Best Firewall option

Rick Whitehead
Rick Whitehead used Ask the Experts™
Hello I’m looking to putting in my first firewall. I’m looking for a good option for a municipality. If someone could help me out with this it would be great like I said this is my first and I don’t have any experience in it at all! Thanks.
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Rick, you mentioned municipality, please go with the major players, any of these:

Palo Alto Networks
Juniper Network
Rick WhiteheadIT Coordinator


Any certain Cisco products?

All of these companies have SAE (Sales Application Engineers), titles will vary. Use them in your design and selection. Please don't use experts here for the exact models...
Become a CompTIA Certified Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Of the above, we use Juniper and they are excellent. I assume the others in the list are good as well.

Adding to John's comment, the vendors I noted are all considered good.

More recently, in the past 3 years, I feel both, Juniper and Palo Alto Networks have provided better value to my network and sebuild-outsld outs.
Which firewall you get will depend solely on your needs and the needs of your company. Cisco, Juniper, SonicWALL, Fortinet are among the manufacturers that I would recommend. But depending on the amount of traffic the firewall will be processing, and what additional features and functionality will be utilizing  will also play into the decision making and the scale of the firewall you will purchase. Such and Example of additional functionality would be IDS,IPS, Content Filtration, VPN functionality just to name a few.

I would recommend it as well that if you are unsure of the needs or the traffic requirements of your company to bring in a 3rd party consultant such as one of the companies listed above to get the correct information in order to size your product for your needs.

Please pardon any misspelling or grammatical errors. Sent from my Mobile.
Scott CSenior Engineer

Just throwing in my 2 cents.  For 99% of our customers, we use SonicWalls.  Our customers range from small CPAs to Towns, to manufacturing, to schools.  

SonicWalls are easy to configure, cost effective and work great.

And no, I don't work for Dell, and I'm not getting paid to say the above.
Blue Street TechLast Knight
Distinguished Expert 2018

Hi Rick,

First off I honestly don't believe you should be performing this task for a need a lot of experience to make a truly informed decision. Regardless, there are some fundamental concepts you should know about security:
Security is not a product it is a continuing persistent & rigorous process. What works very well today may not work very well tomorrow because things changes...threats vulnerabilities spring up, etc.
• There is no panacea!
• One of the better security architectures is a multi-layered one. This means security services should overlap each other (without causing compatibility issues or degradation of performance).

But regardless, you still should select the best defenses you can because although there is no silver bullet if your solution does not have the capabilities required to protect your organization from today's current threat landscape you have effectively moved your company into a not-if-but-when security posture.

SonicWALL, IMO, is going to be your best bet for a number of reasons but here are a few:
1. One of the best affordable machine learning security products on the market today;
2. SonicWALL beats out all other vendors 65-75% of the time in discovering new malware;
3. Their Network Sandbox is unparalleled - they can stop known and unknown threats at the gateway (before they reach the network). It is the first of its kind that blocks until you have a verdict in real-time (speaking of greylisting; obviously whitelists/blacklists don't require a judgement/verdict processing). It implements a full code detonation process and they are the only vendor capable of running RTDMI (Real-Time Deep Memory Inspection), which stops Spectre & Meltdown exploits. It's a revolutionary multi-engine virtual sandbox that processes all engines in parallel. Furthermore, it won CRN product of the year when it had only been release for 2 months unseating other competitors that had been there for far longer.
4. Their DPI-SSL inspection engine - This was a first in the market move as well to sanction MiTM (Man-in-the-Middle) attacks to fully inspect encrypted packets against the full SecStack. With now 72% of the Internet traffic being encrypted if you are not inspecting it you are not running a security baseline defense. Ransomware and numerous attacks & payloads are all fully encrypted.

No other vendor, that I know of, blocks as many attacks currently (2.6 Trillion IPS attacks and 7.2 Billion Malware Attacks).

Other vendors blocking capabilities' don't even come close. For example, last year Fortinet blocked 4,000 Ransomware attacks per day or 1,460,000/yr. SonicWALL blocked 1,747,900 Ransomware attacks per day or 638,000,000/yr. In the same year, SonicWALL blocked as many Ransomware attacks in a single day as Fortinet did for the entire year!

Look at the WannaCry ransomware outbreak: All the NHS sites protect by other vendors, including Sophos & Cisco went down...the SonicWALL protected sites were unaffected because SonicWALL blocked the vulnerabilities 3 weeks in-advanced via IPS.

Here are a few questions to ask potential vendors:
• Can they block Cerber - I highly doubt it! SonicWALL did before it was even known to the world.
• Can they block BadRabbit and how do they?
• Can they they block zero-day outbreaks? Again, I doubt many can. And if they start selling you on not having to patch because of their security advancements - Flags up/don't buy it - its a poor security practice to say so and do so.
• Also, ask if or how they inspect encrypted Internet traffic, especially when now 72% of web sessions are encrypted.

Additionally, compare all these vendors with the amount of vulnerabilities in the CVE & NVD dBs and you will see SonicWALL has one of the best (lowest) counts across the board.

Let me know if you have any questions!
Blue Street TechLast Knight
Distinguished Expert 2018

How many backdoors does Cisco have??? Just do a simple google search or dig into the CVE & NVD dBs, should be aware municipalities are targets!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial