We help IT Professionals succeed at work.

Firewall model suggestions 2

207 Views
Last Modified: 2019-01-26
Dear Experts, based on your experience, what are the important parameters that you will focus in defending DDoS attack when choosing Firewall model?
Many thanks!
Comment
Watch Question

Exec Consultant
CERTIFIED EXPERT
Distinguished Expert 2019
Commented:
This problem has been solved!
(Unlock this solution with a 7-day Free Trial)
UNLOCK SOLUTION
DarinTCHSenior CyberSecurity Engineer
CERTIFIED EXPERT

Commented:
What size organization?
For enterprise
The leader is PaloAlto
Also Juniper
Cisco and checkpoint have decent market share....but their technology is old
Smaller business.....fortinet....maybe sonicwall or barracuda

So depending on your size....they address DDOS in different ways
Most always it includes a threshold limit...when X volume is triggered traffic is dropped
Also a proactive defense is a key point....what type of business are you protecting....then the advice can be more pointed...and less generic
DP230Network Administrator
CERTIFIED EXPERT

Author

Commented:
We have about 300 users here and 30 servers, how about the parameters such as Concurrent connections and New connections per second?

We are thinking of Sophos and Fortinet
btanExec Consultant
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Yes. Here is one example from Corero
https://www.corero.com/resources/files/datasheets/SmartWall%2520TDS%2520Network%2520Threat%2520Defense%2520Appliance%2520Datasheet.pdf

Maximum Throughput (Gbps) 10 Gbps full-duplex or 20 Gbps unidirectional (1 Gbps when deployed with 1G SFP modules)

Maximum Throughput (Packets Per Second) 30 Mpps (3 Mpps when deployed with 1G SFP modules)

MTU Performance Max PDU 9100 Line rate, 10 Gbps 30 Mpps

Jumbo Frames Yes

Typical Latency <0.5uS

Typical Inspected Latency < 60 uSec

Maximum Concurrent Sessions 16 Million

Maximum Session Setup/Teardown 1 Million/Sec

Maximum SYN Flood DoS Protection Rate Line-rate

Attack Reaction Time < 3 seconds

IP Reputation / Geolocation lookups per second 1 Million/Sec

IP Addresses Blocked/Shunned Per Second 15 Million/Sec blocked, 1 Million/Sec shunned

Maximum Number of TCP Connections/ UDP flows 16 Million
DarinTCHSenior CyberSecurity Engineer
CERTIFIED EXPERT

Commented:
I would still say PALO for that size -- but its pricey
then again you get what you pay for and has many other features....
these days security is more about Malware - BOTNETS - Ransomware - malicious code and sites
my company rarely sees DDOS anymore
pretty much limited these days to a few industries...financial...education etc

these guys have decent GUI also - not Cisco tho

Fortinet would be my choice for the smaller and mid size company if budget conscious

here is a report that has them at the top
https://www.itcentralstation.com/categories/firewalls

and a gartner link - from fortinet
https://www.fortinet.com/solutions/gartner-enterprise-firewalls-mq.html
DarinTCHSenior CyberSecurity Engineer
CERTIFIED EXPERT

Commented:
one more

PAN was best but costly and Fortinet was more affordable
https://www.esecurityplanet.com/products/top-ngfw-vendors.html
btanExec Consultant
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Can also check out forrester report (though old but relevant) on the various key DDoS providers, mainly on cloud service and on premise. Enterprise support can still consider DDoS cloud service like in your case if server publicly accessible - more worthy as the attack scale up beyond a on premise for those system.

Regardless, of interest below is info on Fortinet :

Fortinet partners with Verisign for a cloud-based DDoS offering for those customers requiring a hybrid solution.  Customer references gave Fortinet positive feedback for detecting and mitigating layer 3 and layer 4 attacks, as well as for its on-premises implementation services and ongoing technical support.

 One shortcoming of the standalone Fortinet DDoS solution is that it cannot inspect SSL traffic. Customers rated the firm below-average for reporting and visibility in areas ranging from the ability to customize dashboards and reports to executive level and compliance reporting.  

Existing enterprise and service provider clients of Fortinet that need an on-premises DDoS solution as part of their hybrid strategy should consider Fortinet.

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions