Here are our picks for top NGFW vendors, with links to in-depth pieces on each vendor, and we’ve included a chart at the end of this article comparing key features such as security effectiveness, value, technical support and ease of installation and management. Read more about our top security vendor methodology.
1. Fortinet FortiGate
Fortinet FortiGate firewalls offer top security at a good price point, making them one of the most popular firewall vendors and a frequent finalist on enterprise shortlists. FortiGate firewalls fared well in NSS Labs tests, where they received high marks for security effectiveness, performance and value. If you’re looking for top security at a good price point, Fortinet should be on your evaluation list.
Forcepoint firewalls might set you back a little more, but you get best-in-class security and performance for your money. Top-notch R&D has produced features such as detection engines resistant to evasion techniques and a strong centralized management console.
Palo Alto Networks also isn’t cheap, but offers NGFWs with strong security and performance that top all comers, and breadth of features to match. Gartner notes that Palo Alto frequently winds up with the highest overall evaluation score on shortlists.
SonicWall offers a firewall for everyone, and is ranked as a good value too, with good performance and ease of management. The company offers its SuperMassive line for the largest networks; NSA for midrange companies; and TZ series firewalls for small companies.
Not every NGFW vendor offers strong cloud support, but it’s an area where Barracuda shines: With support for AWS, Azure, Google Cloud and VMware vCloud Air, the company’s cloud capabilities are market-leading, and strong VPN features support distributed office use cases.
Cisco’s biggest strength might be the breadth of security services it offers or integrates with its firewall, among them intrusion prevention, advanced malware protection, cloud-based sandboxing, URL filtering, endpoint protection, web gateway, email security, network traffic analysis, network access control and CASB. However, that broad protection comes with above average prices.
Check Point’s breadth of offerings and features give it broad applicability, and centralized management and role-based administration are market-leading features. The firewalls combine perimeter, endpoint and mobile security, and also offer application control, URL filtering, data loss prevention and strong cloud protections.
Sophos XG Firewalls are good candidates for mid-sized and distributed enterprises and those already using Sophos’ endpoint protection solution. Dedicated remote branch devices and an easy-to-learn management interface are also strengths.
Juniper is a good candidate for enterprises desiring high throughput at low cost and advanced routing support, and for those combining security and networking purchases. Ease of management, branch office offerings and software-defined secure network (SDSN) technology are also positives.
Huawei is strongest with Asia and EMEA countries seeking value and performance, and for Huawei networking customers. Support for EMEA compliance requirements are another strength.
See these pages to compare two NGFW vendors against each other:
- Sophos XG vs. SonicWall
- Sophos XG vs. Fortinet
- Fortinet vs. Palo Alto
- Check Point vs. Palo Alto
- SonicWall vs. Palo Alto
- SonicWall vs. Fortinet
- Cisco vs. Juniper
Lastly, two honorable mentions: WatchGuard and Versa Networks both demonstrated good security performance and value in NSS Labs tests.