Head, Network Security at a financial services firm with 1,001-5,000 employees
Real User
2022-08-18T09:47:34Z
Aug 18, 2022
This depends on the current firewall deployment within your organization.
If you currently have a legacy firewall that you need to replace, an estimate of the resource utilization (Interfaces, CPU, disk, etc.) and then adding a little more capacity for future growth will guide the specification of the device that you need to purchase and deploy.
If you do not have a firewall currently, the metrics that could guide you include: expected traffic capacity to guide interface size, log retention policy to guide disk sizing, number of users, etc.
The specification, in this case, may not be too accurate but will be obtained by estimation.
Senior Network Security Architect - EBTS Security Architecture at Guardian Life
User
Oct 25, 2024
@Ikechukwu Okonkwo Apart from Firewall capabilities and features what you are looking, but below inputs will give you what FW is required for your infra.
Usually, it is the Internet bandwidth, a number of users and (in the case of NGFW) you have to check if you are going to perform SSL filtering and application control, but lately, they are more concerned about the type of link to the Internet.
Almost all manufacturers have a link to check the size of the firewall, but unfortunately, it is for partners only. If it is possible to have more information we can make an approximation with SOPHOS or Fortinet, if you like.
Data Center - Assistant Group Manager (Information Security) at a financial services firm with 501-1,000 employees
Real User
2022-08-18T08:07:48Z
Aug 18, 2022
1st - Validate your current firewall session throughput and convert it to bytes (instead of bits).
2nd - You must consider the sizing based on Internet Bandwidth, number of users, and LAN connectivity. Internet bandwidth will play a significant role in choosing the right firewall.
3rd - Features & services may also play a significant impact by enabling specific modules like Threat Protection, URL Filter, Sandbox, Anti-Malware, and Anti-Bot.
Firewalls are essential components of network security, acting as barriers between secure internal networks and potentially hazardous external connections. These tools monitor and control incoming and outgoing network traffic based on predetermined security rules.
This depends on the current firewall deployment within your organization.
If you currently have a legacy firewall that you need to replace, an estimate of the resource utilization (Interfaces, CPU, disk, etc.) and then adding a little more capacity for future growth will guide the specification of the device that you need to purchase and deploy.
If you do not have a firewall currently, the metrics that could guide you include: expected traffic capacity to guide interface size, log retention policy to guide disk sizing, number of users, etc.
The specification, in this case, may not be too accurate but will be obtained by estimation.
@Ikechukwu Okonkwo Apart from Firewall capabilities and features what you are looking, but below inputs will give you what FW is required for your infra.
Usually, it is the Internet bandwidth, a number of users and (in the case of NGFW) you have to check if you are going to perform SSL filtering and application control, but lately, they are more concerned about the type of link to the Internet.
Almost all manufacturers have a link to check the size of the firewall, but unfortunately, it is for partners only. If it is possible to have more information we can make an approximation with SOPHOS or Fortinet, if you like.
1st - Validate your current firewall session throughput and convert it to bytes (instead of bits).
2nd - You must consider the sizing based on Internet Bandwidth, number of users, and LAN connectivity. Internet bandwidth will play a significant role in choosing the right firewall.
3rd - Features & services may also play a significant impact by enabling specific modules like Threat Protection, URL Filter, Sandbox, Anti-Malware, and Anti-Bot.
Depends on the firewall and its purpose, but a rule of thumb is to buy based on all UTM features turned on, e.g. protected Mb throughput.
Different vendors have a slower speed for each option you enable on their devices so overestimate the size.
Some vendors will tell you the % of slowdown but consider double the line speed to compensate for the device's slowdown.