Top Next-Generation Firewall (NGFW) Vendors

Cybersecurity is getting more complicated, and so are security products. NGFWs are no exception, and IoT devices and the work-from-home craze that began in 2020 have made protecting the perimeter harder than ever.

NGFW features

Common NGFW features like policy enforcement for applications and user control, intrusion prevention, deep packet inspection, advanced threat protection, sandboxing, and threat intelligence feed integration are increasingly being augmented or integrated with newer edge-focused technologies like zero trust, SD-WAN security, microsegmentation, SASE and 5G support.

Our top NGFW products methodology is based on independent tests, user reviews, pricing data, vendor information, analyst reports, use cases, and market and mind share.

Top NGFW solutions

1 Prophaze Cloud WAF - First Behavioural Based API Security Platform

Visit website

First Native Cloud security platform. Prophaze Intelligence will block all the attacks targeting your web applications in the cloud. Go live in 15 minutes!

Learn more about Prophaze Cloud WAF - First Behavioural Based API Security Platform

2 CrowdStrike

Visit website

Alongside an industry-leading suite of security products, Crowdstrike’s straightforward firewall management solution has been highly regarded by users since launching in late 2019. No custom firewall implementation is required, and the solution is priced on a subscription basis per endpoint.

Learn more about CrowdStrike

3 Palo Alto Networks

Visit website

Palo Alto Networks came out on top of both the Gartner Magic Quadrant and Forrester Wave and scored well in our evaluation too. If you’re looking for top security and performance, Palo Alto’s NGFWs should be on your evaluation list. We’ve been impressed by the level of security provided by Palo Alto – see our top EDR products report – and NGFWs are no exception.

Learn more about Palo Alto Networks

4 Check Point

Visit website

Check Point has long been a leader in the firewall market. It offers Quantum Security Gateways for a wide range of use cases and CloudGuard FWaaS and cloud security products too. NSS Labs scored Check Point just behind Palo Alto in security effectiveness and ahead of Palo Alto in TCO. Check Point’s management features are among the best in the business, but SD-WAN capabilities are lagging.

Learn more about Check Point

5 Fortinet

Visit website

Fortinet is another perennial firewall favorite. Its NGFWs scored above average in NSS Labs tests, while its TCO per protected Mbps was near the top – in short, good security and performance for a good price. Fortinet has also posted strong test results in data center gateways, intrusion prevention, breach prevention and SD-WAN, so you’d be hard-pressed to find a cybersecurity vendor more willing to let its products undergo rigorous testing.

Learn more about Fortinet

6 Forcepoint

Visit website

Forcepoint offers some of the best security for the money, scoring high in both security effectiveness and TCO in NSS Labs tests. Behavioral analytics, SD-WAN, SASE, cloud support, management and FWaaS are strengths. Cloud and distributed offices are two particularly good use cases. Users report integration challenges and would like to see more robust reporting, but Forcepoint’s combination of security and value should bring Forcepoint greater consideration.

Learn more about Forcepoint

7 Cisco

Visit website

Cisco’s biggest strength may be the breadth of its offerings. Its zero trust, microsegmentation and SD-WAN capabilities have made it the early leader in the emerging zero trust market. In addition to its Firepower and Meraki firewalls, Cisco also offers impressive integration with its endpoint, cloud, networking and application security products.

Learn more about Cisco

8 WatchGuard

Visit website

WatchGuard shares a distinction with Palo Alto Networks: they were the only two vendors to have no observed evasions of the 11 firewalls tested in NSS Labs’ 2019 NGFW tests. WatchGuard came in fourth in TCO per protected Mbps, putting them right behind Forcepoint for best combination of security and value. WatchGuard was an honorable mention in our last NGFW report in August 2018; this time they’re moving up to a top vendor, and the acquisition of Panda Security will make them even better.

Learn more about WatchGuard

9 Juniper Networks

Visit website

Juniper and Huawei share the Most Popular award – their users rave about them. Juniper has been coming on strong in the security market with advanced features like machine learning-based detection. Cloud and zero trust features could use more development, but Juniper networking customers in particular should give the company’s SRX firewalls a serious look, and the company has strong capabilities for just about all enterprise use cases.

Learn more about Juniper Networks

10 Huawei

Visit website

Huawei scored highest in TCO in the 2019 NSS tests, making the company’s firewalls a compelling value for Huawei customers in particular, and data centers in general. CASB-like features make it good for SaaS use cases, and machine learning-based detection, SD-WAN and early 5G adoption are other strengths. FWaaS and better cloud-based management are needs. Users love everything about the company’s Unified Security Gateways (USG): value, implementation, capabilities and even support.

Learn more about Huawei

NGFW contenders

These are other strong firewall offerings that have found favor with buyers for particular use cases or markets:

Sophos: Sophos offers strong security and its users are happy, but deployment has mainly been tied to its XDR platform and excellent EDR product. A good choice for SMBs and some edge uses. Gartner lists Sophos as a Visionary in its Magic Quadrant, which should give you some idea of its capabilities and potential for growth.

SonicWall: A wide range of products, good security and positive user feedback. A good choice for SMBs in particular.

Barracuda Networks: Particularly good for AWS and Azure use cases.

Hillstone Networks and Sangfor: Positive user reviews but largely limited to China and Asia, with some presence in other regions.

Versa Networks: Strong security, but the vendor has been focused more on SD-WAN and SASE markets.

NGFW product comparisons

Here are a number of product comparisons that remain popular with readers. We are in the process of updating them.

NSS Labs NGFW tests

NSS Labs closed down a few months ago, so in the public interest we’re reproducing a graphic of its NGFW tests below. Note: former NSS Labs CEO Vikram Phatak is starting a new testing service at

NSS Labs NGFW tests

Paul Shread
eSecurity Editor Paul Shread has covered nearly every aspect of enterprise technology in his 20+ years in IT journalism, including an award-winning series on software-defined data centers. He wrote a column on small business technology for, and covered financial markets for 10 years, from the dot-com boom and bust to the 2007-2009 financial crisis. He holds a market analyst certification.

Latest articles

Database Security Best Practices

One reality of managing large organizations involves collecting massive amounts of sensitive data that is stored and managed in databases. This makes databases a...

ESET Product Review

Antivirus solutions have long been a staple of cybersecurity practices. However, antivirus is no longer enough to protect an entire organization's infrastructure.  Some antivirus solutions...

Kasada Product Review

Kasada is an automated bot detection and mitigation solution designed for enterprise web applications. Its aim is to stop bots from crashing websites, automating...

Crowdstrike Firewall Management Product Review

Crowdstrike's Firewall Management platform is a host firewall tool that centralizes defense against malware threats. It's a module within the broader Falcon endpoint protection...

Related articles


Please enter your comment!
Please enter your name here