Which firewall should I use in my business?
We work with hundreds of customers each year and a very common question we are asked is what firewall is the best choice. We spend a lot of time administering firewalls, protecting networks with firewalls and keeping the network performance tuned. The right firewall depends on your type of business, so in order to make the right choice, consider the following:
The first thing to understand about firewalls is not all firewalls are the same. There is a big difference between a firewall that is considered residential/non-business grade and a commercial grade firewall.
The firewalls you can buy at your local best buy are not commercial grade, they are variations of residential grade. Residential grade firewalls range in cost from $75 to $400 and often times have built-in wireless functionality. They cost less than business grade firewalls and they should because they are not meant protect at the capacity a commercial business requires. What the residential firewalls are missing from a business management standpoint is significant. Residential grade firewalls do not have meaningful Intrusion Detection, Content Filtering, Gateway Anti-virus, Gateway Anti-spam, GEO-IP filtering, Radius authentication, Multi-access point secure wireless, VPN, and performance levels acceptable for more users. Furthermore, they are not made with strong levels of hardware reliability. Meaning, they must be rebooted all the time and they die much quicker and need replacing more often. The common brands that are residential grade are Linksys, Netgear, D-Link, Zyxel, Asus, Acer, and TP-Link. Despite what some may claim, pretty much none of their products are truly made at business grade. That list is not comprehensive but is the most common ones we see a small business owners try to use to save some money.
Now with that being said, not all commercial grade firewalls are the same either. There are many brands out there as well, some better than others, that cater differently to various business needs. This means that while figuring out which one is the right one for your business, it depends on the type of business you operate. If you are handling sensitive customer information such as medical records, financial or legal information or are selling products that have high compliance regulations, such as various manufactured machine parts, you will need a firewall that is extremely reliable and offers the highest level of security. Make no mistake about it though, any commercial grade firewall that has its security features licensed and configured correctly is better than any residential grade firewall.
Aside from this —A very important thing to know about your business’s firewall needs, is to know that most IT providers will sell a client a business class firewall and then proceed to not license the security features. Some IT Providers will handle commercial firewalls as a one time purchase and not ensure the security features are licensed. IT providers who do this to their customers should be ashamed. Even worse, we have come across more than one situation where a customer purchased a commercial grade firewall and purchased the additional security feature’s licensing; only to find out the IT provider never turned the security features on or poorly configured them. Unfortunately, the IT profession is filled with incompetence and there is no area more lacking in understanding amongst IT professionals than IT security. Be sure that if you have a commercial grade firewall, you also have the security features licensed and configured. Your provider should be able to show you screenshots or login to the firewall with you and show you the configured features.
Now for the nuts and bolts of this….
Here are some business grade firewalls we recommend you avoid because they are notoriously less effective with their security, difficult to manage, or are more likely to be slow or die on you.
Ubiquiti –a lot of providers have started recommending this to their clients because they are cheap and technically have some business features. The downside is that they fail badly on the security side of things and their performance doesn’t match that of the higher quality options.
SonicWALL – This brand has been put through the private equity ringer a couple times and is struggling to find its way. There are many die-hard long-term fans of their product. Many years ago, it was our go-to product. Then they began to change. Where the SonicWALL product fell was when Dell acquired them. They pretty much gutted the security and performance of the product and ruined the channel sales process (like Dell tends to do). A couple years back SonicWALL was sold off from Dell and back into private equity. They are working hard to regain their former glory years, but the product is just not there.
WatchGuard – This is a long-standing firewall product that a few IT providers gained a preference for. The problem is that their technology has fallen behind, and they are both weak in performance and in security compared to the new players that are more innovative and effective.
Here are some commercial grade firewalls we know to be very good:
Sophos – Sophos is a very good cybersecurity software company that is leading the way in both firewall and endpoint protection or antivirus. Their products are consistently and independently rated the most effective. Even more unique is their synchronized security functionality where their firewall and their endpoint protection talk to each other and help each other better protect the environment. Sophos has their NextGen firewall models in their XG series. For any company under 10,000 users, Sophos is the best firewall option and our number 1 recommendation. They have excellent security features and high level of performance in small and medium sized business.
Cisco – Cisco is the standard for all forms of networking and their firewalls are no exception. If your organization has 25,000 users, Cisco is a great choice for many networking components such as switches, wireless and firewalls. The only reason we don’t recommend them in the small and medium sized business world is they are significantly more expensive to purchase, and it takes significantly more expertise and training to operate them correctly. Most of the Cisco firewalls we see in use in small business are simply not configured to use the security features because of cost and expertise. For these reasons, we only recommend them in enterprise business situations.
Palo Alto – Palo Alto is an amazing organization with solid Silicon Valley roots. Their technology is very enterprise focused and is amongst the most secure and high performing. Like Cisco, they are leaders in the firewall industry and are excellent where budgets are big and IT expertise in their product is deep. This makes them a great enterprise choice and a tough one for the small and medium sized businesses.
Fortinet – Fortinet has built and amazing company that addresses many networking features including firewall and wireless. They have offerings that work well in the small, medium, and enterprise spaces. Their security functionality is good, and they have good performance in their product suite as well.
I hope this blog has helped you understand the major difference between popular firewalls. Please reach out to us if you have any questions and we’d be happy to help.