Comparison of 5 top next-generation firewall vendors

Key NGFW features

NGFWs are hardware, software or cloud-based devices that extend traditional firewall capabilities beyond packet inspection -- filtering traffic by IP address, port and protocol -- and stateful inspection -- tracking the state of connections. In addition to these baseline controls, NGFWs offer deep packet inspection (DPI), which examines the payload of network traffic rather than just packet headers. DPI enables the firewall to locate, identify, classify and reroute or block malicious content in otherwise legitimate traffic.

Modern NGFWs also offer application awareness and control, integrated intrusion prevention systems, SSL/TLS inspection, user identity awareness, logging and reporting, API-driven automation and automated policy recommendations.

Many NGFWs also use threat intelligence feeds to enhance DNS and URL filtering and improve the detection of malicious traffic. Advanced NGFWs can detect policy violations and automatically block, quarantine or sanitize suspicious traffic before alerting security teams and integrating with other security technologies for further investigation .

NGFWs often serve as a centralized visibility point for network activity and help organizations achieve and maintain a zero-trust architecture.

Leading NGFW products

Let's look at some of the most widely used NGFWs that offer these features. Many other NGFW technologies are available, each with its own pros and cons. The tools profiled in this article were selected based on market research. Each has a sizable customer base, is under active development, and has numerous publicly available user reviews from verified purchasers of NGFWs. This list is organized alphabetically.

Check Point Quantum

Key features

• Makes extensive use of AI technologies as part of its threat intelligence.
• Integrates with endpoint and mobile detection and response technologies via the broader Check Point platform.
• Offers additional security features, such as antispam, through its next-generation threat protection SandBlast bundle.

Pros

• Excels at centralized management, providing an intuitive GUI and dashboard that saves administrators time.
• Cited for its reliability and stability.

Cons

• Licensing and subscriptions are reportedly more complex and expensive than competing products.
• According to some user reports, it fails to detect attacks that other vendors successfully discover and generates repeated false positives, especially for email.

Sales and licensing

• Offers dozens of hardware models for on-premises deployments as well as SaaS.

Cisco Secure Firewall

Key features

• Uses AI and machine learning technologies to improve its detection and protection capabilities and to make firewall management easier for admins.
• Supports identification and analysis of more than 6,500 applications and application protocols.

Pros

• The most recent interface is easy to deploy and use.
• Integrates smoothly with other Cisco cybersecurity products.

Cons

• Some users report documentation is either missing or outdated.
• Upgrades and updates can take time to execute; questions about rollback capabilities.

Sales and licensing

• Offers several series of hardware-based models, including a rugged model for operational technology and IoT environments, plus service models for public and private clouds.
• Free trial is available.

FortiGate NGFW

Key features

• Uses AI as part of threat intelligence to improve the efficiency of protection and detection.
• Supports quantum-safe mechanisms for VPN cryptography; supports quantum key distribution alongside classical algorithms.

Pros

• Integrates with other Fortinet technologies to provide a unified network security foundation.
• Effective, reliable performance even under high workloads and with large implementations.

Cons

• Steep learning curve, especially for more complex configurations and those that can only be accomplished through the CLI, in part because some documentation and online resources are outdated.
• Challenges with updating firmware unexpectedly altering functionality or introducing errors.

Sales and licensing

• Offers more than 30 models of appliances for a wide variety of environments and needs, as well as three as-a-service models.

Palo Alto Networks PA-Series

Key features

• Integrated management of Palo Alto products through a single interface, Strata Cloud Manager.
• Easy customization of security policies tailored for different parts of the organization.

Pros

• An easy-to-use interface with wide flexibility; for example, pushing out policy updates across all of the organization's firewalls at once.
• Supports post-quantum cryptography options.

Cons

• Steep learning curve that requires additional training and effort for admins to be able to fully use the product's features.
• Product support, especially in certain regions of the world.

Sales and licensing

• Offers several series of models of PA-series hardware appliances for various environments and performance needs, including a branch-office model with 5G networking built in. Cloud-native, virtual and SaaS versions also available.

Sophos Firewall

Key features

• Multiple ways to analyze traffic, including decrypting TLS 1.3-protected traffic, using machine learning to identify zero-day attacks and using cloud sandboxing to safely execute suspicious payloads.
• Integrates with several Sophos endpoint and mobile security technologies to improve response capabilities; also integrates with other Sophos products and services to support zero trust.

Pros

• Easy-to-use interface for management, monitoring, reporting and alerting.
• Solid integration with other Sophos technologies for management, monitoring and detection purposes.

Cons

• Generating reports can be slower than desired, especially in larger implementations.
• Learning curve for implementing some of the most advanced features steeper than anticipated.

Sales and licensing

• Available for deployment in cloud and virtual environments, as hardware, and as software to be deployed on the organization's own hardware; several models of each option are available based on the deployment size.
• Numerous options for licensing specific features or bundles of features, in addition to support subscriptions, protection licensing and subscriptions, and integration with other Sophos applications.

Karen Kent is the co-founder of Trusted Cyber Annex. She provides cybersecurity research and publication services to organizations and was formerly a senior computer scientist for NIST.