Best Firewall option

Hello I’m looking to putting in my first firewall. I’m looking for a good option for a municipality. If someone could help me out with this it would be great like I said this is my first and I don’t have any experience in it at all! Thanks.
Rick WhiteheadIT CoordinatorAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Martin MillerCTOCommented:
Rick, you mentioned municipality, please go with the major players, any of these:

Palo Alto Networks
Juniper Network

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Rick WhiteheadIT CoordinatorAuthor Commented:
Any certain Cisco products?
Martin MillerCTOCommented:
All of these companies have SAE (Sales Application Engineers), titles will vary. Use them in your design and selection. Please don't use experts here for the exact models...
Choose an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

JohnBusiness Consultant (Owner)Commented:
Of the above, we use Juniper and they are excellent. I assume the others in the list are good as well.
Martin MillerCTOCommented:
Adding to John's comment, the vendors I noted are all considered good.

More recently, in the past 3 years, I feel both, Juniper and Palo Alto Networks have provided better value to my network and sebuild-outsld outs.
Which firewall you get will depend solely on your needs and the needs of your company. Cisco, Juniper, SonicWALL, Fortinet are among the manufacturers that I would recommend. But depending on the amount of traffic the firewall will be processing, and what additional features and functionality will be utilizing  will also play into the decision making and the scale of the firewall you will purchase. Such and Example of additional functionality would be IDS,IPS, Content Filtration, VPN functionality just to name a few.

I would recommend it as well that if you are unsure of the needs or the traffic requirements of your company to bring in a 3rd party consultant such as one of the companies listed above to get the correct information in order to size your product for your needs.

Please pardon any misspelling or grammatical errors. Sent from my Mobile.
Scott CSenior EngineerCommented:
Just throwing in my 2 cents.  For 99% of our customers, we use SonicWalls.  Our customers range from small CPAs to Towns, to manufacturing, to schools.  

SonicWalls are easy to configure, cost effective and work great.

And no, I don't work for Dell, and I'm not getting paid to say the above.
Blue Street TechLast KnightCommented:
Hi Rick,

First off I honestly don't believe you should be performing this task for a need a lot of experience to make a truly informed decision. Regardless, there are some fundamental concepts you should know about security:
Security is not a product it is a continuing persistent & rigorous process. What works very well today may not work very well tomorrow because things changes...threats vulnerabilities spring up, etc.
• There is no panacea!
• One of the better security architectures is a multi-layered one. This means security services should overlap each other (without causing compatibility issues or degradation of performance).

But regardless, you still should select the best defenses you can because although there is no silver bullet if your solution does not have the capabilities required to protect your organization from today's current threat landscape you have effectively moved your company into a not-if-but-when security posture.

SonicWALL, IMO, is going to be your best bet for a number of reasons but here are a few:
1. One of the best affordable machine learning security products on the market today;
2. SonicWALL beats out all other vendors 65-75% of the time in discovering new malware;
3. Their Network Sandbox is unparalleled - they can stop known and unknown threats at the gateway (before they reach the network). It is the first of its kind that blocks until you have a verdict in real-time (speaking of greylisting; obviously whitelists/blacklists don't require a judgement/verdict processing). It implements a full code detonation process and they are the only vendor capable of running RTDMI (Real-Time Deep Memory Inspection), which stops Spectre & Meltdown exploits. It's a revolutionary multi-engine virtual sandbox that processes all engines in parallel. Furthermore, it won CRN product of the year when it had only been release for 2 months unseating other competitors that had been there for far longer.
4. Their DPI-SSL inspection engine - This was a first in the market move as well to sanction MiTM (Man-in-the-Middle) attacks to fully inspect encrypted packets against the full SecStack. With now 72% of the Internet traffic being encrypted if you are not inspecting it you are not running a security baseline defense. Ransomware and numerous attacks & payloads are all fully encrypted.

No other vendor, that I know of, blocks as many attacks currently (2.6 Trillion IPS attacks and 7.2 Billion Malware Attacks).

Other vendors blocking capabilities' don't even come close. For example, last year Fortinet blocked 4,000 Ransomware attacks per day or 1,460,000/yr. SonicWALL blocked 1,747,900 Ransomware attacks per day or 638,000,000/yr. In the same year, SonicWALL blocked as many Ransomware attacks in a single day as Fortinet did for the entire year!

Look at the WannaCry ransomware outbreak: All the NHS sites protect by other vendors, including Sophos & Cisco went down...the SonicWALL protected sites were unaffected because SonicWALL blocked the vulnerabilities 3 weeks in-advanced via IPS.

Here are a few questions to ask potential vendors:
• Can they block Cerber - I highly doubt it! SonicWALL did before it was even known to the world.
• Can they block BadRabbit and how do they?
• Can they they block zero-day outbreaks? Again, I doubt many can. And if they start selling you on not having to patch because of their security advancements - Flags up/don't buy it - its a poor security practice to say so and do so.
• Also, ask if or how they inspect encrypted Internet traffic, especially when now 72% of web sessions are encrypted.

Additionally, compare all these vendors with the amount of vulnerabilities in the CVE & NVD dBs and you will see SonicWALL has one of the best (lowest) counts across the board.

Let me know if you have any questions!
Blue Street TechLast KnightCommented:
How many backdoors does Cisco have??? Just do a simple google search or dig into the CVE & NVD dBs, should be aware municipalities are targets!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.