Cybersecurity is getting more complicated, and so are security products. NGFWs are no exception, and IoT devices and the work-from-home craze that began in 2020 have made protecting the perimeter harder than ever.
Common NGFW features like policy enforcement for applications and user control, intrusion prevention, deep packet inspection, advanced threat protection, sandboxing, and threat intelligence feed integration are increasingly being augmented or integrated with newer edge-focused technologies like zero trust, SD-WAN security, microsegmentation, SASE and 5G support.
Our top NGFW products methodology is based on independent tests, user reviews, pricing data, vendor information, analyst reports, use cases, and market and mind share.
Top NGFW solutions
1 Prophaze Cloud WAF - First Behavioural Based API Security Platform
First Native Cloud security platform. Prophaze Intelligence will block all the attacks targeting your web applications in the cloud. Go live in 15 minutes!
Alongside an industry-leading suite of security products, Crowdstrike’s straightforward firewall management solution has been highly regarded by users since launching in late 2019. No custom firewall implementation is required, and the solution is priced on a subscription basis per endpoint.
3 Palo Alto Networks
Palo Alto Networks came out on top of both the Gartner Magic Quadrant and Forrester Wave and scored well in our evaluation too. If you’re looking for top security and performance, Palo Alto’s NGFWs should be on your evaluation list. We’ve been impressed by the level of security provided by Palo Alto – see our top EDR products report – and NGFWs are no exception.
4 Check Point
Check Point has long been a leader in the firewall market. It offers Quantum Security Gateways for a wide range of use cases and CloudGuard FWaaS and cloud security products too. NSS Labs scored Check Point just behind Palo Alto in security effectiveness and ahead of Palo Alto in TCO. Check Point’s management features are among the best in the business, but SD-WAN capabilities are lagging.
Fortinet is another perennial firewall favorite. Its NGFWs scored above average in NSS Labs tests, while its TCO per protected Mbps was near the top – in short, good security and performance for a good price. Fortinet has also posted strong test results in data center gateways, intrusion prevention, breach prevention and SD-WAN, so you’d be hard-pressed to find a cybersecurity vendor more willing to let its products undergo rigorous testing.
Forcepoint offers some of the best security for the money, scoring high in both security effectiveness and TCO in NSS Labs tests. Behavioral analytics, SD-WAN, SASE, cloud support, management and FWaaS are strengths. Cloud and distributed offices are two particularly good use cases. Users report integration challenges and would like to see more robust reporting, but Forcepoint’s combination of security and value should bring Forcepoint greater consideration.
Cisco’s biggest strength may be the breadth of its offerings. Its zero trust, microsegmentation and SD-WAN capabilities have made it the early leader in the emerging zero trust market. In addition to its Firepower and Meraki firewalls, Cisco also offers impressive integration with its endpoint, cloud, networking and application security products.
WatchGuard shares a distinction with Palo Alto Networks: they were the only two vendors to have no observed evasions of the 11 firewalls tested in NSS Labs’ 2019 NGFW tests. WatchGuard came in fourth in TCO per protected Mbps, putting them right behind Forcepoint for best combination of security and value. WatchGuard was an honorable mention in our last NGFW report in August 2018; this time they’re moving up to a top vendor, and the acquisition of Panda Security will make them even better.
9 Juniper Networks
Juniper and Huawei share the Most Popular award – their users rave about them. Juniper has been coming on strong in the security market with advanced features like machine learning-based detection. Cloud and zero trust features could use more development, but Juniper networking customers in particular should give the company’s SRX firewalls a serious look, and the company has strong capabilities for just about all enterprise use cases.
Huawei scored highest in TCO in the 2019 NSS tests, making the company’s firewalls a compelling value for Huawei customers in particular, and data centers in general. CASB-like features make it good for SaaS use cases, and machine learning-based detection, SD-WAN and early 5G adoption are other strengths. FWaaS and better cloud-based management are needs. Users love everything about the company’s Unified Security Gateways (USG): value, implementation, capabilities and even support.
These are other strong firewall offerings that have found favor with buyers for particular use cases or markets:
Sophos: Sophos offers strong security and its users are happy, but deployment has mainly been tied to its XDR platform and excellent EDR product. A good choice for SMBs and some edge uses. Gartner lists Sophos as a Visionary in its Magic Quadrant, which should give you some idea of its capabilities and potential for growth.
SonicWall: A wide range of products, good security and positive user feedback. A good choice for SMBs in particular.
Barracuda Networks: Particularly good for AWS and Azure use cases.
Hillstone Networks and Sangfor: Positive user reviews but largely limited to China and Asia, with some presence in other regions.
Versa Networks: Strong security, but the vendor has been focused more on SD-WAN and SASE markets.
Here are a number of product comparisons that remain popular with readers. We are in the process of updating them.
- Sophos XG vs. SonicWall
- Fortinet FortiGate vs. Forcepoint
- Sophos XG vs. Fortinet
- Fortinet vs. Palo Alto
- Check Point vs. Palo Alto
- SonicWall vs. Palo Alto
- SonicWall vs. Fortinet
- Cisco vs. Juniper
NSS Labs closed down a few months ago, so in the public interest we’re reproducing a graphic of its NGFW tests below. Note: former NSS Labs CEO Vikram Phatak is starting a new testing service at CyberRatings.org.