Firewall Software TrustMap
TrustMaps are two-dimensional charts that compare products based on trScore and research frequency by prospective buyers. Products must have 10 or more ratings to appear on this TrustMap.
What are Firewall Software?
Firewall software are filters that stand between a computer or computer network and the Internet. Each firewall can be programmed to keep specific traffic in or out. All messages passing through the firewall software are examined. Those messages that do not meet pre-defined security criteria are blocked.
For example, on the outbound side, firewall software can be configured to prevent employees from transmitting sensitive data outside the network. On the inbound side, firewalls can be configured to prevent access to certain kinds of websites, like social media sites.
Types of Firewalls
Firewalls use several methods to control traffic flowing in and out of a network:
Packet filtering: This method analyzes small pieces of data against a set of filters. Those that meet the filter criteria are allowed to pass through, while others are discarded.
Proxy service: In this method, computers make a connection to the proxy which then initiates a new network connection based on the content of the request. In this way, there is no direct connection or packet transfer on either side of the firewall. Network addresses are effectively hidden.
Stateful inspection: Stateful inspection is the new standard firewall security method that monitors communications packets over a period of time. Outgoing packets that request specific types of incoming packets are tracked. Only incoming packets that are an appropriate response are allowed to pass. Firewalls using this method are often referred to as next-generation firewalls (NGFW).
There are also more specific firewall software beyond network-level firewalls. For instance, Web Application Firewalls sit between externally-facing applications and the web portal that end-users connect to the application through.
Firewall Software Features & Capabilities
Firewall software should have most or all of these features:
Application visibility and control
Identify and control evasive app threats
Intrusion Prevention integration
Physical and virtual environment support
Integration with LDAP and Active Directory
"Sandbox," or isolated, cloud-based threat emulation
Firewall vendors are beginning to bundle firewall offerings with other security or privacy features, although this is not a universal practice. The most common example is support for Virtual Private Networks (VPN), and load-management is often featured as well.
To compare different Firewall software, you likely want to consider evaluating these aspects of the software:
Managed Service Provider vs. In-House Focus: Are you looking for a firewall software to sell to and manage for your clients, or do you need something for your own business? Software tailored to the former context will emphasize centralized management and customizability, while the latter will be more accessible for line of business users without IT security backgrounds.
Physical vs. Cloud Deployments: The standard deployment method for firewalls is via hardware appliance deployed on-premise. Alternative deployments on virtual machines, or hosted in the cloud on 3rd party infrastructure, have become frequent options among leading vendors. Cloud deployments frequently operate on a subscription pricing model, while physical appliances are more likely to be a one-time purchase, with additional costs for software updates varying by product.
Multi-Location vs. Single-Location: Providing a firewall across multiple locations will require specific features. The most relevant feature differences will be VPN support (for securely connecting to remote offices), central management support, and native SD-WAN capabilities.
Support: Reviewers frequently mention customer support and service, both positively and negatively depending on the software. Given a convergence of capabilities towards market parity, the extra support and services vendors provide can become a key differentiator between products.
|Cisco ASA 5500-X||SonicWall TZ||Fortinet Fortigate||pfSense||Cisco Firepower||Cisco Meraki MX|
The cost of firewalls can vary from free (for personal use) to significant sums of money for enterprise firewalls. Firewalls are often on-premise appliances, but can also be purchased as software which must be installed on a server, or as a cloud service. The range of pricing models is broad making it difficult to compare across vendors. However, an enterprise firewall may cost upwards of $30,000, depending on capability and type.
Cisco Meraki Z3 Teleworker is an enterprise class firewall, VPN gateway and router. Each model offers five gigabit ethernet ports and wireless for connectivity. Each model is designed to securely extend the power of Meraki cloud managed networking to employees, IT staff, and executives…
Fusion Connect headquartered in Atlanta allows users to centralize security management and reduce demands on IT staff with Fusion’s Unified Threat Management (UTM) service. The multi-layered security service is designed to safeguard networks and information assets using a UTM device…
Check Point 44000 and 64000 scalable Next Generation Firewalls (superseding the 41000 series) are designed to excel in large data center and telco environments. The multi-bladed, chassis-based security systems scale to support the needs of growing networks while offering reliability…
CenturyLink® Adaptive Network Security is a network-based layer of protection which acts as a sensor, giving you the visibility and control needed to monitor, block and report attempts to break into your network. CenturyLink Adaptive Network Security can quickly adapt to new threats…
The Cisco Firepower 9300 series is presented by the vendor as a carrier-grade next-generation firewall (NGFW) ideal for data centers and high-performance settings that require low latency and high throughput. With it, the vendor providdes, users can deliver scalable, consistent security…
Frequently Asked Questions
There are four major types.
- Packet Filtering: Small pieces of data are analyzed against a set of filters and are either allowed to pass through or are discarded.
- Proxy Firewall: A proxy firewall serves as the gateway from one network to another. Computers make a connection to the proxy which then initiates a new network connection based on the content of the request.
- Stateful Inspection: Stateful inspection monitors the state of active connections and uses this information to determine which network packets to allow through. Decisions on what to allow through are based on a combination of defined rules and context.
- Next-Generation Firewall (NGFW): Next-generation firewalls go beyond packet filtering and stateful inspection. They have additional capabilities in order to help combat more modern threats like malware.