At IT Central Station, 7,161 users follow the category of firewall reviews and questions published by enterprise tech professionals. As of March 2017, our firewall user reviews have been viewed over 381,820 times.
Terry Stokes, an Information Technology Manager at a Healthcare company, asked the following question in our firewalls user community:
Asked in March 2017:
“What do you recommend for a corporate firewall implementation? I have six geographically dispersed locations.”
Question Background: “I have a web-based firewall solution from our telecom vendor which is not user-friendly nor does it show you the traffic on the firewall.
I have six geographically dispersed locations. What do you recommend for a corporate firewall implementation?”
Read top answers to Terry’s question, as published by our users:
Sean Akers, DevOps Engineer:
“The original question did mention ease of use, showing throughput, and the need to connect several regions, which is why I recommended Meraki products. IMO they are by far the easiest firewall to set up and a total no-brainer for distributed use. It is nigh on impossible to accidentally disconnect your remote offices due to configuration mess up and even if you do then the out-of-band management will allow you to correct the issue.
If you know what you’re doing then I’d go with pfSense. Powerful and affordable (free even if you can do without the support).
We have Meraki MX in our HQ office as the needs there are simple and ease of management is a top priority along with all the stuff the Advanced Security license brings. We use pfSense in our data center rack.
Having spent a long time with Cisco ASAs I’d certainly not recommend them to the OP due to being far too complex to set up without experience or training. Although they’re rather good if you know what you’re doing.”
“Fortigate Firewalls are best suited for these purposes. You may select the appropriate model either by comparing specs on their website or talking to one of their consultants. Only, shortfall with Fortigate is, one needs to be trained to configure and manage these devices. So, you either learn it yourself or signup a support partner. Online support is not very great for setting the device up. But, pretty quick and efficient in helping resolve specific issues faced.”
Musavir Sheikh, Senior Network Engineer:
“If you are not a regular firewall service manager and this is a first-run into the corporate firewall systems, I might suggest Check Point solutions as a first name in easy to learn and quick to get up and running appliances. Check Point takes a very logical approach to security and it is up there with the best. As for bells and whistles, get a briefing from a vendor and see if it is a fit for your finances, pretty sure your 6 sites will be managed with ease.”
Fred Fish, Network Administrator:
“I’ve been running Cyberoam (now Sophos Cyberoam UTM) for over 10 years for my firewalls. I’ve really enjoyed the Cyberoam Support over the years those guys are great to work with. I have also been looking at the Meraki units for future upgrades to save a bit of money, and get a bit more visibility in one the traffic. You really have to weigh the money you have for the project and the number of users at each of the locations to know which solution is best for your organization.”
Michael Wing, Network Engineer:
“There are a few questions I would ask myself first before choosing a firewall vendor they would be as follows:
- What is the budget for the hardware?
- What kind of connectivity is present at each site (e.g DSL, IPVPN, Leased Line, 3G/4G etc.)?
- What is the traffic profile for each site (running mostly web applications, SQL, social media etc)?
- What throughput is needed per site?
- Do you require more advanced UTM functionally to secure/protect internal infrastructure?
If you can pinpoint these you’re on a good course to selecting a vendor.
To name but a few, my personal preference would be:
Cisco Meraki (if you want to have a cloud managed SD-WAN solution)
- Expensive based on throughput
- Very nice interface, lots and lots of detail about traffic on your network requires licensing (OpEx costs as cloud based).
- SD-WAN ready out of the box (really read into this as the benefits aren’t as peachy as they may first seem), its Cisco so a very steep learning curve.
- Very feature rich.
FortiNet (if you need UTM/Application firewall)
- Cost effective.
- One of the top vendors in the Gartner Magic Quadrant.
- A very nice interface learning curve to overcome as a more advanced piece of kit (more cost effective especially when compared with the likes of Cisco, Palo Alto and Check Point but in the same league all throughout the product range).
- FortiNet has a fill security fabric, so in the future, if you’re looking for desktop AntiVirus/Email appliances (FortiClient), WAN Load Balancers, Traffic Analysers, access switches, Cloud-based network logging etc. They have solutions for this that seamlessly integrate.
- Basic Firewall VPN and access rule functionality.
- Cost effective: does what it says on the tin VPN standard firewall policies.
- Not used personally but have customers who do, look extremely simple to setup and configure, would say cheapest and easiest to use of all mentioned but nowhere near as advanced or feature-rich. You get only what’s on the tin in a basic way.”
Read our full collection of firewall reviews.