Next-Gen Firewall Buyer's Guide
In recent surveys, network administrators and IT managers cite the following top issues with their existing firewall:
ÌPoor visibility into network applications, risks, and threats
ÌConcerns about protection from the latest ransomware and attacks
ÌLack of any response or assistance when there is a threat on the network
June 2021
Next-Gen Firewall Buyer's Guide
If any of this sounds familiar, you’re not alone. The problem is, most next-generation firewalls today are failing to do their job. They are not able to provide adequate visibility, appropriate protection, or any kind of response.
When selecting a shortlist for your next firewall, it can be challenging to even know where to start. You’ll want to begin by identifying your key requirements. Once you’ve established those, it’s a daunting task to wade through vendor websites and datasheets in an effort to determine which firewall can not only meet your needs, but actually do what it claims.
How to use this guide
This buyers guide is designed to help you choose the right solution for your organization so you don’t end up with firewall buyer's remorse. It covers all the features and capabilities you should consider when evaluating your next firewall purchase. We’ve also included important questions to ask your IT partner or vendor to ensure the product will meet your needs. And on the last few pages, we’ve added a convenient time-saving chart that can help you create a shortlist of suitable firewall vendors.
The perfect storm in network security: encryption
Ever-increasing encrypted traffic flows have created a perfect storm – with dire consequences. Consider these important facts:
Ì90% of internet traffic is now TLS encrypted
Ì50% of malware, PUA, and hacker servers are utilizing encryption to avoid detection
ÌThe vast majority of organizations are not inspecting encrypted traffic
When we ask organizations why they are not inspecting encrypted traffic, they cite performance as the number one reason. TLS inspection is simply too resource intensive for most firewalls to keep up with the huge volume of encrypted traffic. The second major reason for not inspecting encrypted traffic. It tends to cause usability issues; it breaks the internet.
This fundamental challenge with encryption and an inability to address it by most firewalls is creating a variety of other issues: visibility into risky behavior and content, compliance, and protection from ransomware, attacks, and breaches. In effect, encryption is the root cause of many of today’s top network security challenges. Unfortunately, most networks are simply turning a blind eye to the vast majority of traffic passing through them. This is no longer necessary. There is a very effective way to deal with this challenge.
To learn more, check out: Has Encryption Made Your Current Firewall Irrelevant?
|
June 2021 |
2 |
Next-Gen Firewall Buyer's Guide
Top critical capabilities
To solve your top challenges with network visibility, protection, and response to threats, here are four must- have critical capabilities you need in your next firewall that are likely missing today:
TLS 1.3 inspection – 90% of internet traffic now encrypted and that number is growing, so it’s absolutely critical that your next firewall include TLS 1.3 inspection. Perhaps more importantly, it must provide the intelligence and performance to do it efficiently, without becoming a bottleneck or forcing you to buy a much more expensive firewall than you really need. Not all encrypted traffic requires inspection, and not all encrypted traffic supports it. Your next firewall must support all the latest standards and cipher-suites. It must also have intelligent exceptions built in to be more selective in what traffic to inspect, while also providing tools
to easily identify potential issues and add exceptions on the fly to avoid them. It should also offer adequate performance to deal with an ever increasing volume of encryption – both today and into the future.
Zero-day threat protection – Threats are constantly evolving. The ransomware variant used to attack an organization tomorrow will almost certainly be different from the one used yesterday. This is the nature of the current threat landscape. Your next firewall must have artificial intelligence based on multiple machine learning models, plus sandboxing with advanced exploit detection and crypto-guard ransomware detection to identify the latest zero-day threats and stop them before they get on your network.
FastPath application acceleration – About 80% of the traffic on your network likely comes from approximately 20% of your apps. These elephant flows are typical of meeting and collaboration tools, streaming media, and VoIP. These large traffic flows are both resource intensive to inspect and require optimal performance for a great user experience, creating an enormous challenge. Your next firewall should be able to adequately handle these trusted traffic flows and offload them to provide optimal performance and create added performance headroom for traffic that actually needs deeper packet inspection.
Integration with other cybersecurity products – It’s no longer enough for IT security products to work in isolation. Today’s sophisticated attacks require multiple layers of protection, all working in coordination and sharing information to provide a synchronized response. Your next firewall should integrate with other systems like your endpoint AV protection to share important threat intelligence and telemetry. This will allow both systems to work better together to coordinate a defense when you come under attack. These systems should also share a common management interface to make deployment, day-to-day management, as well as cross- product threat hunting and reporting easier.
These four capabilities will ensure the top problems with your current firewall will be a thing of the past, and power your network protection well into the future.
|
June 2021 |
3 |
|
Next-Gen Firewall Buyer's Guide |
|
|
|
|
Critical capabilities |
|
Questions to ask your vendor |
|
|
TLS 1.3 inspection |
Ì |
Does your TLS inspection support the latest 1.3 standard? |
|
|
Provides visibility into the |
Ì |
Does it work across all ports and protocols? |
|
|
growing volume of encrypted |
|||
|
Ì |
Is it streaming based or proxy based? |
||
|
traffic traversing networks |
|||
|
|
|
||
|
|
Ì What is the performance impact? |
||
|
|
Ì Does it provide dashboard visibility into encrypted traffic flows? |
||
|
|
Ì Does it provide dashboard visibility into sites that don’t support decryption? |
||
|
|
Ì Does it provide simple tools to add exceptions for problematic sites? |
||
|
|
Ì Does it come with a comprehensive exclusion list? |
||
|
|
Ì Who maintains the list and is it updated periodically? |
||
|
Zero-day threat protection |
Ì |
Does your firewall include technology to detect previously unseen threats? |
|
|
Protection from the latest |
Ì |
Does it use machine learning to analyze files? |
|
|
unknown threats using machine |
|||
|
Ì |
How many machine learning models are applied? |
||
|
learning and sandboxing |
|||
|
|
|
||
|
|
Ì Does your solution include sandboxing? |
||
|
|
Ì Does the sandboxing allow the file through while it’s being analyzed? |
||
|
|
Ì Does the sandboxing solution run on-premises or in the cloud? |
||
|
|
Ì Does the sandboxing solution include leading endpoint protection technology |
||
|
|
|
to identify threats like ransomware in the sandbox environment? |
|
|
|
Ì What endpoint technology is used to assist in sandboxing? |
||
|
|
Ì What kind or reporting is provided on-box (versus a separate reporting product)? |
||
|
|
Ì What kind of dashboard visibility is provided? |
||
|
FastPath application acceleration |
Ì |
Does your firewall support FastPath acceleration of trusted traffic and elephant flows? |
|
|
Offloading trusted application |
Ì |
Is it done in software or hardware? |
|
|
traffic to a FastPath to improve |
|||
|
Ì |
How are applications identified for FastPath acceleration? |
||
|
performance and reduce overhead |
|||
|
|
|
||
|
|
Ì What policy tools are provided to admins to control which applications are offloaded? |
||
|
|
Ì Are any signatures provided out of the box to accelerate and FastPath some applications? |
||
|
|
Ì Are your FastPath packet flow processors programmable, upgradable, and futureproof? |
||
|
Integration with other |
Ì |
Does your firewall integrate with an endpoint technology? |
|
|
security products |
Ì |
What information is shared between the two products? |
|
|
Integration is essential to provide |
|||
|
Ì |
Is a threat identified by one product shared with the other? |
||
|
adequate layered protection and |
|||
|
|
|
||
|
sharing of information across products |
Ì |
What is the response when a threat is detected? Can it |
|
|
for a response to threats or for forensic |
|
automatically isolate threats? How does it do this? |
|
|
investigations and threat hunting |
Ì |
Does the endpoint provide any information on users or application usage to the firewall? |
|
|
|
|||
|
|
Ì Can the firewall and endpoint be managed from the same console? Is it cloud-based? |
||
|
|
Ì Can you do cross-product threat hunting (XDR)? |
||
|
|
Ì Does the vendor offer a fully-managed network monitoring and threat response service? |
||
|
|
Ì Does the firewall integrate with any other products such as |
||
|
|
|
WiFi, ZTNA, edge devices, or network switches? |
|
|
June 2021 |
4 |
Next-Gen Firewall Buyer's Guide
Core firewall capabilities
The following technologies are also essential components of any firewall solution. Most of these capabilities are mature, well-established staples in any firewall, so vendors are often differentiated based on ease of management and the level of actionable visibility they provide.
Be sure that your next firewall not only includes these features, but provides easy management – and more importantly, greater visibility into risks and issues in each of these areas.
|
Core capabilities |
|
Questions to ask your vendor |
|
|
Deep packet inspection and |
Ì |
Does your TLS inspection support the latest 1.3 standard? |
|
|
intrusion prevention |
Ì |
Does it work across all ports and protocols? |
|
|
Provides decryption and inspection |
|||
|
Ì |
Is it streaming based or proxy based? |
||
|
for threats and exploits |
|||
|
|
|
||
|
|
Ì What is the performance impact? |
||
|
|
Ì Does it provide dashboard visibility into encrypted traffic flows? |
||
|
|
Ì Does it provide dashboard visibility into sites that don’t support decryption? |
||
|
|
Ì Does it provide simple tools to add exceptions for problematic sites? |
||
|
|
Ì Does it come with a comprehensive exclusion list? |
||
|
|
Ì Who maintains the list and is it updated periodically? |
||
|
Advanced threat protection |
Ì |
Does your firewall include technology to detect previously unseen threats? |
|
|
Identifies bots and other advanced |
Ì |
Does it use machine learning to analyze files? |
|
|
threats and malware attempting |
|||
|
Ì |
How many machine learning models are applied? |
||
|
to call home or communicate with |
|||
|
|
|
||
|
command and control servers |
Ì |
Does your solution include sandboxing? |
|
|
|
Ì Does the sandboxing allow the file through while it’s being analyzed? |
||
|
|
Ì Does the sandboxing solution run on-premises or in the cloud? |
||
|
|
Ì Does the sandboxing solution include leading endpoint protection technology |
||
|
|
|
to identify threats like ransomware in the sandbox environment? |
|
|
|
Ì What endpoint technology is used to assist in sandboxing? |
||
|
|
Ì What kind or reporting is provided on-box (versus a separate reporting product)? |
||
|
|
Ì What kind of dashboard visibility is provided? |
||
|
Web protection and URL filtering |
Ì |
Does your firewall support FastPath acceleration of trusted traffic and elephant flows? |
|
|
Provides protection from web- |
Ì |
Is it done in software or hardware? |
|
|
based malware, compromised |
|||
|
Ì |
How are applications identified for FastPath acceleration? |
||
|
websites, and web downloads |
|||
|
|
|
||
|
|
Ì What policy tools are provided to admins to control which applications are offloaded? |
||
|
|
Ì Are any signatures provided out of the box to accelerate and FastPath some applications? |
||
|
|
Ì Are your FastPath packet flow processors programmable, upgradable, and futureproof? |
||
|
Application control |
Ì |
What sources of information are used to identify applications? |
|
|
Visibility and control over application |
Ì |
Can the application engine use information obtained from the endpoint to greatly enhance |
|
|
traffic to shape or block unwanted |
|||
|
|
application identification, or is it limited to only what the firewall can glean from the packet? |
||
|
traffic and accelerate and prioritize |
|
||
|
Ì |
Can applications be assigned to the FastPath and routed |
||
|
essential application traffic |
|||
|
|
out preferred WAN links using policy rules? |
||
|
|
|
||
|
|
Ì Does the system provide dashboard insights into cloud apps and shadow IT? |
||
|
VPN and SD-WAN |
Ì |
Does your firewall integrate with an endpoint technology? |
|
|
Site-to-site and remote access VPN |
Ì |
What information is shared between the two products? |
|
|
capabilities, SD-WAN overlays, and |
|||
|
Ì |
Is a threat identified by one product shared with the other? |
||
|
managing multiple WAN connections |
|||
|
|
|
||
|
|
Ì What is the response when a threat is detected? Can it |
||
|
|
|
automatically isolate threats? How does it do this? |
|
|
|
Ì Does the endpoint provide any information on users or application usage to the firewall? |
||
|
|
Ì Can the firewall and endpoint be managed from the same console? Is it cloud-based? |
||
|
|
Ì Can you do cross-product threat hunting (XDR)? |
||
|
|
Ì Does the vendor offer a fully-managed network monitoring and threat response service? |
||
|
|
Ì Does the firewall integrate with any other products such as |
||
|
|
|
WiFi, ZTNA, edge devices, or network switches? |
|
|
June 2021 |
5 |
Next-Gen Firewall Buyer's Guide
Complimentary firewall products
The following complimentary products may be important to extend your network and protection where it’s needed. Make sure your vendor of choice offers these additional products and makes them easy to integrate with your firewall, either managed directly from the firewall and/or through the same central management console as the firewall.
|
Complimentary products |
|
Questions to ask your vendor |
|
|
Branch office SD-WAN edge devices |
Ì |
Do you offer a device for connecting remote locations via |
|
|
Affordable, easy-to-deploy |
|
a dedicated VPN back to the main firewall? |
|
|
devices for connecting small |
Ì |
Is it zero-touch to deploy? |
|
|
remote branch offices |
|||
|
Ì |
How much does it cost? |
||
|
|
|||
|
|
Ì Does it support both a dedicated and split-tunnel? |
||
|
|
Ì What modular connectivity options does it support such as Wi-Fi or LTE? |
||
|
Wireless access points |
Ì |
Does the firewall include a built-in wireless controller? |
|
|
Extend the network to include wireless |
Ì |
How much does it cost? |
|
|
|
|||
|
|
Ì Are your wireless access points plug and play? |
||
|
|
Ì Do they support multiple radios and SSIDs? |
||
|
|
Ì Do they support mesh networking? |
||
|
ZTNA |
Ì |
Do you offer a ZTNA solution? |
|
|
Zero-trust network access for |
Ì |
Is it integrated in any way with your firewall and/or endpoint? |
|
|
connecting remote users securely |
|||
|
Ì |
Is it managed from the same central management console as the firewall? |
||
|
to applications and data |
|||
|
|
|
||
|
|
Ì Does the ZTNA agent deploy alongside your endpoint agent? |
||
|
|
Ì How is device health integrated into your ZTNA solution? |
||
|
Email protection |
Ì |
Do you offer an integrated on-box email protection solution? |
|
|
Protection for email from spam, |
Ì |
Do you offer cloud-managed email protection? |
|
|
phishing, and unwanted email |
|||
|
Ì |
Does it include sandboxing of suspicious attachments? |
||
|
|
|||
|
|
Ì Does it support email encryption and DLP? |
||
|
|
Ì Does it provide domain-based routing and a full MTA mode? |
||
|
|
Ì Does it offer a user portal for quarantine management? |
||
|
WAF |
Ì |
Do you offer an integrated on-box WAF capability? |
|
|
Web Application Firewall for reverse |
Ì |
Does it make setup easy with pre-defined templates for common server hosted applications? |
|
|
proxy protection of on-premises |
|||
|
Ì |
Does it provide hardening, CSS, and cookie tamper protection? |
||
|
servers exposed to the internet |
|||
|
|
|
||
|
|
Ì Does it provide reverse proxy authentication offloading? |
||
|
June 2021 |
6 |
Next-Gen Firewall Buyer's Guide
Management capabilities
Firewall products are often differentiated by how easy they are to manage. Many firewalls that have been on the market for decades suffer from having new capabilities bolted onto the product over time using different user interface concepts that make every section of the product seem like a completely different product. The following capabilities can make a huge difference in the deployment and day-to-day management.
|
Management capabilities |
|
Questions to ask your vendor |
|
|
Central management |
Ì |
Do you offer a cloud management solution? |
|
|
Managing multiple firewalls |
Ì |
How are multiple firewalls managed through this solution? |
|
|
or IT security products |
|||
|
Ì |
What other products are managed from the same cloud console? |
||
|
|
|||
|
|
Ì Is threat intelligence shared across products and is cross-product threat hunting possible? |
||
|
Reporting |
Ì |
Does the firewall include on-box storage for log data? How much? |
|
|
What reporting capabilities are offered |
Ì |
Is on-box reporting included? How much does it cost? |
|
|
|
|||
|
|
Ì Is cloud reporting supported? How much does it cost? |
||
|
|
Ì Can custom reports be created, saved, exported, scheduled? |
||
|
|
Ì Is syslog export supported? |
||
|
|
Ì Is cross-product reporting and threat hunting supported? |
||
|
Management experience |
Ì |
Does your product offer a rich dashboard with drill-down capabilities? |
|
|
How well does the firewall simplify |
Ì |
Are policies for web, app control, IPS, and traffic shaping all together in one place, |
|
|
day-to-day management and |
|||
|
|
or do I need to set these components up in different areas of the product? |
||
|
highlight what's important |
|
||
|
Ì |
Is the user experience consistent from one part of the product to the next? |
||
|
|
|||
|
|
Ì Is there extensive built-in context sensitive help, documentation, |
||
|
|
|
videos and other content for a new firewall owner? |
|
|
User portal |
Ì |
Does your firewall offer a user portal for users to download VPN |
|
|
Portal for users to help themselves |
|
clients or settings and manage quarantined emails? |
|
Deployment options
Another important consideration for your next firewall is how easily will it integrate into your network both today and down the road. You want a firewall that fits your network, not one that demands your network fit the firewall. Ensure your vendor offers a variety of deployment options including public cloud platform support such as AWS and Azure, as well as popular virtualization platforms, and flexible, modular hardware appliance options.
|
Deployment options |
|
Questions to ask your vendor |
|
|
Hardware appliances |
Ì |
How many models of appliances do you offer that suit my needs? |
|
|
Ensure your next firewall is as |
Ì |
What connectivity options are included? |
|
|
futureproof as possible |
|||
|
Ì |
What modular connectivity options are included? |
||
|
|
|||
|
|
Ì Are redundant power supplies available? |
||
|
|
Ì What high-availability options are available? |
||
|
|
Ì Are firmware upgrades included in the licensing? |
||
|
|
Ì What is the hardware warranty? |
||
|
Cloud, virtual, software |
Ì |
Is your firewall available in the marketplace for public cloud platforms such as AWS and Azure? |
|
|
Public cloud and virtual support |
Ì |
Do you support all popular virtualization platforms? |
|
|
for hybrid networks that may be |
|||
|
Ì |
Is your appliance available as a software solution to run on X86 hardware? |
||
|
important today or in the future |
|||
|
|
|
||
|
June 2021 |
7 |
Next-Gen Firewall Buyer's Guide
Firewall Feature Checklist
Sophos
Cisco
Fortinet
PAN
SW
WG
Core Firewall Capabilities
|
Firewall rule and web policy test simulator |
✔ |
|
✔ |
✔ |
|
✔ |
|
FastPath packet optimization |
✔ |
|
✔ |
✔ |
|
|
|
Intrusion protection system |
✔ |
✔ |
✔ |
✔ |
✔ |
✔ |
|
Application control |
✔ |
Partial |
✔ |
✔ |
✔ |
✔ |
|
Dual AV engines |
✔ |
|
|
|
|
✔ |
|
Shadow IT cloud app visibility |
✔ |
|
✔ |
✔ |
✔ |
✔ - OEM |
|
Block Potentially Unwanted Applications (PUAs) |
✔ |
|
✔ |
✔ |
✔ |
|
|
Web protection and control |
✔ |
✔ |
✔ |
✔ |
✔ |
✔ |
|
Web keyword monitoring and enforcement |
✔ |
|
✔ |
✔ |
✔ |
✔ |
|
DPI engine: streaming, proxy or both? |
✔ |
Flow |
✔ |
Flow |
Stream |
Proxy |
|
User and app risk visibility (User Threat Quotient) |
✔ |
|
Limited |
|
|
|
|
Advanced threat protection |
✔ |
✔ |
✔ |
✔ |
✔ |
✔ |
|
On-box logging and historical reporting |
✔ |
|
Limited |
Limited |
|
|
Sophos
Cisco
Fortinet
PAN
SW
WG
Server and Email Protection
|
On-box full-featured WAF |
✔ |
|
On-box email: antivirus, anti-spam, encryption, DLP |
✔ |
Sophos
Cisco
Fortinet
PAN
SW
WG
Core VPN and SD-WAN
|
Unlimited free full-featured remote access VPN |
✔ |
Extra* |
✔ |
Extra* |
Extra* |
Extra* |
|
IPSEC and SSL site-to-site VPN |
✔ |
✔ |
✔ |
✔ |
✔ |
✔ |
|
SD-RED Layer-2 site-to-site VPN |
✔ |
|
|
|
|
|
|
SD-WAN cloud multi-site VPN orchestration |
Soon |
✔ |
Extra* |
|
|
|
|
SD-WAN routing and link management |
✔ |
✔ |
✔ |
✔ |
✔ |
✔ |
Sophos
Cisco
Fortinet
PAN
SW
WG
TLS Inspection
|
TLS 1.3 inspection |
✔ |
✔ |
✔ |
✔ |
✔ |
|
Dashboard visibility into encrypted traffic issues |
✔ |
|
|
|
|
|
Create TLS exceptions from dashboard |
✔ |
|
|
|
|
* These capabilities are available at extra cost
|
June 2021 |
8 |
Next-Gen Firewall Buyer's Guide
Sophos
Cisco
Fortinet
PAN
SW
WG
Zero-Day Threat Protection
|
Multiple ML model analysis of suspicious files |
✔ |
✔ |
✔ |
✔ |
✔ |
|
|
Dynamic sandboxing of suspicious files |
✔ |
✔ |
✔ |
✔ |
✔ |
✔ |
|
Cloud-based file analysis |
✔ |
✔ |
✔ |
✔ |
✔ |
✔ |
|
Extensive on-box threat analysis reporting |
✔ |
✔ |
|
|
✔ |
|
|
SD-WAN routing and link management |
✔ |
✔ |
✔ |
✔ |
✔ |
✔ |
Sophos
Cisco
Fortinet
PAN
SW
WG
FastPath Packet Optimization
|
Fastpath offloading of SD-WAN, cloud, SaaS traffic |
✔ |
✔ |
✔ |
|
Policy and automatic FastPath offloading |
✔ |
✔ |
✔ |
|
Hardware offloading and acceleration |
✔ |
✔ |
✔ |
|
Programmable packet flow processors |
✔ |
|
✔ |
Sophos
Cisco
Fortinet
PAN
SW
WG
Endpoint Protection Integration Features
|
Identify compromised hosts |
✔ |
✔ |
Extra* |
✔ |
✔ |
✔ |
|
Auto isolate hosts at the firewall from |
✔ |
|
|
|
|
✔ |
|
other parts of the network |
|
|
|
|
||
|
|
|
|
|
|
|
|
|
Auto isolate hosts at the EP level to |
✔ |
|
|
Extra* |
|
✔ |
|
prevent lateral movement |
|
|
|
|||
|
|
|
|
|
|
|
|
|
Identify unknown network applications |
✔ |
|
|
✔ |
|
|
|
(Synchronized App Control) |
|
|
|
|
||
|
|
|
|
|
|
|
|
|
Enable cross-product threat hunding (XDR) |
✔ |
|
|
✔ |
|
|
|
Enable a fully managed threat response service |
✔ |
|
|
✔ |
|
|
Sophos
Cisco
Fortinet
PAN
SW
WG
Network Access Portfolio Integration
|
Integrated wireless controller and |
✔ |
✔ |
✔ |
|
✔ |
✔ |
|
access point solution |
|
|||||
|
|
|
|
|
|
|
|
|
Integrates with a ZTNA solution |
✔ |
✔ |
✔ |
✔ |
✔ |
|
|
Integrates with network switch products |
Soon |
✔ |
✔ |
|
✔ |
|
|
Integrates with remote service |
✔ |
|
|
|
|
|
|
access edge devices (SD-RED) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* These capabilities are available at extra cost |
|
|
|
|
|
|
|
June 2021 |
9 |
Next-Gen Firewall Buyer's Guide
Sophos
Cisco
Fortinet
PAN
SW
WG
Cloud Management
|
Full-featured firewall management |
✔ |
✔ |
Extra* |
Extra* |
✔ |
|
|
from the cloud - no extra charge |
||||||
|
|
|
|
|
|
||
|
Single cloud console for EP, server, mobile, |
✔ |
|
|
|
✔ |
|
|
email, encryption, and firewall |
|
|
|
|||
|
|
|
|
|
|
||
|
Group firewall management from the cloud |
✔ |
✔ |
Extra* |
✔ |
|
|
|
Schedule firmware updates from the cloud |
✔ |
✔ |
✔ |
✔ |
✔ |
|
|
Deploy new firewalls from the cloud (zero-touch) |
✔ |
✔ |
Extra* |
✔ |
✔ |
|
|
Cloud firewall reporting |
✔ |
✔ |
✔ |
✔ |
✔ |
|
|
Cloud managed cross-product threat hunting (XDR) |
Extra* |
|
|
Extra* |
|
Sophos
Cisco
Fortinet
PAN
SW
WG
Cloud and Virtual Deployment Options
|
AWS |
✔ |
✔ |
✔ |
✔ |
✔ |
✔ |
|
Azure |
✔ |
✔ |
✔ |
✔ |
✔ |
✔ |
|
|
Future |
✔ |
✔ |
✔ |
|
|
|
Nutanix |
✔ |
|
✔ |
✔ |
✔ |
|
|
FWaaS |
Future |
|
✔ |
✔ |
|
|
|
Virtual platforms |
✔ |
✔ |
✔ |
✔ |
✔ |
✔ |
|
Software appliance (x86) |
✔ |
|
|
|
|
|
* These capabilities are available at extra cost
|
June 2021 |
10 |
Statements contained in this document are based on publicly available information as of May, 2021. This document has been prepared by Sophos and not the other listed vendors. The features or characteristics of the products under comparison, which may directly impact the accuracy or validity of this comparison, are subject to change. The information contained in this comparison is intended to provide broad understanding and knowledge of factual information of various products and may not be exhaustive. Anyone using the document should make their own purchasing decision based on their individual requirements, and should also research original sources of information and not rely only on this comparison while selecting a product. Sophos makes no warranty as to the reliability, accuracy, usefulness, or completeness of this document. The information in this document is provided “as is” and without warranties of any kind, either expressed or implied. Sophos retains the right to modify or withdraw this document at any time.
Try XGS Firewall online for free sophos.com/demo
|
United Kingdom and Worldwide Sales |
North America Sales |
Australia and New Zealand Sales |
Asia Sales |
|
Tel: +44 (0)8447 671131 |
Toll Free: 1-866-866-2802 |
Tel: +61 2 9409 9100 |
Tel: +65 62244168 |
|
Email: [email protected] |
Email: [email protected] |
Email: [email protected] |
Email: [email protected] |
© Copyright 2021. Sophos Ltd. All rights reserved.
Registered in England and Wales No. 2096520, The Pentagon, Abingdon Science Park, Abingdon, OX14 3YP, UK Sophos is the registered trademark of Sophos Ltd. All other product and company names mentioned are trademarks or registered trademarks of their respective owners.
21-06-10 EN (DD)
