Firewall comparison – How to choose a firewall (from A Network administrator’s perspective)
With so many firewalls available in the market, Network administrator tend to get confused
In case you don’t know what exactly a firewall is, read what is a firewall before you proceed to the comparison.
If you are looking for firewall comparison data between firewalls, Please read the following posts:
Sonicwall Vs Cisco – Firewall Comparison
Sonicwall Vs Watchguard - Firewall Comparison
Sonicwall Vs Fortinet - Firewall Comparison
Fortinet Vs Cisco - Firewall Comparison
Watchguard Vs Fortinet - Firewall Comparison
Cisco vs Watchguard - Firewall Comparison
In general, your decision should be made on the following:
1) Performance requirements
2) Feature requirements
3) Cost – one time and recurring costs
5) Availability of IT Consulting
1) Performance requirements – In case you haven’t noticed, I have used the word “performance requirements” as opposed to just “performance”.
You must calculate your throughput requirements before selecting one.
Some questions to help you calculate your requirements -
- How many computers do you have?
- How many concurrent users will be using the internet
- What kind of internet connection do you have? ADSL, Satellite, Fiber?
- What is the usage pattern of the users? HTML web browsing, Videos, heavy downloads?
Calculating the right throughput requirements is very important as it will help you pick the right sized firewall for your business. Most businesses will try to sell you a “High-Performance” or “Higher version” model even if your requirements are far less than that.
2) Feature requirements – There are hundreds of features available to choose from, but do you need them all? and if you don’t need them all, why pay for it?
Some features to look for:
- URL Filtering
- Content Filtering
- SPI Firewall
- Reports – websites visited, bandwidth info, hardware usage (CPU,RAM, Disk Space)
- IDS Intrusion Detection System (Not commonly used in Small business Environments)
- Load Balancing and WAN Failover
3) Costs – The most important aspect when getting a firewall is the cost.
There are 2 types of costs – Fixed costs and Recurring costs
Fixed costs – this is the amount that you pay upfront. These costs may include:
Hardware cost – Cost of the hardware (the box!)
Installation charges – One time fee that the vendor will probably charge you for delivery and installation
Consulting and configuration charges – These charges are usually paid to the systems integrator -The company that has the expertise and the technical know-how to define rules on the firewalls based on your network design.
Recurring costs – Most people don’t take this into consideration. What the companies discount on the upfront costs, they make it up in the recurring costs. It is very important that you make a note of the “subscriptions” before you make a decision. Recurring costs may include:
- Basic Technical Support (during normal working hours)
- Premium Technical Support (24×7)
- Subscriptions -
These may include – Antivirus, content/application filter, IDS, VPN Licenses (Per user/ Per bundle),
User licenses (Some companies charge on a per-user basis)
- Extended Warranties.
So when comparing costs, always check how much you will be paying for the next 3 years. The reason you have to do it for three years, is because if you are spending considerable amount of money from your IT budget, you would at least hold on to it for the next three years before upgrading to something else.
Moreover, at the pace technology is progressing, there is always something new launched in every three years time.
So Cost = (Fixed Cost + Recurring Cost) X 3
One of the most important aspects of a product is technical support. Whenever there is a problem you need an access to reliable support personnel to help you troubleshoot the issue quickly and get your network back online. There are mainly 4 ways you can get help:
- Registering a ticket online
- Live chat
Most of the companies do not provide on-site support. For on-site support you’d have to rely on the system integrator / vendor who had your network setup and firewall installed.
Support is the backbone of your IT infrastructure. Poor support will lead to more than usual downtime and people at your office aren’t going to be very happy about that!
5) Availability of IT Consulting.
This is something Network admins generally overlook.
A golden rule to remember – “Your firewall is only as good as your configuration”
A firewall by itself doesn’t do much. It’s the firewall setup and its configuration that decides the fate of your network. So if you spend $2000 on a high-performance firewall, but don’t have the configuration done right, you’re in for a lot of trouble.
A firewall should be configured under the direct supervision of an information security expert. Once you bring in a firewall in your network, you have to make sure the firewall is configured in accordance to your company’s IT security policy to get the most out of your expense.
Before you make a decision, be sure to have a good IT consultancy firm with security expertise or an independent IT security consultant to help you plan your network security.
Share this article