Firewall Vendors

• Traditional firewalls are security devices which inspect traffic at the

point of network ingress/egress, as well as provide Virtual Private
Network (VPN) and encryption capabilities.
• Firewalls watch traffic by state, port and protocol, and control the
flow of the traffic passing through. In a traditional firewall, advanced
security features are typically provided by external appliances and
services that live outside the firewall platform.
 Next-generation firewall vendors

• 1. Cisco:
• 2. Palo Alto Networks:
• 3. Fortinet:
• 4. Check Point Software Technologies:
• 5. Juniper:
• 6. SonicWall:
• 7. Sophos:
Cisco: Pro: Extensive product offerings. Con: Maybe
too extensive
• Cisco offers intrusion prevention, advanced malware protection,
cloud-based sandboxing, URL filtering, endpoint protection, web
gateway protection, SEG security, network traffic analysis, network
access control and a cloud access security broker (CASB) which helps
protect other companies’ cloud-hosted services through their Cisco
Secure Firewall, Cisco Secure Workload.
Palo Alto Networks: Pro: Broad product line,
consolidated management. Con: Pricey
• Palo Alto Networks provides a wide selection of NGFW features
packaged as hardware based (PA-Series), Virtual (VM-Series), FWaaS
(Prisma Access) and containerized (CN-Series) options.
Fortinet: Pro: Strong homegrown product line,
integrated management. Con: Global PoPs lacking
• Fortinet’s NGFW product line, FortiGate, is available in hardware, as a
virtual appliance and as a FWaaS (FortiSASE) option.
• They offer centralized management platforms in their FortiManager
and FortiGate Cloud products. Their products offer capabilities such
as a Secure Email Gateway (SEG), Web Application and API Protection
(WAAP), Network Access Control (NAC), Identity and Access
Management (IAM), a Security Operations Center (SOC) as a service,
SASE and Zero Trust Network Access (ZTNA) products.
Check Point Software Technologies: Pro: Focused
security solutions. Con: No integrated SD-WAN
• Check Point focuses on preventing and blocking attacks. They offer
hardware appliances (Quantum), as well as virtual appliances and
cloud security products under the CloudGuard brand.
Juniper: Pro: Advanced threat detection. Con: Slow
to adopt FWaaS and SASE
• Juniper offers its SRX Series Services Gateways in hardware
appliances, virtual appliances (vSRX) and containers (cSRX).
• vSRX can be hosted on the customer’s own hypervisor, AWS, Azure,
Google Cloud, IBM Cloud and Oracle Cloud. Juniper also offers
Security Information and Event Management (SIEM), Distributed
Denial of Service (DDoS) mitigation and threat intelligence, advanced
threat detection capabilities, and IoT security.
SonicWall: Pro: Quality products. Con: Lacks FWaaS,
containers
• SonicWall has three hardware appliance lines (TZ, NSa and NSsp
series) along with a virtual appliance firewall (NSv series).
• The NSv products can be hosted on the customer’s own hypervisor or
can be found in the Amazon and Azure marketplaces.
Sophos: Pro: Managed threat response. Con: No
FWaaS or container
• Sophos offers their Sophos Firewall hardware (XGS Series and SD-
RED), a cloud security posture management (CSPM) product (Cloud
Optix), endpoint and server protection (Intercept X) and products for
EDR and ZTNA.
• Information security is critical in today’s world of bad actor attacks
and ransomware attacks, so it is vital for network executives to do a
thorough evaluation of any NGFW product before you bring it into
your infrastructure.