Firewall Software

Best Firewall Software include:

WatchGuard Network Security, Palo Alto Networks Next-Generation Firewalls - PA Series, Fortinet FortiGate, and Cisco ASA.

Firewall Software TrustMap

TrustMaps are two-dimensional charts that compare products based on trScore and research frequency by prospective buyers. Products must have 10 or more ratings to appear on this TrustMap.

Firewall Software Overview

What are Firewall Software?

Firewall software are filters that stand between a computer or computer network and the Internet. Each firewall can be programmed to keep specific traffic in or out. All messages passing through the firewall software are examined. Those messages that do not meet pre-defined security criteria are blocked.

For example, on the outbound side, firewall software can be configured to prevent employees from transmitting sensitive data outside the network. On the inbound side, firewalls can be configured to prevent access to certain kinds of websites, like social media sites.

Types of Firewalls

Firewalls use several methods to control traffic flowing in and out of a network:

  • Packet filtering: This method analyzes small pieces of data against a set of filters. Those that meet the filter criteria are allowed to pass through, while others are discarded.

  • Proxy service: In this method, computers make a connection to the proxy which then initiates a new network connection based on the content of the request. In this way, there is no direct connection or packet transfer on either side of the firewall. Network addresses are effectively hidden.

  • Stateful inspection: Stateful inspection is the new standard firewall security method that monitors communications packets over a period of time. Outgoing packets that request specific types of incoming packets are tracked. Only incoming packets that are an appropriate response are allowed to pass. Firewalls using this method are often referred to as next-generation firewalls (NGFW).

There are also more specific firewall software beyond network-level firewalls. For instance, Web Application Firewalls sit between externally-facing applications and the web portal that end-users connect to the application through.

Firewall Software Features & Capabilities

Firewall software should have most or all of these features:


  • Application visibility and control

  • Identify and control evasive app threats

  • Intrusion Prevention integration

  • Physical and virtual environment support

  • Integration with LDAP and Active Directory

  • "Sandbox," or isolated, cloud-based threat emulation

Firewall vendors are beginning to bundle firewall offerings with other security or privacy features, although this is not a universal practice. The most common example is support for Virtual Private Networks (VPN), and load-management is often featured as well.

Firewall Comparison

To compare different Firewall software, you likely want to consider evaluating these aspects of the software:

  1. Managed Service Provider vs. In-House Focus: Are you looking for a firewall software to sell to and manage for your clients, or do you need something for your own business? Software tailored to the former context will emphasize centralized management and customizability, while the latter will be more accessible for line of business users without IT security backgrounds.

  2. Physical vs. Cloud Deployments: The standard deployment method for firewalls is via hardware appliance deployed on-premise. Alternative deployments on virtual machines, or hosted in the cloud on 3rd party infrastructure, have become frequent options among leading vendors. Cloud deployments frequently operate on a subscription pricing model, while physical appliances are more likely to be a one-time purchase, with additional costs for software updates varying by product.

  3. Multi-Location vs. Single-Location: Providing a firewall across multiple locations will require specific features. The most relevant feature differences will be VPN support (for securely connecting to remote offices), central management support, and native SD-WAN capabilities.

  4. Support: Reviewers frequently mention customer support and service, both positively and negatively depending on the software. Given a convergence of capabilities towards market parity, the extra support and services vendors provide can become a key differentiator between products.

Start a Firewall comparison

Pricing Information

The cost of firewalls can vary from free (for personal use) to significant sums of money for enterprise firewalls. Firewalls are often on-premise appliances, but can also be purchased as software which must be installed on a server, or as a cloud service. The range of pricing models is broad making it difficult to compare across vendors. However, an enterprise firewall may cost upwards of $30,000, depending on capability and type.

Firewall Products

(1-25 of 61) Sorted by Most Reviews

WatchGuard Network Security
141 ratings
92 reviews
Top Rated
WatchGuard Network Security is a network security and firewall software. WatchGuard includes secure Wi-Fi, multi-factor authentication, and network intelligence products and services designed for SMB’s.
Cisco ASA
171 ratings
53 reviews
Top Rated
Cisco Adaptive Security Appliance (ASA) software is the core OS for the ASA suite. It provides firewall functionality, as well as integration with context-specific Cisco security modules. It is scaled for enterprise-level traffic and connections.
Fortinet FortiGate
133 ratings
47 reviews
Top Rated
FortiNet FortiGate is a firewall option with high integrability. It offers a variety of deployment options and next-gen firewall capabilities, including integration with IaaS cloud platforms and public cloud environments.
Cisco Meraki MX
83 ratings
39 reviews
Cisco Meraki MX Firewalls is a combined UTM and Software-Defined WAN solution. Meraki is managed via the cloud, and provides core firewall services, including site-to-site VPN, plus network monitoring.
Palo Alto Networks Next-Generation Firewalls - PA Series
78 ratings
26 reviews
Top Rated
Palo Alto next-generation firewalls classify all traffic, including encrypted and internal traffic, based on application, application function, user and content. Users can create security policies to enable only authorized users to run sanctioned applications.
pfSense
35 ratings
14 reviews
pfSense is an open-source firewall and load management product. It provides combined firewall, VPN, and router functionality, and it can be deployed through AWS or Azure clouds or on-premises via Netgate.
SonicWall TZ
31 ratings
13 reviews
SonicWall TZ is a NGFW for small to mid-sized companies. It is a Unified Threat Management solution, with additional native decryption and deep-packet inspection capabilities.
Sophos UTM
29 ratings
8 reviews
Sophos UTM provides core firewall features, plus sandboxing and AI threat detection for advanced network security. It has customizable deployment options.
Barracuda CloudGen Firewall (formerly NG Firewalls)
15 ratings
6 reviews
Barracuda CloudGen Firewalls provides a wide range of security and connectivity features, including web filtering, NAC and SSL VPN and other features for remote access, as well as protection as edge devices and IoT security.
Untangle NG Firewall
13 ratings
6 reviews
Untangle NG Firewall is an open-source firewall and gateway security platform. It offers a free core firewall platform with paid add-ons, and a cloud-based management platform with a variety of deployment options for smaller teams.
Juniper SRX
19 ratings
5 reviews
Juniper SRX is a firewall offering. It provides a variety of modular features, scaled for enterprise-level use, based on a 3-in-1 OS that enables routing, switching, and security in each product.
Cisco ASA 5500-X with FirePOWER Services
10 ratings
4 reviews
Cisco offers a threat-focused next-generation firewall (NGFW), the ASA 5500-X Series. The ASA 5500 Series platforms can run either the Cisco ASA Firewall or Cisco Firepower Threat Defense (FTD). The series features appliances in a variety of form factors, including standalone options for small and m…
Cisco Firepower 1000 Series
7 ratings
4 reviews
The Cisco Firepower® 1000 Series for small to medium-size businesses and branch offices is a family of four threat-focused Next-Generation Firewall (NGFW) security platforms designed to deliver business resiliency through superior threat defense. The vendor provides that they offers exceptional sust…
Cisco Firepower NGFW (formerly Sourcefire)
12 ratings
4 reviews
Cisco Firepower NGFW is a firewall that integrates with other Cisco security products. In addition to standard firewall services, Firepower offers sandboxing and DDoS mitigation capabilities.
WatchGuard XTM - Discontinued Product
9 ratings
3 reviews
WatchGuard XTM is a firewall option, from WatchGuard Technologies.
RackFoundry Total Security Management
7 ratings
3 reviews
RackFoundry Total Security Management offers a complete firewall solution. It includes VPN, SIEM, automated vulnerability scanning and log management features scaled for SME’s.
Palo Alto Networks Virtualized Next-Generation Firewalls - VM Series
6 ratings
3 reviews
The VM-Series is a virtualized form of Palo Alto next-generation firewall that can be deployed in a range of cloud environments. The VM-Series natively analyzes all traffic in a single pass to determine the application identity, the content within, and the user identity.
Check Point Next Generation Firewall
11 ratings
2 reviews
Check Point NGFW is a tiered firewall product. The base model includes the core firewall services, and can be upgraded to include anti-bot/virus/spam and sandboxing capabilities.
SonicWall NSA Series
4 ratings
2 reviews
The SonicWall NSA Series is the company's mid-range next generation firewall (NGFW).
Trustwave Firewall
1 ratings
1 reviews
Trustwave Firewall is a managed NGFW service. It provides core firewall services, as well as modularized add-ons like application control.
Smoothwall UTM
1 ratings
1 reviews
Smoothwall UTM is a firewall security suite for educational environments. It includes the standard firewall services, as well as load balancing, and has hardware and software deployment options.
Forcepoint NGFW
1 ratings
1 reviews
Forcepoint Next Generation Firewall (NGFW) promises seamless and central management, whether physical, virtual or in the cloud. Administrators can deploy, monitor and update thousands of firewalls, VPNs and IPSs in minutes, all from a single console. The vendor says that the product reduces network …
F5 BIG-IP Advanced Firewall Manager
2 ratings
1 reviews
F5 Networks offers the F5 BIG-IP Advanced Firewall Manager, a firewall software combining a number of features including DDoS, DNS security, and other protections.
Stonesoft Firewall (Discontinued)
3 ratings
1 reviews
Stonesoft firewalls were acquired and rebranded as McAfee Firewall Enterprise (MFE), then divested by McAfee and acquired by Forcepoint in 2016, and have reached end of life (EOL).

Frequently Asked Questions

What is a firewall?

A firewall is a filter that stands between a computer or computer network and the Internet. It monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of rules. All messages passing through the firewall are examined and those not meeting pre-defined security criteria are blocked.

What are the main types of firewall?

There are four major types.

  • Packet Filtering: Small pieces of data are analyzed against a set of filters and are either allowed to pass through or are discarded.
  • Proxy Firewall: A proxy firewall serves as the gateway from one network to another. Computers make a connection to the proxy which then initiates a new network connection based on the content of the request.
  • Stateful Inspection: Stateful inspection monitors the state of active connections and uses this information to determine which network packets to allow through. Decisions on what to allow through are based on a combination of defined rules and context.
  • Next-Generation Firewall (NGFW): Next-generation firewalls go beyond packet filtering and stateful inspection. They have additional capabilities in order to help combat more modern threats like malware.

What’s the difference between a hardware and a software firewall?

Firewall hardware and firewall software both perform the same task; they both act as barriers between the internet and the computer and they both help to protect from anything that can harm the computer from an outside connection. Hardware firewalls offer network-wide protection from external threats. Software firewalls installed on individual computers are capable of closer data inspection and can block specific programs from sending data to the Internet.

What additional capabilities do next-generation firewalls have?

Next-generation firewalls are an acknowledgement that standard firewall capabilities are insufficient, and they typically include other related technologies such as: intrusion protection systems, deep packet inspection, SSL-encrypted traffic termination, and sandboxing.

How much do firewalls cost?

The cost of firewalls can vary from free (for personal use) to significant sums of money for enterprise firewalls. The range of pricing models is broad making it difficult to compare across vendors. However, an enterprise firewall may cost upwards of $30,000, depending on capability and type.