Good commercial firewalls take a degree of expertise that small businesses rarely possess, for that reason, I would look for a managed security services provider that specializes in the SMB retail market. They should be able to do it affordably and with solid expertise. They should support Fortinet or Palo Alto Network firewalls which are the current gold standard for Next-Generation Firewall. You should also look at upgrading your Windows 2008 servers as they are end of life and tough to protect today.
IT Support and Network Admin at Escuela Carlos Pereyra
User
Top 20
Mar 23, 2020
1-10 employees., it's not that big, you should try the Unifi Platform from the Ubiquiti brand, it is a bargain for the price and resource you can manage, and the better for you is you don't have to pay licencing, you only pay the hardware an the IT for implement the solution.
CEO at a financial services firm with 11-50 employees
User
Mar 24, 2020
Priority as below:
1. Best choice: CISCO FirePower 1120 as it is a strong FW and not necessary to renew the subscription if you just need a firewall.
2. Powerful but expensive: Palo Alto Networks PA or Check Point: small series and you have to renew subscription yearly.
3. Multi-functions: FortiGate, ForcePoint, SonicWall, Watchguard, Sophos: Forti is popular and high ranking, the others are lower ranks, but all these ask to renew subscription yearly as well.
4. Opensource: I do not recommend as there is no one responsible for your system unless you are very pro in Linux and opensource.
Senior Vice President at a transportation company with 51-200 employees
Real User
Mar 23, 2020
I think you should be looking more into a WAF. For firewalls with ~ 10 users a small FotiGate should be sufficient but the opportunity I see of the 2008 R2 servers. You should have moved off of these systems as of 2019 but that is not relevant to your question. I would invest in protecting those systems with an appropriately sized WAF. For this I recommend a FortiWEB.... these are distinctly different products.
I.T Director at a healthcare company with 11-50 employees
User
Mar 23, 2020
I like Watchguard Fireboxes for my firewall. We started out with less than 50 users and have grown to 80 and Firewall is easy to manage. The one negative it is expensive to keep the subscriptions updated. Worth it to us, as we've been viruses and malware-free for years.
Network Administration Lead at Forest County Potawatomi Community
Real User
Mar 23, 2020
For your businesses that are under 50 employees but still require enterprise-class security, insight into traffic and ease of management, I usually point people to Cisco Meraki products. For businesses with relatively few users, these products are very simple to set up and usually do not require network admins or engineers to set up successfully and securely.
What is the budget and who will the Firewall administrator be?
It does not matter what firewall you recommend, money and who is looking after it is the question to ask!!
If you spend £40k on a firewall and have an idiot configure it and administer it – the firewall is next to useless, what ever Vendor’s product you buy!!
When making a decision look at 5 years' TCO. For example, Fortigate is cheap to buy the first-year but the support to keep security functions running can get expensive over time!
My suggestion is to look at firewalls that do not require subscriptions - the reason is that you are looking for a device that will be in the network for many years!
Candidates:
1. Netgate HW running pfsense firewall - we run it for clients and internally
2. Ubiquity Unify Dreeam Machine Pro (advantage of very nice GUI and included CCTV capability)
Information Security Manager at a retailer with 10,001+ employees
Real User
Top 5
Apr 16, 2021
Fortinet has an excellent price for low-profile equipment that still offer great deliveries for small/medium businesses (beware with version versus EOL/License only). If you have 'qualified team' and the price is differential, you can even think about using an opensource solution (iptables, pfctl or similar).
Technology Specialist at Accretive Technologies Pvt Ltd
Real User
Jul 20, 2020
For initial start-up and to secure your business, I would recommend to go with Fortigate Firewall, that will provide the feature of NGFW. One more recommendation is to upgrade your Windows server to latest one.
Hi, I see an immediate issue "Server 2008 R2." That implies old web server software. You are much better off to migrate this website/web application to a cloud provider (such as AWS or Azure) and use their security services - such as web application firewall, DDoS protection etc.
Feel free to reach out for a more detailed discussion.
Vice President, Security Engineering at a financial services firm with 1,001-5,000 employees
Real User
Mar 31, 2020
Selecting the "Best" firewall will give you many different answers from many different people. Firewalls and firewall vendors as well as the people that implement them are very partial to what they are familiar with. Same as me. I have what I consider the "best" but is the Best "for my installation". The real answer is another question, What are you looking for and need in a firewall?"
With such old web servers you will need a Web Application Firewall "WAF" much more that you would need, say a packet filtering firewall or even a NGFW.
Too many questions to list here but I would definitely need much more information about your situation before I could even start to make a recommendation.
System Implementer at a tech vendor with 201-500 employees
Real User
Mar 24, 2020
It will depend on the budget and scalability you want, if you have a high budget, better to implement a commercial firewall, another alternative would be an open-source firewall.
I recommend:
- Commercial Firewalls: Palo Alto or Fortinet.
- Open Source Firewalls: pfSense or OPNsense.
Technical Manager at a comms service provider with 1,001-5,000 employees
Real User
Mar 23, 2020
From my experience, Fortinet or Cisco will work fine if you looking for NGFW, I am not sure about the price, you can ask the vendor partner in your area for the price list. Both Cisco & Fortinet firewalls will do the job perfectly.
Business Development Manager with 501-1,000 employees
User
Mar 23, 2020
In few words:
Looking at the best balance between Security functionalities, performance per Mbps of protected traffic and price, the best is FortiGate:
> Advanced security functionalities from basic ACL until level 7 security protection, that could be used for security functionalities consolidation (a typical scenario for SMB needs).
> Embedded Security Management functionality (on board of FortiGate appliance) really usable.
> A scalable platform from a few Mbps Throughput until high-end needs.
IT freelancer / owner at a tech services company with 1-10 employees
User
Mar 23, 2020
You have several options. if you want to add IPS functionality then I would recommend Sophos Firewall XG. If you want to go open source route then pfSense is the tool. There a other similar products that have different learning curves or prices. For my personal use I'm using Sophos Firewall XG since it is free for home users.
Network Security Engineer at a comms service provider with 51-200 employees
User
Mar 23, 2020
It depends if you have time and a server with 4 ->5 port (VM or physical) you should install pfSense firewall. It is open-source, it is quite easy to install and setup but you have to spend time on it.
If you have budget for FW you should choose
Fortinet price: 8/10 but admin's experience about 7/10
Palo Alto has an expensive price we could say: 7/10 but admin's experience is very good it is the best enterprise FW
When sizing FW you should inform the throughput so it helps the reseller pick a model for you. IF you have 1-10 employees and 1 server I would say your best solution is pfSense open-source FW.
Here are three options depending on your budget and overall security consideration based on your business. Strongly advise that you locate a
local resource to help you plan out your network and security work. There are many considerations to include server patching you need to keep an eye
on.
I recommend and deploy Kerio Control Firewalls because you can install on an old desktop PC with that you add a 2nd network card. I use Dell OptiPlex i5 with 8 GB of RAM for my base router. I also know that Sophos and Untangle has the same option and they both have better end user support than Kerio. I stick with Kerio because i have been a partner from way before the GFI purchase so know the products very well and do not have need for support.
On the outdated server issue and if you are in a situation where with COVID-19 do not want to be spending the money to upgrade hardware and software I would reach out to Norton and see if their Business Protection suite protects against known threats to outdated software or has a protection add on. I use Trend Micro Worry Free Security for my clients and learned that Trend Micro has an addon or a separate product to add that type of protection.
Consultant at a tech services company with 1-10 employees
Consultant
Mar 22, 2020
Agree 100% with Thomas Davis. As a Meraki partner, I can attest it is a great product but you need to work with an authorized Meraki partner. as for the servers, I would note that you are facing an upgrade from an unsupported OS (2008 R2) and will need to be purchasing a server OS license for 2016 or Windows 2019, Microsoft Licensing can be tricky so I suggest contacting an IT company that is both a Microsoft partner and a Meraki Partner. The firewall is a necessity but understands that if you are running web servers, there will be at least ports 80 and 443 open to public traffic. These Ports will be probed by malicious activities trying to make use of exploits in the hosting server OS and applications. Thus it is imperative that the environment be maintained and latest patches applied in a controlled manner. It is difficult to accurately understand what is meant by "Norton Business Protection" as they offer a range of products. We have had great success with the enterprise offerings from Symantec but they too have recently (Aug 2019) sold to Broadcom the Enterprise Security Business.
Impossible to keep current with IT Mergers & Acquisitions. Accenture Security is to acquire Symantec's Cyber Security Services business from Broadcom [ www.infosecurity-magazine.com/news/accenture-to-acquire-symantec/ ] Second ownership change but core product --for now remains the same offering.
based on the information that you provide, you will need small firewall (depend on size and growth of your company and bandwidth). Since you also locate your website on you premise, I suggest you to Protect the server with small WAF (Web Application Firewall). Regarding the brand, there are many justification as your required such as bandwidth, firewall feature (UTM or NG-Firewall) and budget.
Thank you
Chief Executive Officer at a comms service provider with 11-50 employees
User
Mar 24, 2020
You could go for CISCO MERAKI MX-64 with 1/3 yrs advanced security services license. Since it’s could based administration, very easy to deploy and Manage. Can support upto 50 devices including servers.
Engineering Manager at a tech consulting company with 1-10 employees
Real User
Mar 23, 2020
Take the FortiGate 40F with UTM protection (600 Mbps Threat Protection), easy management and low cost for your requirement. If you need load balance WAN links choose the 60F because it has more physical ports and 700 Mbps Threat Protection.
I personally use Cisco Exclusively because that is what I know. Palo Alto firewalls are also very good. Those are the two biggest players right now from my research and knowledge. Performance-wise the are clearly direct competitors and one may fair better in one feature and the other in another feature so it's hard to say one is really better than the other. Both can now be managed via a GUI however Cisco has the advantage of also being manageable via a fully developed and documented CLI.
As for which model to choose that would depend on the anticipated load and any additional features you would need. Both support a DMZ / public /
private network infrastructure. From what little information is provided the lower end firewall models would most likely be acceptable however the final is dependant on the incoming traffic more than the number of users behind it.
Hardware and Networks Support Executive at a manufacturing company with 501-1,000 employees
Real User
Mar 23, 2020
Windows Server 2008 is unsupported by Microsoft and you should migrate it to Windows Server 2019. I think your hardware is also very old. But you don't have to buy new hardware. You may create a virtual machine from a datacenter like Azure, AWS, etc. They also offer some security services like IPS, Next-Generation Firewall, DDOS protection, etc for your workloads and I am sure it will be cheaper instead of buying hardware. I advise you to use Fortinet, Palo Alto or Check Point virtual firewalls.
Group IT Manager For MENA Region at a consumer goods company with 1,001-5,000 employees
Real User
Mar 23, 2020
First, before proceeding with the firewall brand, I need to know what tasks must the firewall handle i.e IPS, Protection from the exterior, web application firewall, VPN users, protection for clients hosting their websites on your servers, web and application filter, mail filter? All of these will determine which firewall should you go for.
If you can send me these I will tell you which brands to follow and how the configuration shall be done.
As for windows 2008, yes it is not supported but this doesn't make your environment vulnerable since you have Norton in place and the next-generation firewall will do the protections unless you have a budget allocated to the migration to windows server 2016, then it is better to migrate first.
CEO and Managing Director at a consultancy with 11-50 employees
User
Mar 23, 2020
You have two challenges:
- First, Windows 2008R2 is no longer under Microsoft support (you will no longer receive security patches) - this makes your server MUCH more vulnerable.
- Second, firewalls. I tend to like Sonic Wall, but there are others as well. Each vendor has models that address a range of features, with cost considerations attached. Suggest working with a local vendor to consider a holistic approach to your org and needs.
Solution Manager at a wholesaler/distributor with 10,001+ employees
Real User
Mar 23, 2020
Better take the 60F instead of the 60E. more performance, ower price, same functionality.
Upgrading your 2008 servers is also a recommendation. But all firewalls of the major companies(Fortinet, Palo Alto, and CheckPoint) will be good enough for you. It all depends on your budget and how you manage your security policies.
A firewall isn't a silver bullet against all threats.
It depends on your budget, there are many options you can avail, but if you buy a Fortinet firewall, it will get you ease of management and having all the options which enterprise network needs.
One consideration that is throughput required to respond to your web server queries is essential, so please chose as per your requirement like 40E, 60E.
Firewalls serve as a crucial line of defense against cyber threats by monitoring and controlling incoming and outgoing network traffic.
Firewalls analyze network traffic based on pre-defined security rules to block unauthorized access, providing a barrier between trusted internal networks and untrusted external networks. They are essential for organizations seeking to protect their digital assets.
What are some critical features of Firewalls?
Intrusion Detection: Monitors...
Good commercial firewalls take a degree of expertise that small businesses rarely possess, for that reason, I would look for a managed security services provider that specializes in the SMB retail market. They should be able to do it affordably and with solid expertise. They should support Fortinet or Palo Alto Network firewalls which are the current gold standard for Next-Generation Firewall. You should also look at upgrading your Windows 2008 servers as they are end of life and tough to protect today.
1-10 employees., it's not that big, you should try the Unifi Platform from the Ubiquiti brand, it is a bargain for the price and resource you can manage, and the better for you is you don't have to pay licencing, you only pay the hardware an the IT for implement the solution.
.
Priority as below:
1. Best choice: CISCO FirePower 1120 as it is a strong FW and not necessary to renew the subscription if you just need a firewall.
2. Powerful but expensive: Palo Alto Networks PA or Check Point: small series and you have to renew subscription yearly.
3. Multi-functions: FortiGate, ForcePoint, SonicWall, Watchguard, Sophos: Forti is popular and high ranking, the others are lower ranks, but all these ask to renew subscription yearly as well.
4. Opensource: I do not recommend as there is no one responsible for your system unless you are very pro in Linux and opensource.
I think you should be looking more into a WAF. For firewalls with ~ 10 users a small FotiGate should be sufficient but the opportunity I see of the 2008 R2 servers. You should have moved off of these systems as of 2019 but that is not relevant to your question. I would invest in protecting those systems with an appropriately sized WAF. For this I recommend a FortiWEB.... these are distinctly different products.
FortiGate 60F will be a good and economical choice for you especially that you will host a website it will give you the best performance.
Better go with FortiGate 60E.
I like Watchguard Fireboxes for my firewall. We started out with less than 50 users and have grown to 80 and Firewall is easy to manage. The one negative it is expensive to keep the subscriptions updated. Worth it to us, as we've been viruses and malware-free for years.
The best solution in you case is a Fortinet or Sophos firewall. Use it with Endpoint protection from Fortinet or Sophos.
For your businesses that are under 50 employees but still require enterprise-class security, insight into traffic and ease of management, I usually point people to Cisco Meraki products. For businesses with relatively few users, these products are very simple to set up and usually do not require network admins or engineers to set up successfully and securely.
What is the budget and who will the Firewall administrator be?
It does not matter what firewall you recommend, money and who is looking after it is the question to ask!!
If you spend £40k on a firewall and have an idiot configure it and administer it – the firewall is next to useless, what ever Vendor’s product you buy!!
I would go for an OPNSense/PFSense solution. Thought It's no so easy to begin with it, but it will scale to your needs easily.
Hard to give a recommendation based on this limited information.
Best NG firewalls are from Fortinet and PAN.
You can just use your ISP modem firewall and put your servers in DMZ, install some antivirus on your employees' PCs (if not Macbooks), and feel safe.
Valid comment about Win 2008 server being vulnerable, need to upgrade asap.
When making a decision look at 5 years' TCO. For example, Fortigate is cheap to buy the
first-year but the support to keep security functions running can get expensive over time!
My suggestion is to look at firewalls that do not require subscriptions - the reason is that you are looking for a device that will be in the network for many years!
Candidates:
1. Netgate HW running pfsense firewall - we run it for clients and internally
2. Ubiquity Unify Dreeam Machine Pro (advantage of very nice GUI and included CCTV capability)
Happy to discuss in detail.
Vladimir
Fortinet has an excellent price for low-profile equipment that still offer great deliveries for small/medium businesses (beware with version versus EOL/License only). If you have 'qualified team' and the price is differential, you can even think about using an opensource solution (iptables, pfctl or similar).
For initial start-up and to secure your business, I would recommend to go with Fortigate Firewall, that will provide the feature of NGFW. One more recommendation is to upgrade your Windows server to latest one.
Hi, I see an immediate issue "Server 2008 R2." That implies old web server software. You are much better off to migrate this website/web application to a cloud provider (such as AWS or Azure) and use their security services - such as web application firewall, DDoS protection etc.
Feel free to reach out for a more detailed discussion.
Best
Vladimir
Selecting the "Best" firewall will give you many different answers from many different people. Firewalls and firewall vendors as well as the people that implement them are very partial to what they are familiar with. Same as me. I have what I consider the "best" but is the Best "for my installation". The real answer is another question, What are you looking for and need in a firewall?"
With such old web servers you will need a Web Application Firewall "WAF" much more that you would need, say a packet filtering firewall or even a NGFW.
Too many questions to list here but I would definitely need much more information about your situation before I could even start to make a recommendation.
It will depend on the budget and scalability you want, if you have a high budget, better to implement a commercial firewall, another alternative would be an open-source firewall.
I recommend:
- Commercial Firewalls: Palo Alto or Fortinet.
- Open Source Firewalls: pfSense or OPNsense.
I would recommend a Palo Alto appliance since you can watch up to layer 7 traffic.
From my experience, Fortinet or Cisco will work fine if you looking for NGFW, I am not sure about the price, you can ask the vendor partner in your area for the price list. Both Cisco & Fortinet firewalls will do the job perfectly.
I suggest installing a *pfSense* router as the gateway to the Internet.
I've also had success with a *Dlink* router and using *ClearOS*. Any of these would enable the user to place their Web servers in a separate zone.
Sophos XG 106 Firewall
Fortinet Firewall would be the best by far with built in wireless and vpn capabilities
With that number of employees, Sophos offers good solutions (XG line) at a reasonable price. That’s my recommendation.
In few words:
Looking at the best balance between Security functionalities, performance per Mbps of protected traffic and price, the best is FortiGate:
> Advanced security functionalities from basic ACL until level 7 security protection, that could be used for security functionalities consolidation (a typical scenario for SMB needs).
> Embedded Security Management functionality (on board of FortiGate appliance) really usable.
> A scalable platform from a few Mbps Throughput until high-end needs.
Open Source: PFSENSE
Good - Cheap - Easy on use: Sophos
The best: Cisco ASA Firepower
Web-sites do require additional protection that a firewall appliance by itself cannot achieve.
Having 1 to 10 employees is useful, however understanding the web-site traffic volumes is completely different.
So, making certain assumptions I would lean towards Fortinet or Sophos.
And what can we assume regarding EOL for OS?
For Open-source solution is PFSense/OPNSense and commercial is Check Point firewall. This is my recommendation.
Large sites = Fortinet
Small 2 -3 server sites = PFSense, available in the virtual or physical installation. Available in Opensource or with professional support.
You can take Fortinet 30E.BDL in the present situation. This model can easily fit the budget of the customer and their requirements in the full edge.
You have several options. if you want to add IPS functionality then I would recommend Sophos Firewall XG. If you want to go open source route then pfSense is the tool. There a other similar products that have different learning curves or prices. For my personal use I'm using Sophos Firewall XG since it is free for home users.
It depends if you have time and a server with 4 ->5 port (VM or physical) you should install pfSense firewall. It is open-source, it is quite easy to install and setup but you have to spend time on it.
If you have budget for FW you should choose
Fortinet price: 8/10 but admin's experience about 7/10
Palo Alto has an expensive price we could say: 7/10 but admin's experience is very good it is the best enterprise FW
When sizing FW you should inform the throughput so it helps the reseller pick a model for you. IF you have 1-10 employees and 1 server I would say your best solution is pfSense open-source FW.
Here are three options depending on your budget and overall security consideration based on your business. Strongly advise that you locate a
local resource to help you plan out your network and security work. There are many considerations to include server patching you need to keep an eye
on.
1. Sonicwall
2. Fortinet
3. Palo Alto Networks
I recommend and deploy Kerio Control Firewalls because you can install on an old desktop PC with that you add a 2nd network card. I use Dell OptiPlex i5 with 8 GB of RAM for my base router. I also know that Sophos and Untangle has the same option and they both have better end user support than Kerio. I stick with Kerio because i have been a partner from way before the GFI purchase so know the products very well and do not have need for support.
On the outdated server issue and if you are in a situation where with COVID-19 do not want to be spending the money to upgrade hardware and software I would reach out to Norton and see if their Business Protection suite protects against known threats to outdated software or has a protection add on. I use Trend Micro Worry Free Security for my clients and learned that Trend Micro has an addon or a separate product to add that type of protection.
Good luck in the coming days / months.
Agree 100% with Thomas Davis. As a Meraki partner, I can attest it is a great product but you need to work with an authorized Meraki partner. as for the servers, I would note that you are facing an upgrade from an unsupported OS (2008 R2) and will need to be purchasing a server OS license for 2016 or Windows 2019, Microsoft Licensing can be tricky so I suggest contacting an IT company that is both a Microsoft partner and a Meraki Partner. The firewall is a necessity but understands that if you are running web servers, there will be at least ports 80 and 443 open to public traffic. These Ports will be probed by malicious activities trying to make use of exploits in the hosting server OS and applications. Thus it is imperative that the environment be maintained and latest patches applied in a controlled manner. It is difficult to accurately understand what is meant by "Norton Business Protection" as they offer a range of products. We have had great success with the enterprise offerings from Symantec but they too have recently (Aug 2019) sold to Broadcom the Enterprise Security Business.
Impossible to keep current with IT Mergers & Acquisitions. Accenture Security is to acquire Symantec's Cyber Security Services business from Broadcom [ www.infosecurity-magazine.com/news/accenture-to-acquire-symantec/ ] Second ownership change but core product --for now remains the same offering.
First you need to upgrade to a supported platform. 2012r2 or Higher...
Cisco Meraki Firewall is the easiest to manage and deploy.
Go with FG-40F
FortiGate 30e
Or
FortiGate 40f
Dear, firstly received a cordial greeting.
These questions arise:
What service do you have in the cloud?
How much is your capacity?
Now, you can install a Mikrotik operating system on a PC or server that can help you with network firewalls, creating rules.
Or buy Mikrotik hardware.
I am at your service to help you. Mikrotik has many advantages.
Dear best regards, I recommend that MikroTik in the operating system or the physical equipment have a great structure at the firewall level.
You can implement Smoothwall Express is a free solution with a simple web interface to configure and manage the firewall to get started.
I am attentive and at your command.
Fortinet or Sonicwall
Sophos XG firewall with RED devices to make tunnels
Just get Untangle it's the easiet and cheapest...but not weak by a long shot... 4 years multiple deployments and no breaches or ransomedware
How can gI et a Cisco ASA 5510 Firewall for a decent price? It has all the essential features.
..
What is the speed of your internet connection?
I would recommend you to use Cisco firepower, easy to configure and manage, this will be very helpful for you because you have a limited staff
based on the information that you provide, you will need small firewall (depend on size and growth of your company and bandwidth). Since you also locate your website on you premise, I suggest you to Protect the server with small WAF (Web Application Firewall). Regarding the brand, there are many justification as your required such as bandwidth, firewall feature (UTM or NG-Firewall) and budget.
Thank you
You could go for CISCO MERAKI MX-64 with 1/3 yrs advanced security services license. Since it’s could based administration, very easy to deploy and Manage. Can support upto 50 devices including servers.
Take the FortiGate 40F with UTM protection (600 Mbps Threat Protection), easy management and low cost for your requirement. If you need load balance WAN links choose the 60F because it has more physical ports and 700 Mbps Threat Protection.
I personally use Cisco Exclusively because that is what I know. Palo Alto firewalls are also very good. Those are the two biggest players right now from my research and knowledge. Performance-wise the are clearly direct competitors and one may fair better in one feature and the other in another feature so it's hard to say one is really better than the other. Both can now be managed via a GUI however Cisco has the advantage of also being manageable via a fully developed and documented CLI.
As for which model to choose that would depend on the anticipated load and any additional features you would need. Both support a DMZ / public /
private network infrastructure. From what little information is provided the lower end firewall models would most likely be acceptable however the final is dependant on the incoming traffic more than the number of users behind it.
Windows Server 2008 is unsupported by Microsoft and you should migrate it to Windows Server 2019. I think your hardware is also very old. But you don't have to buy new hardware. You may create a virtual machine from a datacenter like Azure, AWS, etc. They also offer some security services like IPS, Next-Generation Firewall, DDOS protection, etc for your workloads and I am sure it will be cheaper instead of buying hardware. I advise you to use Fortinet, Palo Alto or Check Point virtual firewalls.
First, before proceeding with the firewall brand, I need to know what tasks must the firewall handle i.e IPS, Protection from the exterior, web application firewall, VPN users, protection for clients hosting their websites on your servers, web and application filter, mail filter? All of these will determine which firewall should you go for.
If you can send me these I will tell you which brands to follow and how the configuration shall be done.
As for windows 2008, yes it is not supported but this doesn't make your environment vulnerable since you have Norton in place and the next-generation firewall will do the protections unless you have a budget allocated to the migration to windows server 2016, then it is better to migrate first.
You have two challenges:
- First, Windows 2008R2 is no longer under Microsoft support (you will no longer receive security patches) - this makes your server MUCH more vulnerable.
- Second, firewalls. I tend to like Sonic Wall, but there are others as well. Each vendor has models that address a range of features, with cost considerations attached. Suggest working with a local vendor to consider a holistic approach to your org and needs.
I recommend using Cisco FPR 1010 (www.cisco.com/c/en/us/products/collateral/security/firepower-1000-series/datasheet-c78-742469.html).
I will prefer Cisco FPR 1120 for SMB as it is power of CISCO and no renewal fee for firewall subscription.
Better take the 60F instead of the 60E. more performance, ower price, same functionality.
Upgrading your 2008 servers is also a recommendation. But all firewalls of the major companies(Fortinet, Palo Alto, and CheckPoint) will be good enough for you. It all depends on your budget and how you manage your security policies.
A firewall isn't a silver bullet against all threats.
It depends on your budget, there are many options you can avail, but if you buy a Fortinet firewall, it will get you ease of management and having all the options which enterprise network needs.
One consideration that is throughput required to respond to your web server queries is essential, so please chose as per your requirement like 40E, 60E.