Evaluate 5 NGFW Firewalls Five Points

My own criteria list, although using ideas from a 2012 discussion of NGFW InformationWeek-NetworkComputing:

#1 Profitability and longevity.  You don’t want to buy a firewall and then have the company have financial problems even 5 years down the road.  (so startups need not apply – sorry)

#2 Speed throughput – we have to be capable of running our email, web, applications, and more without a speedbump.

#3  What can the NGFW claim to catch? SQL injection? malware, and more – sure it won’t catch all, but some is good and more is better.

#4  Social media inspection and other potential encrypted communications, logging etc. It would be great if it can inspect SSL/TLS encrypted communications.

#5  Co$t  of course – It may do everything but we can’t afford it, so that does not help.



So using these 5 Criteria


Latest rage is PaloAltoNetworks https://www.paloaltonetworks.com/products/platforms/firewalls.html   Datasheet  PA-3050

McAfee NGFW  http://www.mcafee.com/us/resources/data-sheets/ds-next-generation-firewall-appliance-spec-sheet.pdf

Cisco ASA  NGFW 

Checkpoint   http://www.checkpoint.com/downloads/product-related/datasheets/13500-appliance-datasheet.pdf


Dell SonicWALL  http://www.sonicwall.com/us/en/products/SuperMassive-E10000.html#tab=features


Of course this is only a 1 hour review of these 5 firewalls.  I did not look at Cost, as that would require more time commitments and spec discussions.




I want to focus on the aspect of SSL tunnel inspections – I was suprised not to see the Checkpoint firewall has a SSL/TLS inspection capability on their marketing literature and info online (without discussing  with sales)  i was not surprised with Cisco ASA, as I consider Cisco’s ASA firewall a good basic firewall these days, but not really a NGFW.  Kinda surprised Cisco even mentions it on their site – it is considered anNGFW, but maybe it will get more features as time passes.  here is a snippet from their website:


Contact us to let us know what models you are currently evaluating and we can help


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.