TrustMaps are two-dimensional charts that compare products based on satisfaction ratings and research frequency by prospective buyers. Products must have 10 or more ratings to appear on this TrustMap.
Firewalls are filters that stand between a computer or computer network and the Internet. Each firewall can be programmed to keep specific traffic in or out. All messages passing through the firewall are examined and those not meeting pre-defined security criteria are blocked.
For example, on the outbound side, firewalls can be configured to prevent employees from transmitting sensitive data outside the network, while on the inbound side, firewalls can be configured to prevent access to certain kinds of websites like social media sites.
Application visibility and control
Identify and control evasive app threats
Intrusion Prevention integration
Physical and virtual environment support
Integration with LDAP and Active Directory
Firewalls use several methods to control traffic flowing in and out of a network:
Packet filtering: This method analyzes small pieces of data against a set of filters. Those that meet the filter criteria are allowed to pass through, while others are discarded.
Proxy service: In this method, computers make a connection to the proxy which then initiates a new network connection based on the content of the request. In this way, there is no direct connection or packet transfer on either side of the firewall. Network addresses are effectively hidden.
Stateful inspection: Stateful inspection is the new standard firewall security method that monitors communications packets over a period of time. Outgoing packets that request specific types of incoming packets are tracked. Only incoming packets that are an appropriate response are allowed to pass. Firewalls using this method are often referred to as next-generation firewalls (NGFW).
The cost of firewalls can vary from free (for personal use) to significant sums of money for enterprise firewalls. Firewalls are often on-premise appliances, but can also be purchased as software which must be installed on a server, or as a cloud service. The range of pricing models is broad making it difficult to compare across vendors. However, an enterprise firewall may cost upwards of $30,000, depending on capability and type.
WatchGuard Network Security is a network security and firewall software. WatchGuard includes secure Wi-Fi, multi-factor authentication, and network intelligence products and services designed for SMB’s.
Cisco Adaptive Security Appliance (ASA) software is the core OS for the ASA suite. It provides firewall functionality, as well as integration with context-specific Cisco security modules. It is scaled for enterprise-level traffic and connections.
FortiNet FortiGate is a firewall option with high integrability. It offers a variety of deployment options and next-gen firewall capabilities, including integration with IaaS cloud platforms and public cloud environments.
Cisco Meraki MX Firewalls is a combined UTM and Software-Defined WAN solution. Meraki is managed via the cloud, and provides core firewall services, including site-to-site VPN, plus network monitoring.
Palo Alto next-generation firewalls classify all traffic, including encrypted and internal traffic, based on application, application function, user and content. Users can create security policies to enable only authorized users to run sanctioned applications.
pfSense is an open-source firewall and load management product. It provides combined firewall, VPN, and router functionality, and it can be deployed through AWS or Azure clouds or on-premises via Netgate.
SonicWall TZ is a NGFW for small to mid-sized companies. It is a Unified Threat Management solution, with additional native decryption and deep-packet inspection capabilities.
Sophos UTM provides core firewall features, plus sandboxing and AI threat detection for advanced network security. It has customizable deployment options.
Zscaler Web Security is a NGFW and Web Security Gateway. It specializes as a customizable security suite within a cloud-based SaaS, enabling a crowd-sourced threat library and robust scalability.
Untangle NG Firewall is an open-source firewall and gateway security platform. It offers a free core firewall platform with paid add-ons, and a cloud-based management platform with a variety of deployment options for smaller teams.
Barracuda CloudGen Firewalls provides a wide range of security and connectivity features, including web filtering, NAC and SSL VPN and other features for remote access, as well as protection as edge devices and IoT security.
WatchGuard XTM is a firewall option, from WatchGuard Technologies.
Juniper SRX is a firewall offering. It provides a variety of modular features, scaled for enterprise-level use, based on a 3-in-1 OS that enables routing, switching, and security in each product.
RackFoundry Total Security Management offers a complete firewall solution. It includes VPN, SIEM, automated vulnerability scanning and log management features scaled for SME’s.
The VM-Series is a virtualized form of Palo Alto next-generation firewall that can be deployed in a range of cloud environments. The VM-Series natively analyzes all traffic in a single pass to determine the application identity, the content within, and the user identity.
Cisco Firepower NGFW is a firewall that integrates with other Cisco security products. In addition to standard firewall services, Firepower offers sandboxing and DDoS mitigation capabilities.
Stonesoft firewalls were acquired and rebranded as McAfee Firewall Enterprise (MFE), then divested by McAfee and acquired by Forcepoint in 2016, and have reached end of life (EOL).
Sophos’s Cyberoam offers UTM and NGFW products. Cyberoam provides the full suite of modularized firewall services, as well as real-time reporting, for enterprise-level use.
Trustwave Firewall is a managed NGFW service. It provides core firewall services, as well as modularized add-ons like application control.
Smoothwall UTM is a firewall security suite for educational environments. It includes the standard firewall services, as well as load balancing, and has hardware and software deployment options.
Check Point’s 4000-series appliances is a legacy firewall offering. It also provides IPsec VPN access and intrusion prevention within the offering.
Check Point NGFW is a tiered firewall product. The base model includes the core firewall services, and can be upgraded to include anti-bot/virus/spam and sandboxing capabilities.
Check Point Firewall Software Blades are the modularized product offerings that Check Point provides. They include Check Point’s VPN, IPS, Firewall, and Application control features. These features are structured into “blades” to enable easier user access and toggling from a single management con...
Forcepoint Next Generation Firewall (NGFW) promises seamless and central management, whether physical, virtual or in the cloud. Administrators can deploy, monitor and update thousands of firewalls, VPNs and IPSs in minutes, all from a single console. The vendor says that the product reduces netwo...