Home Page


Firewall Topics

Application Control

Application Layer Filtering

Firewall Authentication

High Availability, Failover, RAID, Clustering, & Redundancy

IPS & IDS Systems

Load Balancing & Link Balancing


Network Firewall Buyers Guide

Next-Gen vs UTM

Packet Filtering

Parental Control

Perimeter Network or DMZ

Personal or Hardware Firewall?

Ports Protocols and IP Addresses


Stateful Packet Filtering



What is a Firewall?

Which Network Firewall?

Zero Day Protection



Dedicated Hardware Firewall Review

Last Reviewed - May 2011



Recommending a network firewall can be a difficult task, simply because of the amount of aspects to take into account.


What is important to you in a firewall?

It is important to know what your requirements are for your business. For example are you a small to medium sized company or an enterprise sized business? What features are you looking for from within a firewall? Will you require UTM features in a firewall such as anti-virus, email security, application filtering, web filtering, etc?

Is it important that your firewall must be a well known and leading product such as Checkpoint, Cisco or Juniper, therefore looking for a leading brand name? Of course you would be paying more money just for the brand. Or do you want a firewall from a security vendor who really are not quite as big as the leading brands such as the above, but certainly are on the up and making a name for themselves; therefore a little cheaper at the same time.

Which particular aspects are you after within a firewall? For example firewalls such as Fortinet, Cisco, Juniper and other big vendors have the ability to split their firewall into virtual firewalls, providing the ability for managed services and sharing a physical appliance between different companies in the same building. SonicWALL and Fortinet on the other hand have the ability to centrally and securely manage wireless access points from within their firewalls. Your company may be keen on a particular feature.

How much are you willing to spend on a firewall? Of course budgets will also play it's part.

What about the ease of use, the graphical user interface from where you would manage the firewall (Web browser based or do you need to install a management server), Which authentication methods does it support? What about multi WAN, High Availability, VLANS, WAN optimisation, VPN functionality?

Is the firewall from a mature vendor or are they fairly new to the market? Do they provide every kind of feature but when you look at each feature in more depth they aren't really that granular, or in fact work that well at all. Then there are model and platform requirements such as number of interfaces you require on a firewall, backup power source, etc. Does it come in the platform you require such as virtual platform hosted on a VMWare server. Let's not forget support since you will have to be responsible for the solution that acts as the first layer of defense for your network, so what about the level of customer support? Do they provide a range of technical resources such as start up guides, troubleshooting guides, admin guides, a forum, etc?


Using world leaders in technology research and analysis

Which firewall has the best anti virus detection rates and other certifications? You can use sites such as Virus Bulletin, West Coast labs, ICSA, FISP for validating firewall accreditations. Virus Bulletin provide yearly reviews and tests on anti virus products, testing them against all kind of threats. These results are then published on their site and used by many IT Professionals.

Also you can use sources such as Gartner, IDC and Frost and Sullivan to find how well rated the vendor's products and technologies are from the experts themselves. Gartner does not just look at the product functionality but also many other aspects such as the vendor's future road map, their presence around the world, references from their current customers and so on before reviewing the product.


Author's Opinion

There are many excellent firewalls out there on the market today. The true fact is everyone has their own opinion and experiences and every vendor claims they are the best. As security is a rapidly changing world firewall vendors have to keep up the pace with these changes and produce the level of quality year after year.

Anyway here is my professional experience with network and UTM firewalls. If budget is not an issue and you require a proven leading firewall today; For example you are a financial company in need for a leading brand to provide you with that extra level of comfort and security, then the leading vendors today seem to be Checkpoint, Juniper and Cisco at the enterprise level. I speak to many firewall professionals and these seem to be the reputable vendors for large networks although heavily priced. However Fortinet, Palo Alto and Mcafee are not far behind and in general a little cheaper.

For small and medium sized networks who require a UTM all in one firewall then Fortinet, Watchguard, Juniper, SonicWALL, Netgear, Cisco and Checkpoint all provide excellent all round functionality.

In particular I like Fortinet firewalls. They do not outsource their UTM features and so are an all in house product. They have a very feature rich firewall and a powerful web based interface. Also Fortinet have a broad range of other products and a good central management product to manage their appliances and Forticlient security software (security for endpoints) and also have a very powerful logging and reporting appliance. Their firewall solution in particular can do many jobs and is very granular such as the ability to do WAN optimisation, central wireless management, virtual firewalls. They can be configured in line, in bridged mode or as a network sniffer. They can be setup as a dedicated web filtering solution and deployed either in line or as a proxy. The product supports just about everything and is a very good all in one solution.


However all that said, only you know what you require from a firewall. All vendors have their strengths and weaknesses so you need to do your research. Let's summarise below.


Large enterprise networks

If you are a large network or even an ISP carrier with huge bandwidth requirements then vendors such as either a Checkpoint, Juniper, Cisco, Palo Alto or Fortinet firewalls offer solutions in this market space.

However this does not mean you should only look at these vendors as there are a number of other vendors who have broken into the enterprise market and are offering great alternatives. Further down is a link to more vendors providing firewall solutions.


Small to Medium sized business

If you are a small medium business and looking for an all in one solution providing great levels of UTM security and features, then vendors such as Fortinet, Watchguard, Juniper, SonicWALL, Netgear, Cisco or Checkpoint provide excellent security products and some of them are competitive from a pricing perspective. Another vendor up and coming and certainly making some noise in the market is Palo Alto worth looking into.

Again, this is a general recommendation and from personal experience. There are other vendors that provide great alternatives you can find from the below link.


Other firewalls

Also take a look at these firewall vendors that should be taken into consideration before making any final decisions.