Firewall Options & Security

We're getting a new firewall for our company and I wanted to get some input from the experts. We're replacing our main firewall at our headquarters. It's a SonicWall NSA 220 that is connected by VPN to other SonicWalls (different models) at remote jobsites. We're a construction company and we use SharePoint and upload/download large drawing files throughout the day. We're expanding and want to be sure the new firewall can handle VOIP and video conferencing. Our WAN will be a 100 mbps fiber connection.

I saw the Gartner report that has Palo Alto as the best out there so I got some pricing. For the price of a PA500 I can get a SonicWall 3600 that has a lot more throughput. My main question is about the security difference.

Am I more vulnerable to an attack/data breach with the SonicWall?
Is the extra price for the lesser speed worth it?

I'm having a difficult time finding anything that rates the vulnerability of firewalls. Most analysis just talks about the bells & whistles. I have no complaints with the SonicWalls, but I don't want to be exposed to attacks.
imccoyAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Schuyler DorseyCommented:
You should study the different features of the firewalls vs the price and determine what fits best for your company in terms of cost/risk/complexity etc.

That being said, it can be very hard to compare NGFWs as it is usually not an apples to apples comparison. For an example, here is a breakdown of some of the PAN features:

Application Identification: it will scan the traffic going through it and ID the app regardless of the IP/port it is running on. You can even create ACL rules to control traffic based on this.
Active Directory integration: You can create rules based on AD users and groups so you can control what groups have access to what applications.
IPS: intrusion prevention system.. not much to elaborate on here
AV + AS: it does network based antimalware.  It also can do DNS sinkholing.
SSL Decryption: it can decrypt inbound AND outbound SSL/TLS sessions so it can scan them for threats which may otherwise pass through your security appliances
Wildfire: this will run all supported files which pass through the firewall in a Windows XP and Windows 7 sandbox to monitor their behavior. If it is determined to be malicious, all PANs in the world with this subscription get a signature update within 30 minutes and you receive a report on everything the file did. This helps to reduce the risk of unknown malware. Then PAN takes the IPs/URLs the malware connected to in the sandbox and adds those to the URL filtering database and creates a non hashed signature to be added to the standard AV engine. So it creates multiple layers of protection

I haven't worked with SonicWall in a few years so I cannot speak intelligently on the current platform. However, at that time, it did lack most of these features and the logging was very subpar unless you setup the companion software on one of your servers.

This is all just food for thought and I don't want to you consider PAN over SW just based on my recommendation because you have a much more thorough understanding of your environment than I do but wanted to ensure you had some of the information needed to make a good decision.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
imccoyAuthor Commented:
Thanks for the info.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.