigh the money you have for the project and the number of users at each of the locations to know which solution is best for your organization.

SrEngineer672 - PeerSpot reviewer
Consultant at a tech services company with 51-200 employees
Consultant
2017-03-13T20:29:39Z
Mar 13, 2017

My notes.
If it's technically possible and affordable you could consider going with a different provider that lets you have a central firewall and your offices connect to this firewall via a mpls network. That way you have point of entry and you can build one set of rules
If not then you can look for a firewall solution that lets you manage from a central management point as well as provides central reporting. I don't think you need the functionality of deploying firewall based on a template as it sounds like 6 sites.
Sophos provides that using either Sophos XG or Sophos SG firewall, Sophos firewall manager for XG or Sophos utm manager for Sophos SG and Sophos iview for reporting.
If you just require web filtering the. Go with Sophos xg. If you have a bunch of http/s web applications (eg your web site) that you are also wanting the firewall to manage then the Sophos sg is still the way to go.
For user reporting you need to have the ability to identify the user. Assuming you have active directory then this will work using the STAS agent. If not, then you need set up local identitification on the firewall.
Hope that helps

it_user429132 - PeerSpot reviewer
Director at a tech services company
Consultant
2017-03-13T20:28:04Z
Mar 13, 2017

Pfsense is an excellent solution

it_user432069 - PeerSpot reviewer
IT Infrastructure Engineer at a tech services company
Consultant
2017-03-13T18:50:23Z
Mar 13, 2017

I would go for fortinet firewall, like FortiGate 90-60 Series and probably 90 at main site and FortiWiFi 60E at remote location given you security well as wireless solutions. VPN to VPN between firewalls for connectivity between sites

it_user81156 - PeerSpot reviewer
Manager of Architecture/Design at a tech services company
Consultant
2017-03-13T18:42:43Z
Mar 13, 2017

Hi we have approx 30 different locations and are using the SonicWall Firewalls with The Global Management Server. Must say the product works like a charm and provides al needed security logging, anything you would need and want to see with regards to your corporate firewalls.

it_user464466 - PeerSpot reviewer
Network Engineer at a tech services company with 1,001-5,000 employees
Consultant
2017-03-13T18:39:28Z
Mar 13, 2017

There are a few questions I would ask myself first before choosing a firewall vendor they would be as follows:

1. What is the budget for the hardware
2. What kind of connectivity is present at each site (e.g DSL, IPVPN, Leased Line, 3G/4G etc.)
3. What is the traffic profile for each site (running mostly web applications, SQL, social media etc)
4. What throughput is needed per site
5. Do you require more advanced UTM functionally to secure/protect internal infrastructure?

If you can pinpoint these you're on a good course to selecting a vendor.

To name but a few my personal preference would be:

Cisco Meraki (if you want to have a cloud managed SD-WAN solution) Expencive based on throughput

Very nice interface, lots and lots of detail about traffic on your network requires licensing (OpEx costs as cloud based) SD-WAN ready out of the box (really read into this as the benefits aren't as peachy as they may first seem), its Cisco so a very steep learning curve. Very feature rich.

FortiNet (if you need UTM/Application firewall) Cost effective, one of the top Vendors in the Garner magic quadrant

Very nice interface learning curve to overcome as a more advanced piece of kit (more cost effective especially when compared with the likes of Cisco, Palo Alto and Checkpoint but in the same league all throughout the product range), FortiNet have a fill security fabric, so in the future if you're looking for desktop AntiVirus/Email appliances (FortiClient), WAN Load balancers, Traffic Analysers, access switches, Cloud-based network logging ect.. They have solutions for this that seamlessly integrate.

WatchGuard basic Firewall VPN and access rule functionality. Cost effective: does what it says on the tin VPN standard firewall policies.

Not used personally but have customers who do, look extremely simple to set up and configure, would say cheapest and easiest to use of all mentioned but nowhere near as advanced or feature-rich. You get only what's on the tin in a basic way.

it_user224304 - PeerSpot reviewer
Corporate Trainer / Systems Administrator at a computer software company with 51-200 employees
Vendor
2017-03-13T17:48:56Z
Mar 13, 2017

I recommend pfSense firewall. It is a free, user-friendly, BSD based Enterprise level firewall that can handle IPSec connections, failover, multiple WAN, multiple LAN, VLANs, filtering, and more. Always the best, and very easy to setup and maintain. Have used it for over 10 years in Enterprise environments using the simplest of machines and esxi builds.

it_user501534 - PeerSpot reviewer
User at a tech company with 51-200 employees
Vendor
2017-03-13T17:35:52Z
Mar 13, 2017

My recommendation is Cisco ASA firewalls. Other brands I've used Sonicwall, Watchguard, and Checkpoint. These other brands have run into issue with L2L VPN and VoIP. The VoIP service was not reliable and would drop service unexpectedly or would not connect. The ASA's have been extremely reliable with L2L and VoIP. I have locations in California, Germany and Ireland, all using ASA's with no issue.

it_user73020 - PeerSpot reviewer
IT Administrator
Vendor
2017-03-13T16:56:31Z
Mar 13, 2017

It depends on the size of each one of the six structures (number of stations, for example),
but for SOHO structures we use to implement PFSENSE, wich have most of the resources that you miss in
your firewall, and can implement IPSEC, L2TP or OpenVPN.

One of our clients connects its Brazilian office with Chinese Office. In China they have a Fortigate (a Fortinet Firewall), and
here in Brazil they have a PfSense.

it_user286170 - PeerSpot reviewer
DevOps Engineer at a consultancy with 51-200 employees
Real User
2017-03-13T16:55:27Z
Mar 13, 2017

I'd go for Meraki MX firewalls. Very easy to use and set up and a single web dashboard to access/configure all your sites.

Oche Ankeli - PeerSpot reviewer
Head of IT at Digital Oak LTD
Real User
Top 20
2017-03-13T16:52:34Z
Mar 13, 2017

Cyberoam NG series / Sophos UTM

it_user478815 - PeerSpot reviewer
Lead Systems and Network Administrator at a tech services company
Consultant
2017-03-13T16:43:52Z
Mar 13, 2017

I recommend Sophos UTM for ease of use, relatively low cost and flexibility.
or Fortigate if your budget allows

it_user473859 - PeerSpot reviewer
Senior IT Manager at a construction company with 51-200 employees
Vendor
2017-03-13T16:39:08Z
Mar 13, 2017

I am a huge fan of SonicWALL with Comprehensive gateway Security for all my firewall scenarios.

From an ease of use and security track record, they just work.

I have put 4 and 2 site medical practices in place with SonicWALL site to site VPNs without a hitch.

it_user212700 - PeerSpot reviewer
Senior Network Engineer at a aerospace/defense firm with 51-200 employees
Vendor
2017-03-13T16:24:24Z
Mar 13, 2017

Cisco ASA 5500 series.

Kenneth Conklin - PeerSpot reviewer
Owner at a tech services company with 51-200 employees
Real User
2017-03-13T16:24:22Z
Mar 13, 2017

Next generation firewall like WatchGuard.
-Multi site VPN
-Antivirus/malware protection
-app blocking
-site category blocking
-user / group policy roles
-AD integration
-reporting
-two was to manage it. Web interface and local PC policy manager.
*dimensioning report server to log all information that is under Hippa and PCI.

it_user625422 - PeerSpot reviewer
Network Engineer at Wooqer
Consultant
2017-03-13T16:24:10Z
Mar 13, 2017

I would recommend Meraki.

Vendor
2017-03-13T16:21:21Z
Mar 13, 2017

With the rise of cloud services, organisations are going more for local breakout to optimise the traffic performance from their site to the closest cloud service node. Access to the internet in general would also benefit from this design. If this make sense in the context of our colleague then an implementation of local FW on each of the 6 sites could be a solution. This design would also allow internal segmentation as each site could be protected against a potential propagation of a threat one site to the other. On the operation side FW technologies allow central management and push of rules to the sites FW. Visibility of traffic would be available as FW technology allow delegation of rights such as read only mode to the customer in case this is a FW managed service operated by a service provider.

it_user227805 - PeerSpot reviewer
Chief Information Officer-Tryke Companies/Reef Dispensaries, Preident-Tryke Labs at a government
Vendor
2017-03-13T16:19:44Z
Mar 13, 2017

Look at. Cisco's - Meraki - product line. Check out their waps as well as their security appliances (firewalls).

Forget all that code and text interface nonsense.

Meraki rocks. Cisco bought this company because they were such a threat. Thank me later

Vendor
2017-03-13T16:16:22Z
Mar 13, 2017

The Esdenera Firewall 3 is a trusted and intelligent enterprise network firewall for the cloud. It has a very user friendly interface. You will find more information at www.esdenera.com

Vendor
2017-03-13T16:13:42Z
Mar 13, 2017

If you intend to use a cloud based firewall you may want to get a deep dive into virtualization technology for all the available vendors. Then decide which features versus ease of use you need. Also, if it is no only firewalling but security as a service, you might go deep on CASB (Cloud Access Security Broker) and get some insight of the trending around cloud security, such as cloud mail protection and cloud endpoint management. I might as well suggest you to talk with your service providers and see where their managed services stand.

reviewer199935 - PeerSpot reviewer
systems engineer at a tech services company
Real User
2017-03-13T16:11:22Z
Mar 13, 2017

The Watchguard System Manager utility gives firewall traffic on one of its windows called the Firewall system manager. I suspect it only works with Watchguard firewalls.

Vendor
2017-03-13T16:10:40Z
Mar 13, 2017

The top UTMs/Corporate Firewalls:

1. Fortinet
2. CheckPoint
3. Watchguard
4. Sophos
5. Dell SonicWall

Vendor
2017-03-13T16:10:30Z
Mar 13, 2017

For ease of use, Meraki

For longevity and economy - Sonicwall

Vendor
2017-03-13T16:10:25Z
Mar 13, 2017

I recommend use pfSense in this scenario!

Vendor
2017-03-13T16:08:49Z
Mar 13, 2017

It depends on the security services that you want to implement, you must have at least IPS, Anti virus, web filter, application control, desirable anti malware feature, these features comes with a Next Generation Firewall. In order to manage the solution, monitor the equipment and view the statistics, you must use a manufacturer's own management tool that can collect event logs, snmp traps or X-Flow flows, and help you with centralized policy deployment.

Vendor
2017-03-13T16:08:11Z
Mar 13, 2017

Palo Alto Networks Next-Generation Firewalls gives you total control of your traffic based on Layer 7 policies and monitoring.

it_user423330 - PeerSpot reviewer
Director de Tecnologías de Información at a retailer
Vendor
2017-03-13T16:07:04Z
Mar 13, 2017

For an OnPremise solution I agree with the fortinet recommendation, the UTM funcionality is easy to deploy and the user interface (Fortiview) is very useful even to non-experts.
For an open source solution I will rely on the PFSense implementations.
For a 100% cloud base solution, Zscaler works well.

it_user511548 - PeerSpot reviewer
Account Evecutive with 501-1,000 employees
Vendor
2017-03-13T16:04:44Z
Mar 13, 2017

Hi,
I would recommend the Fortinet Firewall it is user friendly and it will show the traffic

Vendor
2017-03-13T16:02:31Z
Mar 13, 2017

I must use Sonicwall firewall with grate amount of support do not use Sophos there is no support for that product.

it_user351822 - PeerSpot reviewer
Digital Commerce Delivery Lead at Accenture
Real User
2017-03-13T15:55:34Z
Mar 13, 2017

See Webroot - it's a web-based security via API and a leader in security. Peripheral firewalls aren't the answer. You should also keep upto date with your SSL certificates and tracking. But that's next steps

it_user196155 - PeerSpot reviewer
Account Manager at a integrator with 201-500 employees
Vendor
2017-03-13T15:55:14Z
Mar 13, 2017

If you look for excellent security with the best possible insight in whats actually traversing your FW, AND wants something that is the easiest one to manage you should check out Palo Alto Networks Firewalls. They are the only TRUE application Firewalls, so if you don't wont to keep on the hopeless fight with opening ports and thus damage your security that is what you should go for. With their new models you might be able to solve it with the PA-220 and possibly the PA-820 if you have some site that is large with a lot of traffic. And forget all you might have heard about Palo being expensive - the new models are actually fairly cheap. So go check them out...

it_user291462 - PeerSpot reviewer
Sr. Systems Engineer at a tech services company with 51-200 employees
Consultant
2017-03-13T15:55:00Z
Mar 13, 2017

I recommend Sophos (formally Astaro), their SG firewalls and then the RED remote units are easy to setup and will allow reporting based off the traffic.

it_user278124 - PeerSpot reviewer
Product Support Engineer at a tech company with 1,001-5,000 employees
Vendor
2017-03-13T15:53:44Z
Mar 13, 2017

Hi Terry,

Generally speaking, you can implement hub-and-spoke where all traffic from remote sites are routed to the internet through hub (main) firewall where you can implement some IDS/IPS/Web filter policies. Also, remote sites are connecting to hub either by site-to-site VPN or MPLS link.

-Hub (main): The firewall must be able to handle traffic from local (main) and remote sites. For WAN redundancy, use two internet links from two different ISPs.

-Spoke (remote): Two default routes with different metric, one to go out to the internet via Hub and in case the hub is not available, the second default route to route internet traffic via spoke ISP link.

-You can use Fortigate as they have many models to fit your needs along with many security features (IPS,IDS,Web Filter, DLP,Anti-Virus ... etc ). For reporting, you can use FortiAnalyzer to give you nice reporting about traffic from local / remote sites.

it_user612507 - PeerSpot reviewer
User at a tech company with 51-200 employees
Vendor
2017-03-13T15:53:40Z
Mar 13, 2017

checkpoint or forcepoint with single management (and logging) capabilities.

Vendor
2017-03-13T15:53:24Z
Mar 13, 2017

I recommend a next generation firewall! Preferably cloud based unless you have a data center or servers that all your employees need to access from all 6 locations?

it_user461115 - PeerSpot reviewer
Bilgi İşlem Sorumlusu at a tech services company with 501-1,000 employees
Consultant
2017-03-13T15:51:15Z
Mar 13, 2017

Cyberoam products are really good i think you should make a research about it

it_user492333 - PeerSpot reviewer
System Administrator at a mining and metals company with 1,001-5,000 employees
Vendor
2017-03-13T15:51:06Z
Mar 13, 2017

Are you looking for in-house hw based units? If so I would recommend Fortinet's Fortigate solution.

Vendor
2017-03-13T15:50:47Z
Mar 13, 2017

I'd recommend the Meraki MX series of firewalls - if you have several locations that you need to monitor the dashboard is great for making changes with out having to be at the location. you can also monitor the traffic for each one separately ....

Vendor
2017-03-13T15:49:51Z
Mar 13, 2017

You could use WatchGuard company for the firewall, it's ideally suited for SMB companies. A model like M300 for the headquarters and maybe T50(or T70) for the other locations (depends on the bandwidth between the sites and the number of employees at each site).

The user interface is really simple. You also have good visibility of your traffic through Dimension (which comes freely with the solution) and with the Total Security Bundle you have all the services that you need. Hope this helps you decide.

Vendor
2017-03-13T15:47:35Z
Mar 13, 2017

I would recommend a hardware firewall on premise HQ

Then MPLS on the regional offices.

Have implemented a similar setup and its working so well.

Vendor
2017-03-13T15:46:10Z
Mar 13, 2017

hi, I can assure you that 6 fortigate 100d can do the job, also if you want to extend your monitoring experience, with splunk you can do a lot of things...

Vendor
2017-03-13T15:43:30Z
Mar 13, 2017

I recommend PA 5020 firewall.

Vendor
2017-03-13T15:41:47Z
Mar 13, 2017

I would recommend firewall devices from FortiNet. They can be configured as Full UTM, NG Firewall, Web Filtering device, etc…

Related Questions
Yunus Yavuz - PeerSpot reviewer
Product Manager at Neteks
Nov 10, 2022
Hi peers,  I am a Product Manager at a small computer networking company. At the moment, I am researching Check Point's products. Is Check Point's software compatible with other products (including firewall products, servers, and more)? If so, which products? Are there products that are not compatible with Check Point's software? In addition, can you provide any specific documentation that ...
See 1 answer
Larry Chisholm - PeerSpot reviewer
Network Engineer at Solvonex
Nov 10, 2022
Checkpoint is an INCREDIBLY secure, but inherently frustrating platform to manage.    The gui/cli must often be used together to effect the changes you're looking for.   Don't get me started on the gaia hardware management interface.    If you must buy it, ensure that you get support.     Personally, I'll take Fortinet, Palo Alto or even Juniper SRX over anything checkpoint.
RV
Divisional Engineer at Aptransco
Aug 18, 2022
Hi members, What kinds of throughputs should we consider while designing/estimating the required firewall throughput in our organization? Thank you.
2 out of 5 answers
Aug 16, 2022
Different vendors have a slower speed for each option you enable on their devices so overestimate the size.  Some vendors will tell you the % of slowdown but consider double the line speed to compensate for the device's slowdown.
CR
Director at REDCO
Aug 16, 2022
Usually, it is the Internet bandwidth, a number of users and (in the case of NGFW) you have to check if you are going to perform SSL filtering and application control, but lately, they are more concerned about the type of link to the Internet.  Almost all manufacturers have a link to check the size of the firewall, but unfortunately, it is for partners only. If it is possible to have more information we can make an approximation with SOPHOS or Fortinet, if you like.
Related Articles
Ariel Lindenfeld - PeerSpot reviewer
Director of Community at PeerSpot
Aug 21, 2022
We’re launching an annual User’s Choice Award to showcase the most popular B2B enterprise technology products and we want your vote! If there’s a technology solution that’s really impressed you, here’s an opportunity to recognize that. It’s easy: go to the PeerSpot voting site, complete the brief voter registration form, review the list of nominees and vote. Get your colleagues to vote, too! ...
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Aug 17, 2022
Hi dear community members, In this edition of PeerSpot's Community Spotlight, you can find out what your peers are discussing and join in the conversation. Ask and answer questions on the topics that interest you most! Read and respond to articles or contribute your own! Trending These are the topics your peers are talking about on PeerSpot this week How do I estimate the requir...
See 1 comment
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Aug 17, 2022
Thank you to all the community members who share their knowledge with other peers! Also, special thanks to the articles' contributors included in this Community Spotlight: @Janet Staver, @Abhirup Sarkar, @Manoj Narayanan, @Beth Safire and @Shibu Babuchandran.
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Jul 5, 2022
Dear PeerSpot community members, This is our latest Community Spotlight for YOU. Here we've summarized and selected the latest posts (professional questions, articles and discussions) contributed by PeerSpot community members.  Check them out! Trending See what your peers are discussing at the moment! What were your main pain points during the SIEM product purchase process? What...
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
May 30, 2022
Hi peers, This is our new bi-weekly Community Spotlight that includes recent contributions (questions, articles and discussions) by the PeerSpot community members.  Articles Check the top products and solutions below (selected based on peer reviews) or contribute your own article! Top Security Orchestration Automation and Response (SOAR) Solutions Top 8 Data Loss Prevention (DL...
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Jul 11, 2022
Hi community members, As usual, this new Community Spotlight shares with you the latest articles, questions and trending discussions from your peers. Trending See what is trending at the moment and chime in to discuss! Top 8 Extended Detection and Response (XDR) Tools 2022 Would you recommend replacing Cisco ASA Firewall with Fortinet FortiGate FG 100F due to cost reasons? What is the...
See 2 comments
Ravi Suvvari - PeerSpot reviewer
Performance and Fault-tolerance Architect with 1,001-5,000 employees
May 30, 2022
Good very informative
Jairo Willian Pereira - PeerSpot reviewer
Information Security Manager at a financial services firm with 5,001-10,000 employees
Jul 11, 2022
Analyze the wave of product at Gartner Hype Cycle. EDR was good in the past. After that, MDR joined the hype and now, XDR is the trend. Wait for more in a couple of months and (sic) know the ZDR!
Related Categories
Related Articles
Ariel Lindenfeld - PeerSpot reviewer
Director of Community at PeerSpot
Aug 21, 2022
PeerSpot User's Choice Award 2022
We’re launching an annual User’s Choice Award to showcase the most popular B2B enterprise technol...
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Aug 17, 2022
Community Spotlight #20
Hi dear community members, In this edition of PeerSpot's Community Spotlight, you can find out w...
Download Free Report
Download our free Check Point CloudGuard Network Security Report and get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
DOWNLOAD NOW
655,465 professionals have used our research since 2012.