Recommendation for NGFW?

K

KapsZ28

2[H]4U
Joined
May 29, 2009
Messages
2,114
I am looking for a VM appliance Next-Generation Firewall. So far the only one I have looked at is the Palo Alto VM-100. I am still waiting to get my hands on an evaluation to see how it really works. I am wondering what else is out there that is very good and maybe not quite as expensive. I found a Comparative Analysis from NSS Labs, but it is $3,500 if you want to read it. :D

https://www.nsslabs.com/reports/next-generation-firewall-comparative-analysis-2013
 
Wrench00 said:
Sophos, checkpoint
Click to expand...

Check Point seems to have everything separate. They have a blade for everything which seems like it would be a pain to manage. Plus probably cost more.

Any idea on pricing for NGFWs? Most of the larger companies don't seem to have pricing. I know the retail price on the Palo Alto VM-100 is $2,700 plus another $2,100 if you want Threat, URL, Wildfire and Support.
 
We haven't got into the PA VM's, but we have several PA-200s, 500s and two 5020s. We love them. They are super easy to manage (we use Panorama VM) and they really do what they say they'll do. Yes, they are pricier but honestly, you get what you pay for.
 
QHalo said:
We haven't got into the PA VM's, but we have several PA-200s, 500s and two 5020s. We love them. They are super easy to manage (we use Panorama VM) and they really do what they say they'll do. Yes, they are pricier but honestly, you get what you pay for.
Click to expand...

Oh I hear you. But I don't get to make the decision when it comes down to price. Right now we are using pfSense with zero packages installed. Meaning we don't have any IPS, malware detection, etc. We don't pay for support either, so they are 100% free and we would need at least 12 firewalls. So, it definitely gets expensive.
 
Yeah I'm with you. Given that you need 12, you're buying power should be pretty high to drive down the pricing hopefully. It's frickin software, not hardware. They should be able to cut it down pretty good. GL man.
 
KapsZ28 said:
Check Point seems to have everything separate. They have a blade for everything which seems like it would be a pain to manage. Plus probably cost more.

Any idea on pricing for NGFWs? Most of the larger companies don't seem to have pricing. I know the retail price on the Palo Alto VM-100 is $2,700 plus another $2,100 if you want Threat, URL, Wildfire and Support.
Click to expand...

Please note what Check Point calls a blade is just a software license. There is no additional hardware to buy.
It is hard to get into pricing without knowing exactly what your needs are there are combinations available that greatly alter the cost when bundled. I would suggest that with 12 firewalls you should consider central management and logging which will greatly simplify your management but at the same time add to your upfront costs. This applies to whatever platform you end up with.
 
Nicklebon said:
Please note what Check Point calls a blade is just a software license. There is no additional hardware to buy.
It is hard to get into pricing without knowing exactly what your needs are there are combinations available that greatly alter the cost when bundled. I would suggest that with 12 firewalls you should consider central management and logging which will greatly simplify your management but at the same time add to your upfront costs. This applies to whatever platform you end up with.
Click to expand...

I know they are not separate pieces of hardware, but don't you access them separately, or can they be centrally managed? Looking at what Check Point offers, I would probably start with the following.

Firewall
IPsec VPN
IPS
Application Control
 
KapsZ28 said:
I know they are not separate pieces of hardware, but don't you access them separately, or can they be centrally managed? Looking at what Check Point offers, I would probably start with the following.

Firewall
IPsec VPN
IPS
Application Control
Click to expand...

By default each firewall is managed from a single GUI on that device. CP central management and logging is done through their Smart-1 appliances or through what they call Multi-Domain Manager which used to be called Provider-1. Smart-1 and P1 are separate products that you would need to purchase if you wanted to manage all of your firewalls from a single GUI.

A quick glance at the CP pricelist, you can access this if you have a User Center account, says a 2200 appliance with the blades you mentioned plus the Identity Awareness, Mobile Access, Policy Management and Logging blades is a CPAP-SG2208. I'm not sure if the prices I see are our prices or MSRP so I'm comfortable disclosing that. I can say it looks similar to the PA pricing you posted earlier which makes me fairly certain these are list prices. NO ONE pays list.


I would also add Fortinet to your list of vendors worth looking at.
 
The FortiGate VM01 is $3,700 on CDW's website. I think we are going to be stuck with pfSense for a long time.
 
err most of their prices are MSRP. I've even seen prices there higher than list. Find a reasonable reseller or contact the vendor directly.
 
Has anyone used Snort on pfSense for IPS? Is it any good and worth paying for the VRT Certified Premium Rules?
 
You must log in or register to reply here.
Back
Top