Which firewall solution is best for an educational institution?

Hi Muhammad, You are telling us your company is small, but for choice active equipment you need to know how big the need for your client is, not yours. And also you may discuss if you are the provider of the tech service for management (local or remote), or if you're just going to provide the equipment for some internal IT by your customer.So, there are a few questions before choosing the Router/Gateway, but if you already have an answer for all that, I'll go for Sophos XG Firewall every time, if the customer can afford it or for smaller customer Ubiquiti Edge Infinity Router. Good luck

There is no simple answer. Like Hillstone, FortiGate firewalls are a line with a huge range of capabilities. Here are some ideas based on our experience: - Think about high availability? How stringent are your requirements? What would device reboot (minutes downtime), tripped circuit breaker (minutes to hours down), or hardware failure (days down or more) mean? Are you operating single or multiple installations? What is the availability of a replacement device? Based on that - are you considering a single device, a single device with a dual power supply, or a HA pair of devices? (We have quite good experience with a HA pair of 60F's.) - What are the Internet and local network connectivity requirements? Is 1Gbit Ethernet enough, or do you need 10Gbit? Will FortiGate serve as a router for multiple segments of your local network? That may mandate 10Gbit interfaces on the LAN side even where your Internet connectivity does not require that bandwidth. - Do you need a hard drive in the unit? Typically, it is used for local logging where remote logging options (FortiCloud, Syslog, etc.) are not practical or possible for technical, financial, or irregular reasons.  - Rackmount - do not worry too much about that - the low-end units (40F, 60F) are not rack-mounted per se, but you can get an original adapter kit or just use a shelf as we do. - Remember that the HW cost is just a fraction of TCO, the subscription being a substantial part. - On the HW capacity scaling - this one is tricky, as it heavily depends on the traffic patterns and on the depth of firewall scrutiny. Think more of the number of transactions (TCP connections, UDP "sessions") than the actual packet or byte rates. In our use case, it looks like the RAM is a more scarce resource than the CPU. FortiGate goes into Conserve Mode when hitting something like 75% RAM use, so it is a good idea to keep the normal usage around 50%. - If you are using a virtualized infrastructure, you may consider a FortiGate VM form factor. Or you can request a free trial VM (feature-restricted) or full-featured evaluation VM (available on request) and use it for evaluation. - Needless to say - FortiGate is a complex device with tons of features, and it has quite a learning curve. Additionally, some of the more advanced features are available in CLI only or have to be explicitly enabled to be visible in GUI. - One more piece of advice - be conservative about FortiOS (FG firmware) major/minor releases. New releases tend to be quite buggy and it is a good idea to avoid anything that ends with a patch level less than about 5-6. On the other hand, do apply security patches diligently, some of them close really critical holes. For example, we are on 7.0.11 firmware, even though 7.2.4 and now also 7.4.0 is out.

Thank you to all the community members who share their knowledge with other peers! Also, special thanks to the articles' contributors included in this Community Spotlight: @Janet Staver, @Abhirup Sarkar, @Manoj Narayanan, @Beth Safire and @Shibu Babuchandran.

Good very informative

Analyze the wave of product at Gartner Hype Cycle. EDR was good in the past. After that, MDR joined the hype and now, XDR is the trend. Wait for more in a couple of months and (sic) know the ZDR!