Firewall Software

Top Rated Firewall Products

TrustRadius Top Rated for 2021

These products won a Top Rated award for having excellent customer satisfaction ratings. The list is based purely on reviews; there is no paid placement, and analyst opinions do not influence the rankings. Read more about the Top Rated criteria.

Firewall Software TrustMap

TrustMaps are two-dimensional charts that compare products based on trScore and research frequency by prospective buyers. Products must have 10 or more ratings to appear on this TrustMap.

Firewall Software Overview

What are Firewall Software?

Firewall software are filters that stand between a computer or computer network and the Internet. Each firewall can be programmed to keep specific traffic in or out. All messages passing through the firewall software are examined. Those messages that do not meet pre-defined security criteria are blocked.

For example, on the outbound side, firewall software can be configured to prevent employees from transmitting sensitive data outside the network. On the inbound side, firewalls can be configured to prevent access to certain kinds of websites, like social media sites.

Types of Firewalls

Firewalls use several methods to control traffic flowing in and out of a network:

  • Packet filtering: This method analyzes small pieces of data against a set of filters. Those that meet the filter criteria are allowed to pass through, while others are discarded.

  • Proxy service: In this method, computers make a connection to the proxy which then initiates a new network connection based on the content of the request. In this way, there is no direct connection or packet transfer on either side of the firewall. Network addresses are effectively hidden.

  • Stateful inspection: Stateful inspection is the new standard firewall security method that monitors communications packets over a period of time. Outgoing packets that request specific types of incoming packets are tracked. Only incoming packets that are an appropriate response are allowed to pass. Firewalls using this method are often referred to as next-generation firewalls (NGFW).

There are also more specific firewall software beyond network-level firewalls. For instance, Web Application Firewalls sit between externally-facing applications and the web portal that end-users connect to the application through.

Firewall Software Features & Capabilities

Firewall software should have most or all of these features:

  • Application visibility and control

  • Identify and control evasive app threats

  • Intrusion Prevention integration

  • Physical and virtual environment support

  • Integration with LDAP and Active Directory

  • "Sandbox," or isolated, cloud-based threat emulation

Firewall vendors are beginning to bundle firewall offerings with other security or privacy features, although this is not a universal practice. The most common example is support for Virtual Private Networks (VPN), and load-management is often featured as well.

Firewall Comparison

To compare different Firewall software, you likely want to consider evaluating these aspects of the software:

  1. Managed Service Provider vs. In-House Focus: Are you looking for a firewall software to sell to and manage for your clients, or do you need something for your own business? Software tailored to the former context will emphasize centralized management and customizability, while the latter will be more accessible for line of business users without IT security backgrounds.

  2. Physical vs. Cloud Deployments: The standard deployment method for firewalls is via hardware appliance deployed on-premise. Alternative deployments on virtual machines, or hosted in the cloud on 3rd party infrastructure, have become frequent options among leading vendors. Cloud deployments frequently operate on a subscription pricing model, while physical appliances are more likely to be a one-time purchase, with additional costs for software updates varying by product.

  3. Multi-Location vs. Single-Location: Providing a firewall across multiple locations will require specific features. The most relevant feature differences will be VPN support (for securely connecting to remote offices), central management support, and native SD-WAN capabilities.

  4. Support: Reviewers frequently mention customer support and service, both positively and negatively depending on the software. Given a convergence of capabilities towards market parity, the extra support and services vendors provide can become a key differentiator between products.

Start a Firewall comparison

Pricing Information

Pricing information for firewall software
Cisco ASA 5500-X SonicWall TZ Fortinet Fortigate pfSense Cisco Firepower Cisco Meraki MX
Starting Price $400.00 $300.00 $250.00 $179.00 $500.00 $595.00
Maximum Price $20,000.00 $2,300.00 $300,000.00 $2,649.00 $200,000.00 $19,995.00

The cost of firewalls can vary from free (for personal use) to significant sums of money for enterprise firewalls. Firewalls are often on-premise appliances, but can also be purchased as software which must be installed on a server, or as a cloud service. The range of pricing models is broad making it difficult to compare across vendors. However, an enterprise firewall may cost upwards of $30,000, depending on capability and type.

Firewall Products

(26-50 of 62) Sorted by Most Reviews

Cisco Firepower 2100 Series

Cisco offers the Firepower 2100 Series NGFW, designed to allow businesses to gain resiliency through superior security with sustained performance. The Firepower 2100 Series has a dual multicore CPU architecture that optimizes firewall, cryptographic, and threat inspection functions…

Sophos SG Firewall Appliances

Sophos SG Firewall Appliances are designed to provide optimal protection for organizations of all sixes from small remote offices, to global organizations requiring high-availability and

Azure Firewall

Microsoft's Azure Firewall is a managed cloud-based network security service that protects Azure Virtual Network resources.


Sophos’s Cyberoam offers UTM and NGFW products. Cyberoam provides the full suite of modularized firewall services, as well as real-time reporting, for enterprise-level use.

Forcepoint NGFW

Forcepoint Next Generation Firewall (NGFW) promises seamless and central management, whether physical, virtual or in the cloud. Administrators can deploy, monitor and update thousands of firewalls, VPNs and IPSs in minutes, all from a single console. The vendor says that the product…

F5 BIG-IP Advanced Firewall Manager (AFM)

F5 Networks offers the F5 BIG-IP Advanced Firewall Manager, a firewall software combining a number of features including DDoS, DNS security, and other protections.

Cisco Firepower 4100 Series

The Cisco Firepower 4100 Series’ 1-rack-unit size is presented by the vendodr as ideal at the Internet edge and in high-performance environments. They further state that it shows what’s happening on your network, detects attacks earlier so you can act faster, and reduces management…

Stormshield Network Security

The Stormshield Network Security is the company's line of SN series Next-Generation Firewalls (NGFW). The SN series is based on the NETASQ Firewalls acquired and merged into Stormshield after that company was formed from the merger of the original companies Netasq and Arkoon.

A10 Thunder CFW

A10 Networks offers A10 Thunder CFW (for Convergent Firewall), a combined firewall and secure web gateway.

Huawei Unified Security Gateway

Huawei’s USG6600 series is a NGFW offering scaled for mid-sized to large enterprises and data centers. Huawei provides core data services, as well as sandboxing, DLP, encrypted traffic inspection, and reporting services.

Check Point Quantum Edge

Quantum Edge is a small footprint virtual security gateway with threat prevention that can be centrally deployed and managed, and is presented as an ideal security solution for branch offices. Quantum Edge integrates with branch office network vendors to provide threat-prevention…

SonicWall E10000 Series

SonicWall E10000 Series is the company's high end next generation firewall (NGFW).

Hillstone X-Series Data Center Next-Generation Firewall

Hillstone Networks headquartered in Santa Clara offers the Hillstone X-Series Data Center Next-Generation Firewall, designed to support high speed service providers.

AhnLab TrusGuard

Korean company AhnLab offers TrusGuard, an integrated firewall, IPS, VPN, anti-virus, and anti-spam security appliance featuring DDoS protection and secure connectivity with internal systems through an IPSec/SSL VPN.

H3C SecPath

H3C provides network security via its SecPath next-generation firewall (NGFW) series.

Avast Secure Internet Gateway (SIG)

Avast Business Secure Internet Gateway (SIG) is designed to replace traditional hardware by delivering cloud-based firewall capabilities from Avast's global cloud network. The service ensures network security is always on, always updating, and always protecting the business. SIG…

SecPoint Protector

The SecPoint Protector is a next-gen firewall and UTM (Unified Threat Management) appliance designed to protect the whole network.

Menlo Security Cloud Firewall

Cloud Firewall from Menlo Security is designed to ensure fast, reliable and secure access to cloud applications. Menlo states they bring next-gen firewall controls and advanced security to all users in all locations for all ports and protocols.

Check Point Quantum Spark

Check Point offers Quantum Spark, a budget line of firewall appliances designed to provide small businesses with edge protection and simplified management, next-gen firewall capabilities with VPN, application control & web filtering, antivirus, and intrusion protection.

SonicWall NSsp Series Next-Generation Firewalls (SuperMassive Series)

SonicWall's high end NSsp Series Next-Gen Firewalls support enterprise-sized networks, formerly represented in the SuperMassive 9000 Series, now including the NSsp 15700, NSsp 12800, NSsp 12400 series appliances.

Hillstone T-Series Intelligent Next-Generation Firewalls (NGFW)

Hillstone T-Series Intelligent Next-Generation Firewalls are capable of detecting unknown malware and abnormal behavior. With a rich forensic analysis and preemptive mitigation capabilities.

Stonesoft Next Generation Firewall (Discontinued)

Stonesoft Next Generation Firewall appliances were acquired and rebranded as McAfee Next Generation Firewall, but divested to Forcepoint in 2016, and EOL in 2016 also.

R&S Unified Firewall

German company Rohde & Schwarz offers the R&S Unified Firewall.

Secucloud SASE (ECS2)

Secucloud boasts a proven SASE platform that combines a global private backbone, a network security stack, and support for cloud resources and mobile devices. Now from Aryaka (acquired May, 2021), Secucloud offers solutions for small business, homes, but also enterprises,including…

Frequently Asked Questions

What is a firewall?

A firewall is a filter that stands between a computer or computer network and the Internet. It monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of rules. All messages passing through the firewall are examined and those not meeting pre-defined security criteria are blocked.

What are the main types of firewall?

There are four major types.

  • Packet Filtering: Small pieces of data are analyzed against a set of filters and are either allowed to pass through or are discarded.
  • Proxy Firewall: A proxy firewall serves as the gateway from one network to another. Computers make a connection to the proxy which then initiates a new network connection based on the content of the request.
  • Stateful Inspection: Stateful inspection monitors the state of active connections and uses this information to determine which network packets to allow through. Decisions on what to allow through are based on a combination of defined rules and context.
  • Next-Generation Firewall (NGFW): Next-generation firewalls go beyond packet filtering and stateful inspection. They have additional capabilities in order to help combat more modern threats like malware.

What’s the difference between a hardware and a software firewall?

Firewall hardware and firewall software both perform the same task; they both act as barriers between the internet and the computer and they both help to protect from anything that can harm the computer from an outside connection. Hardware firewalls offer network-wide protection from external threats. Software firewalls installed on individual computers are capable of closer data inspection and can block specific programs from sending data to the Internet.

What additional capabilities do next-generation firewalls have?

Next-generation firewalls are an acknowledgement that standard firewall capabilities are insufficient, and they typically include other related technologies such as: intrusion protection systems, deep packet inspection, SSL-encrypted traffic termination, and sandboxing.

How much do firewalls cost?

The cost of firewalls can vary from free (for personal use) to significant sums of money for enterprise firewalls. The range of pricing models is broad making it difficult to compare across vendors. However, an enterprise firewall may cost upwards of $30,000, depending on capability and type. Find more pricing information here.