How To Choose A Firewall

A firewall is the most important piece of equipment protecting your entire network, and many criteria differ depending on the model and supplier. Certain features are included on some firewalls, and not others. Many suppliers try to get your attention with what initially appears to be a very low purchase investment; however, when you upgrade to get all the features you want, the total price becomes much higher.

How to choose a firewall with the right combination of value, security level, scalability, and support for your size of organization?

Here are the main factors to consider.  Many of the terms have links to Wikipedia definitions for further information on each of the criteria and features considered. For further information, or to book a demo with our NetSentron experts at KDI to find out if it is right for you, contact our sales team, here.



Criteria Considerations Small Organizations Medium Org’s & Enterprises
# IP Addresses
to Protect
Licensing? (Yes or No)
* Unlimited or Limited
number of licensed devices
* All products have performance
Upgradable? Consider
Growth Needs
Upgradable? Consider
Growth Needs
# Concurrent Connections Number varies by Firewall model Upgradable? Consider
Growth Needs
Upgradable? Consider
Growth Needs
Performance (Throughput,
VPN, UTM/Filtering)
* Check firewall’s specs for each
* Throughput includes ALL traffic
through all ports
* Consider # of users, type of media,
Web servers, link speed
* UTM performance can be much
lower than stateful performance.
Upgradable? Consider
Growth Needs
Upgradable? Consider
Growth Needs
Configuration (#Ports,
Check if ports are FIXED function
or CONFIGURABLE, and if sufficient # provided
Common Criteria EAL4+
Type of VPN Access * IPSEC most common
* PPTP supported by some
firewalls only
* SSL/VPNs usually a separate
product, but some firewalls
include SSL access for small
# of users
PPTP or IPSEC may be good enough
depending on the security level required.
Firewall + SSL/VPN may be
sufficient for a small numbers of users.
IPSEC is the more secure option.
May have to buy separate SSL/VPN
product for optimal performance for
some firewalls.


Security Level

Criteria Considerations Small Organizations Medium Org’s & Enterprises
* ICSA is the basic certification level
* Common Criteria (EAL4+ is
ICSA ICSA, Common Criteria
CERT Advisories
(Vulnerabilities found)
Vendors whose products have few
vulnerabilities, and patch (fix) them
quickly are desirable
Fewest number possible,
quickly fixed by vendor patch downloads
NO vulnerabilities desirable,
any found quickly resolved by vendor
Protection Architecture


*Stateful Firewal is the basic
business requirement
* Stateful and Proxy firewall can provide additional
protection for internal networks
* Look for Secure OS, robust design, and good reputation
* IPS (signature based) is sufficient
* Layer 7 Unified Threat Management is another great option
* Evaluate the quality and types of content filtering in UTM
Minimum: Stateful- or Proxy-based
Layer 7 Antivirus and IPS

Desired: Complete UTM
Minimum: Stateful- + Proxy-
based complete UTM +
IPS + Anomaly Protection


Reliability, Redundancy & Support

Criteria Considerations Small Organizations Medium Org’s & Enterprises
Redundant Architecture


Mission Critical firewalls need some
or all of these features: 
* Dual power supply
* RAID Disk or Solid State
* WAN Failover and balancing
* High Available (unit to unit)
failover (2 units)
High Availability can be Active-Active
or Active-Passive
Desired: WAN
failover required for Mission
Critical installations
Choose appropriate support level from: 
* 8 hours / 5 days a week
* 24 hours / 7 days a week
Minimum: 8/5 

Desired: 24/7 if Mission Critical

Warranty & Response Time


Choose appropriate level to
guarantee business continuity from:
* 1 or 3 year warranty is typical
* Depot service (mail-in) = slowest
* Next Business Day Onsite = next best
* 4 Hour Onsite = best
Minimum: 1 yr. warranty

Desired: Next business day onsite

Minimum: 3 yr. warranty & next business day 

Desired3+ yr. warranty & 4 hour onsite


Management & Reporting

Criteria Considerations Small Organizations Medium Org’s & Enterprises
* Network Management tools and logs
* Bandwidth monitoring
* Traffic shaping
* Basic logs and reporting
Balance number of tools with administrator skill level.
May be critical with high number of PCs on network
Basic reporting Enterprise-level tools and
reporting required



Criteria Considerations Small Organizations Medium Org’s & Enterprises
* Initial Purchase Price for appliance
* Additional subscriptions for Gateway, Security etc.
* Support, Warranty & Repair fees
* Installation fee
Choose an appliance that will grow with you.
Choose a vendor who can provide you with other IT solutions.
Find balance between short
term costs, security exposure, and growth support
Focus on longer term potential
risk of loss of assets/income

Find out how NetSentron’s features meet your Firewall needs.