Ten Top Next-Generation Firewall (NGFW) Vendors

Share it on Twitter  
Share it on Facebook  
Share it on Google+
Share it on Linked in  

Next-generation firewalls (NGFWs) are at the core of an enterprise security strategy, and the best ones incorporate policy enforcement for applications and user control, intrusion prevention, deep packet inspection, sandboxing, and threat intelligence feeds – the ones included in this buying guide all offer those features.

Where they differ from one another is in pricing, performance, ease of installation and use, effectiveness at blocking threats, and advanced features such as cloud protection, application visibility, and integration with other security products. Generally, the more you pay, the more features the product offers and the greater breadth of use cases covered, so buyers must decide what the right product is for them based on the level of protection they need, their budget, and their in-house technical expertise.

NGFWs won't protect an enterprise from everything, like all cloud and insider threats, and over time, NGFW vendors will face increased pressure from cloud and software solutions, but for now, the $10 billion enterprise firewall market remains strong and growing.

Here are our picks for top NGFW vendors, with links to in-depth pieces on each vendor, and we've included a chart at the end of this article comparing key features such as security effectiveness, value, technical support and ease of installation and management. Read more about our top security vendor methodology.

Jump ahead:

Fortinet FortiGate

Fortinet FortiGate firewalls offer top security at a good price point, making them one of the most popular firewall vendors and a frequent finalist on enterprise shortlists. FortiGate firewalls fared well in NSS Labs tests, where they received high marks for security effectiveness, performance and value. If you're looking for top security at a good price point, Fortinet should be on your evaluation list.

See our in-depth look at Fortinet FortiGate.
user reviews for Fortinet FortiGate.

Forcepoint NGFW

Forcepoint firewalls might set you back a little more, but you get best-in-class security and performance for your money. Top-notch R&D has produced features such as detection engines resistant to evasion techniques and a strong centralized management console.

See our in-depth look at Forcepoint NGFW.
user reviews for Forcepoint NGFW.

Palo Alto Networks PA Series

Palo Alto Networks also isn't cheap, but offers NGFWs with strong security and performance that top all comers, and breadth of features to match. Gartner notes that Palo Alto frequently winds up with the highest overall evaluation score on shortlists.

See our in-depth look at the Palo Alto Networks PA Series.


SonicWall offers a firewall for everyone, and is ranked as a good value too, with good performance and ease of management. The company offers its SuperMassive line for the largest networks; NSA for midrange companies; and TZ series firewalls for small companies.

See our in-depth look at SonicWall next-generation firewalls.

Barracuda F-Series

Not every NGFW vendor offers strong cloud support, but it's an area where Barracuda shines: With support for AWS, Azure, Google Cloud and VMware vCloud Air, the company's cloud capabilities are market-leading, and strong VPN features support distributed office use cases.

See our in-depth look at the Barracuda F-Series.
See user reviews for Barracuda F-Series.

Cisco Firepower NGFW

Cisco's biggest strength might be the breadth of security services it offers or integrates with its firewall, among them intrusion prevention, advanced malware protection, cloud-based sandboxing, URL filtering, endpoint protection, web gateway, email security, network traffic analysis, network access control and CASB. However, that broad protection comes with above average prices.

See our in-depth look at Cisco Firepower NGFW.

See user reviews for Cisco Firepower NGFW.

Check Point Advanced Threat Protection

Check Point's breadth of offerings and features give it broad applicability, and centralized management and role-based administration are market-leading features. The firewalls combine perimeter, endpoint and mobile security, and also offer application control, URL filtering, data loss prevention and strong cloud protections.

See our in-depth look at Check Point Advanced Threat Protection.

Sophos XG Firewall

Sophos XG Firewalls are good candidates for mid-sized and distributed enterprises and those already using Sophos' endpoint protection solution. Dedicated remote branch devices and an easy-to-learn management interface are also strengths.

See our in-depth look at Sophos XG Firewall.

See user reviews for Sophos XG Firewall.

Juniper Networks SRX

Juniper is a good candidate for enterprises desiring high throughput at low cost and advanced routing support, and for those combining security and networking purchases. Ease of management, branch office offerings and software-defined secure network (SDSN) technology are also positives.

See our in-depth look at Juniper Networks SRX.

See user reviews for Juniper Networks SRX.

Huawei USG

Huawei is strongest with Asia and EMEA countries seeking value and performance, and for Huawei networking customers. Support for EMEA compliance requirements are another strength.

See our in-depth look at Huawei USG.

Honorable Mentions

Lastly, two honorable mentions: WatchGuard and Versa Networks both demonstrated good security performance and value in NSS Labs tests.

Top Next-generation firewall vendors compared

best ngfw products

Submit a Comment

Loading Comments...