What is the best next generation Firewall product? This is a big question.
It is mostly based on numbers of users. When you have many users on the same Firewall, UTM Firewalls are the best option. They are now integrated with built-in IPS . UTM firewalls, or Next Generation Firewalls (whatever marketing wants to call them), are not port-based and are so fast these days that you can certainly buy the feature set that handles URL inspection, IPS, SSL inspection, etc.
I would recommend that you also spend the extra time to integrate the Firewall product you choose with Active Directory so you can get user granularity versus just groups. You should get the integrated IPS as well versus a standalone IPS. The UTM can handle it. I would also recommend that the ports 80 and 443 need to be open for normal web user traffic.
I would also consider getting a product that scrubs and adds the same deep L7 inspection to SSL. Yahoo and Google mail services are all burying their pop email personal account access via 443 (ssl). You need to inspect this traffic so that something like a virus or malware doesn’t slide into your company via someone’s personal email. For example, I would compare it to a castle with a tunnel built under the mote in order to bypass normal inspection at the drawbridge.
On a final note, there are standalone URL market products that do offer some features and benefits that you may want to consider , but for a first-time entry into this problem, just do it on the UTM. It will be a feature rich enough. Forget Cisco, it’s dark ages! Palo Alto and Fortinet’s FortiGate are strong as well. I highly recommend SonicWall for IPS. Now that SonicWall is out from under Dell’s ownership, it is definitely my new favorite. Check out the links below to get a detailed view of the SonicWall’s product.
- SonicWall Advanced Threat Protection Product Of the Year Award, 2016
- NSS Labs 2016 Security Value Map
- NSS Labs 2016 vendor test report
Ready to explore visualization of cyber intelligence information to zero in on trends, improve decision-making, and better target your IT investments? Contact RedZone today: 410-897-9494 or email firstname.lastname@example.org