In this post, we'll try to identify what are the main features need to be analyzed before buying an Enterprise Network.
Very often I hear some things like...
The answer is:
It's not the same a network with 100 users than other critical and redundant network with 50,000 users and 300 servers...
In my opinion these are the essential question you need to thinking about.
Today, Firewalls has extra features to keep in mind.
When you are dimensioning your future firewall, take care with the extra features because they have a direct impact in the performance of the firewall.
Throughput decreases when you enable policy rules with:
CPU and Memory when you enable policy rules with any of these extra features.
There are a lot of Firewall manufacturers. We can talk with Palo Alto Networks, Fortinet, Checkpoint, SonicWall, Whatchguard, Cisco, Juniper, Stonesoft... How we choose?
I think this is the more difficult decision.
A manufacturer has a strong network firewall but his Antivirus is really bad. Another manufacturer has 10GB firewall interfaces and a great throughput capabilities but hasn't Control Application.
Maybe two of them have the same features (more or less) but one of them is a visionary and works with a better technology and the other has a great base installed and better technical support...
In our opinion, the best option is to select 2 or 3 and request a demo in a production environment.
There are companies working on comparing these products like Gartner (who every year release his "Magic Quadrant "), NSS Labs... But take care because there are reports of Enterprise Firewalls, Next Generation Firewalls (NGFW), Unified Threat Management Firewalls (UTM)... There are same manufactures that are evaluated in differents reports with diferent results...
Magic Quadrant for Unified Threat Management
Magic Quadrant for Enterprise Network Firewalls
What's the different between Next Generation Firewall and the Unified Threat Management Firewall? In the next posts we will talk about it...
It is hard to hit 100% when you are choosing a hardware-based firewall but if you follow these steps, you may be having a good choice: