Next-Generation Firewalls and Your Network Security System



Is your business looking to move to the cloud but worried about its safety?

We think you are right to be cautious but there can be many factors in place to keep your business secure.

As the threat from cybercriminals grows rapidly, standard firewalls are no longer enough to keep them out.

A next-generation firewall (NGFW) is now essential for full protection against hackers and malware when it comes to network security.

In this article, we look at two of the best NGFWs on the market.

Is your business looking to move to the cloud but worried about its safety?

We think you are right to be cautious but there can be many factors in place to keep your business secure.

What is a Next-Generation Firewall?

Before we begin a comparison of two of the best NGFWs on the market, it is worth explaining exactly what they are.

A next-generation firewall is a network security device to protect an organisation from internal and external threats.

A traditional firewall protects against packet filtering, IPsec and SSL VPN support, network monitoring and IP mapping. As well as these, the NGFWs possess deeper content inspection capabilities like application awareness and control, integrated intrusion prevention and cloud-delivered threat intelligence.

These additional capabilities can identify attacks, malware and block them.

NGFWs provide organisations with SSL inspection, application control, intrusion prevention and advanced visibility across the entire attack surface.

Which Next-Generation Firewall Should I Choose?

There are several leading names in NGFW. Two of the leaders according to the Gartner Magic Quadrant for Network Firewalls are Fortinet and Cisco.

It’s a battle of the giants, think Godzilla vs Kong, Batman vs Superman, or Thor vs Hulk, there is not necessarily one that is better than the other, but your business and your budget will dictate the one you choose.

Cisco Firepower NGFW vs Fortinet FortiGate NGFW

Both the Cisco and Fortinet NGFW provide security for network applications including firewall, web filtering and comprehensive visibility. It also has advanced layer 7 security, threat protection, intrusion prevention, and application control.

They may do the same job but there are standout features of each along with limitations that may affect your choice.

The Cisco Firepower is easy to deploy and works well in most environments. It adapts well to small and medium-scale servers. Customers like the VPN for connecting remote users to the network or connecting one site to another and businesses appreciate the web filtering component. The hardware is reliable, as is the Cisco technical support.  Large established businesses tend to choose the Firepower software, especially if their current environment is already Cisco.

Some people find the interface can be difficult to use as most are not fully aware of Firepower’s software functionality and features and small businesses can find the cost just too high.

The Fortinet FortiGate handles traffic spikes and larger server loads with ease. The interface is simple to use, and the firewall is easy to configure. A simple pricing structure allows businesses to pay only for the services they use. FortiGate is more popular among medium-sized businesses, which are more likely to be price sensitive.
The downside of FortiGate’s simplified pricing is that it does affect scalability. If a user wants to increase server performance, they must buy additional products. While the GUI interface is good and very easy to get around, the command line prompt can be confusing to use.

In Summary

The Cisco Firepower is a solid device to protect your perimeter from potential attacks and is very capable of doing everything you would expect from an NGFW. It can scale very quickly and provides a nice interface to review and deploy. It offers features like URL filtering, malware protection, as well as integration with endpoint security, network traffic analysis, web gateway, email security, and network access control. It supports control of well over 4,000 commercial applications with its Layer 7 application firewalling. There is however a learning curve with this product, especially if there has been little or no exposure to the previous ASA version but as you would expect being a Cisco product there is a wealth of information online to help.

Fortinet FortiGate is a high-performing solution for organisations that are looking for multiple features and security. It also offers various features like SSL VPN, Load Balancing, Malware scanning and SD-WAN. It easily lets you manage your network traffic and filter the righteous requests. It also helps the administrators with features like User access control, real-time monitoring and alerting, intrusion prevention. It is a one-stop solution and has a lot to offer.

See how both the Cisco Firepower NGFW and Fortinet FortiGate NGFW are highly rated by their customers.

Writer’s View

This article highlights a fraction of the capabilities of both products and a small sample of the pros and the cons of each. I use and support both products at IT Naturally and began getting to grips with the Cisco Firepower a couple of years ago, before starting to use the Fortinet FortiGate with its unicorn-like fluffy GUI, which was surprisingly simple to use once I had got the hang of it.

Do I have a personal preference? No…both products are straightforward to use, but both can be a nightmare to troubleshoot if an entry is implemented wrong.

The main thing to consider is you must upgrade. Traditional firewalls are falling behind, unable to offer protection at scale, which leads to poor user experience and weak security posture. NGFWs not only block malware but also include paths for future updates, giving them the flexibility to evolve with the threat landscape and keep the network secure as new threats arise.

Next-generation firewalls are seen by IT Naturally as a vital component of implementing network security, so do get one in place.

Read more about IT Naturally’s Network Management Service

IT Naturally can manage your network security with a next-generation firewall as standard.