If you could go back, would you change your decision to buy that firewall and why?

This answer depends on the provider one has. These days people in enterprise are moving away from big names to Fortinet, WatchGuard.
I would recommend them to stick to secure architecture than just names. Check the frequency at which their threat database is updated. Ask them about their threat Intelligence provider. Is it in-house vs third-party? Check if they have an integrated suite rather than just a one-off product. See how long have they been in the market and where are they positioned in Gartner Report. Now coming to the original question, do I want to change my Vendor for my security services. My answer is no.

If I could go back and buy a different firewall, I would do so immediately.

The main reason is that when layer 7 capabilities are implemented, everything changes in terms of:

* Performance
* Functionalities
* Routing
* Reliability

I would buy a much stronger firewall i.t.o. CPU power, more ethernet ports.
Salespersons always try to sell you what they think will be best, but the technical person should have the final say in the decision-making process.
.

I read below the following: QUOTE Sophos XG Firewall a couple of years ago came up with the deployment wizard option. This has made a really easy deployment. UNQUOTE

I read this and it comes to my mind that because of this the product is really effective? What is the balance of real efficiency against how nice the interface is?

Where I work now I was asked to quote FortiGate but because it was more expensive than Sophos and they had friendships with that provider, they purchased Sophos. Then if they enabled the antivirus the CPU was running at 90%, slow traffic and it blocks things it should not.

So, I am confused and cannot discern anymore any logic/s, if that ever exists. But I am quite sure that the book I wish to write: Inefficiency by incapacity, maybe more a library as a single book may not be enough?

I'm not sure if this is the correct question. If the question is: Would you consider another firewall every year? then the answer is yes. The technology landscape is changing so often today that we can no longer invest and hope for it to last 3-5 years. Sometimes a small new feature could make the difference and make you choose another product. So keep checking what is out there every year and you will know when it's time for a change.

I would change my firewalls with NSX edge gateways, which have all the basic functionality of firewall and For NG inspection and defense I will implement FTD or PaloAlto VM.

No, it was a good decision to buy this firewall. It is perfect for my usage (small company, 8 users) and easy to manage with OPNSense.

No, I will keep my FortiGates thank you very much and here’s why:

* Traffic visibility is now 20/20 or better.
* Troubleshooting time has been reduced drastically.
* On-the-fly packet captures isolates or eliminates areas of focus.
* Rulesets are intelligently implemented because there is a holistic view of the entire policy and active feedback on non-compliant, duplicate, or shadow rules in real-time.
* Integration into roadmap items such as SD-WAN, WiFi, port security, etc.

If it is about saving money answer is no. Saving money is not aways the case. Some products has easy way of maintaining than other.

With the Cisco Meraki and FortiGate solutions, we have no regrets. It does what it's designed to do and just keeps on getting better on the deployment side. From security to performance, these solutions just work. Fair understanding is required to set up properly but once configured it's almost set and forget. Reporting is also a plus on these 2. No fancy configuration of an on-premise analyzer solution required.

Not at all, or maybe would go for stronger firewall for several clients as it can be quickly overwhelmed by traffic.

Not yet have answer for that question, so far still can afford my needs. Find more inform info@jedi.id

I wouldn't change my choice. It is a solid product.

If I could go back, then I would buy a Fortinet FortiGate firewall. Fortinet has a complete end to end security portfolio and the Firewall is better then all others which include powerful hardware with Multiprocessor and the operating system FortiOS robust.

I am a Cisco awarded trainer and used to have a Cisco ASA 5506. I got rid of it straight away. I will not touch it ever again. Yes, it may sound, but you are a Cisco trainer, ok? Yes, and I do like and respect Cisco when it comes to routers and switches but I purchased a Fortinet product and will not change it for anything else in the world.

I have not found in my usage (yes, I have one deployed at home and deployed others, 18 of them, in medical centers) nothing else comes close. Their ASIC chips can handle speed and many other features. Are they 100% perfect? No, but, again, they are the best. They have Forticlient, but when it comes to endpoint security, Symantec Endpoint eats them for breakfast. I do not like the Forticlient at all. Not because I do not like, they do not perform as Symantec Endpoint does, simple as that. In addition to email spam, I did get 3 spams in my mail server regardless of anything else. Why? Well, that story costs $150K US dollars. And when someone knows how things work, even I take the Netflix content, and I will stop here. Simple as that. Summary, Fortigate is a 99 out of 100 product. I will not change the decision to buy another one since I have not used, test and demonstrate to me there is something better.

No, we're happy.

No, I wouldn't change my decision because it was proved that it was the correct selection.

No, I wouldn't change my mind but would add "XG from Sophos".

Sophos XG Firewall a couple of years ago came up with the deployment wizard option. This has made a really easy deployment. Comprehensive security with outstanding user experience. Sophos has simplified the approach for the SMB, middle-market and pragmatic enterprises who value a complete security set (and easy to use)
• On-Box Logging & Reporting Our built-in reporting the admins know exactly what's happening and are able to fix problems fast, and shape policies to keep users secure
• Endpoint/Network Security Heartbeat proven endpoint agent and firewall technology to create a security link connecting multiple points of security via the network.
• Connect remote offices easily with Sophos RED (Remote Ethernet Device) provides secure remote access to a branch with no need to centrally manage multiple UTMs Sophos offers a web-based interface integrated into all the devices. Admins can access a single device from anywhere in the world (depending on configuration) using a recent browser. There is no specific need to use a CLI, scripts, special tools, or a Windows application for management. Web management is integrated in all the physical and virtual devices and does not require a separate management device. Users also have access to a self-service portal for certain functions including application access, remote browser session (HTML5 VPN), Wireless access and more.

So, I would add Sophos too.

I would not manage our network without a firewall. There are to many threats from around the world, the firewall is the most important line of defense. Also, we use our firewall to do NAT.

I would have to agree with the reviewers that suggest which essential firewall features to examine the various firewall vendors.
It ultimately comes down to the prior experience with the vendor and if you trust their firewall product since it is either of great help or a problem that never goes away until you replace the unit years after the purchase, configuration, and implementation.

We are happy with the Fortinet firewall, it is a thousand times better than our previous firewall.

I wouldn't make the decision of purchasing a solution and then need to go back and change my decision but in case I find that my calculations do not meet the requirements then I would go to make a change or increase the throughput of the same firewall so that it will meet my requirements.

I am working with WatchGuard and Sonicwall firewalls but after to work with WatchGuard I think it is easier than Sonicwall but sometimes still lacking little thinks like as for you see what is the wired speed while you are in troubleshooting, you need to go to the web interface because within the WSM (centralized manangement software) you don´t have how to see it. For example, some things about the cluster you need to use the WSM software to make it easy and another thinks it´s better to use the web interface. Some things make me think about making a change but in the end, I prefer WatchGuard than Sonicwall.

I wouldn't change my decision to buy Fortinet. Fortinet gives us full control of network traffic and gives us the possibility to deploy more IPS without charge firewalls CPU.

The only thing that I want to buy with Fortinet next time is FortiAnalyzer to get a unique endpoint for management.

In my opinion, It will depend on the security solution purchased. For some solutions instead of buying a physical firewall for network security, you can go for a service provider who is offering a managed cloud firewall. That will reduce the total cost of ownership as well as device handling and installation costs.

I would have never changed my decision on buying a firewall the reason being that a firewall is an important pillar in defending networks from cyber threats that are ever-increasing each day and also give you an insight on what will be happening within one's network.
Besides the firewall protecting information from external threats, it also helps with internal company policies eg what users can and cannot access when they are connected to the organization internet.

I think the decision to buy the firewall at that time was probably the best with the information that I/we had then. Security threats are theoretically not predictable. Manufacturers try to cover as many possible angles from new threat vectors. With that in mind, it is advisable to have a scalable solution that can be complemented over time then eventually replaced with up to date infrastructure. Replacing security infrastructure can be quite costly, it would be advisable to have a model that can also factor in this shift while keeping the customer secure.

In consideration of usage requirements and company budget, I will not consider changing my original ideas.

I believe the main issue is a bad project. 

You have to understand your infrastructure and have in mind that sometimes, just one firewall isn't enough: north-south security, east-west security. Wich feature you will enable on what rule. 

Gartner is a good way to choose your solution. 

I think I'd try more than changing a brand/model of a firewall to one superior model. 

Currently, with web filter, AV, layer 7,..., sometimes my firewalls go a bit slow. 

You have to understand that the price of bandwidth is decreasing and we (in almost one year) have twice the bandwidth that the last year and more services on the internet, with a lot of services in the cloud. 

At last, you need more compute effort in firewalls, more flow connections and, nowadays, you don't have a layer-3 firewall that only checks ports, source and target IPs addresses. Now it has the URL reputation to check, IDS, VA, etc.

Greetings,

We must not "fall in love" with our choices for information security systems.

The field of information security is changing and there are constantly new threats and different responses.

Today it's possible to install some of the protections in the cloud and some locally on-site.

Proper conduct requires regular examination of threats and adaptation of systems to recommended threats:

1. Examine the threats regularly.

2. Check the fit of the installed systems.

3. Adapt them to the new threats.

Regards,

G.Y.

The first time with "Unifi USG"... but let me be clear: it's not because it was a bad choice (not if you set it up it in the rigth place). 

I made a wrong choice from the very beginning. The need was bigger than the USG capabilities. I've been forced to change it for an Edge Infinity Router (same brand) and it's great!

In other places, with several clients, I still use the USG and it's also great!!!

lernen

The answer is NOT.

Actually I feel fine with my Firewall, related to cost, performance, and benefits, also Web Interface is very easy and intuitive, that's a great choice.

Yes, I bought two Juniper SRX4100's and the GUI are completed useless. I would go back to Cisco ASDM in a heartbeat. Also, the Cisco TAC is exponentially better then Juniper's JTAC.

No.

No, because it fulfills our requirements. What I might change is the reseller or the interaction with the principal directly, in order to get the most out of the purchased products. Sometimes, the competency and commitment of the reseller are more crucial than the product itself.

Eso depende de la experiencia de servicio de soporte e implementación que tienes con tu proveedor actual. La plataforma puede ser muy buena, pero si se maneja mal, vas a experimentar la misma mala experiencia que equivaldría un mal producto. Es como ir en una super autopista conduciendo un ferrari revolucionado en el primer o segundo cambio.

It was the best spending money. I never regret it.

A firewall is a network security device to monitor and control both incoming and outgoing traffic in the network. The reason why to buy a firewall is to secure your data, your client from the attackers and malware to still your sensitive information and data breach and it helps your organization with better security.

The ASA5516-X is a good firewall. I really like the dashboard IP connections report, it shows which IPs are trying to hack and their geo location. It lets me blacklist them with a right-click.