Previously; We wrote an article as “All Things about Firewalls” earlier. Now, we want to discuss more about hardware firewalls.

A hardware firewall is a physical device similar to a server that filters traffic to a computer. Hardware firewall has processor, memory, and sophisticated software, powerful networking components (hardware and software) and force all traffic traversing that connection to be inspected by configurable rule sets which grant or deny access accordingly. A hardware firewall sits between LAN and the Internet. The firewall will inspect all the data that comes in from the Internet, passing along the safe data packets while blocking the potentially dangerous packets. A hardware firewall uses packet filtering to examine the header of a packet to determine its source and destination.

 

 

Terms

NFGW: A next-generation firewall (NGFW) is a network security device and a deep-packet inspection firewall that provides capabilities beyond a traditional, stateful firewall and it includes additional features like application awareness and control, integrated intrusion prevention, and cloud-delivered threat intelligence. Cisco ASA 5500 series are comprehensive, highly effective intrusion prevention. Read more about NFWG.

Throughput (Firewall Throughput): maximum volume of traffic that can pass through a firewall. It is the highest throughput speed stat in the tech specs and is measured in Mbps or Gbps. This statistic measures a firewall’s raw, unhindered processing speed in its base state–with no additional security services or processes activated.

NGFW Throughput: It is a measure of throughput when Intrusion Prevention Services (IPS) and Application Control are running. In other words, NGFW Throughput is a great statistic to indicate the speeds your appliance may exhibit in a real-world environment. Of course, NGFW Throughput is a metric that you may not find in every manufacturer’s datasheets.

SSL-VPN Throughput: This factor measures the volume of traffic that can pass through a firewall for a user who has connected to the network via an SSL-VPN remote access connection. SSL-VPN Throughput numbers tend to be much lower than other metrics because a lot of processing power is needed to decrypt, scan, and verify encrypted traffic. Low SSL-VPN Throughput can create bottlenecks for remote workers. Read more about SSL VPN.

Source:  firewalls.com  and  cisco.com

 

 

Some of the Best Enterprise Hardware Firewalls

  • Fortinet FortiGate: These firewalls consolidate industry-leading security capabilities such as intrusion prevention system (IPS), web filtering, secure sockets layer (SSL) inspection, and automated threat protection. FortiGate NGFWs inspect traffic as it enters and leaves the network. These inspections happen at an unparalleled speed, scale, and performance and prevent all attacks and malware without degrading user experience or creating costly downtime.
  • Sophos XG Firewall: This firewall removes the blind spots caused by encrypted traffic by allowing you to use SSL inspection whilst maintaining performance efficiency. This Firewall includes automatic and policy-based intelligent offloading for trusted traffic processing at wire speed XG Firewall includes a high-speed Deep Packet Inspection (DPI) engine to scan traffic for threats without a proxy slowing down the process and it provides robust deep packet threat protection in a single streaming engine for AV, IPS, Web, App Control and SSL inspection. Sophos XG Firewall is the only network security solution that is able to fully identify the user and source of an infection on network and automatically limit access to other network resources in response. Using Security Heartbeat, this firewall can do much more than just see the health status of an endpoint. Synchronized Application Control automatically identifies, classifies and controls encrypted, custom, evasive, and generic HTTP or HTTPS applications which are currently going unidentified. This firewall Provides advanced protection from all types of modern attacks.
  • Cisco ASA Next-Generation Firewall Services: This firewall include Cisco Application Visibility and Control (AVC), Web Security Essentials (WSE), and Intrusion Prevention System (IPS) and enable organizations to rapidly adapt to dynamic business needs while maintaining the highest levels of security. Cisco ASA Firewalls deliver application awareness and user identity capabilities for enhanced visibility and control of network traffic. Cisco ASA Next-Generation Firewall Services gives security administrators greater visibility into the traffic flowing through the network, including the users connecting to the network, the devices used, and the applications and websites that are accessed. Cisco ASA Next-Generation Firewalls with IPS provide context-driven threat detection and mitigation. The simplified operation puts focus on threat prevention rather than on detection parameters. Inputs from the Cisco AVC and WSE security services optimize the Cisco IPS’s operation and efficacy to provide holistic threat prevention.
  • Cisco Firepower NGFW: This firewall is the industry’s first fully integrated, threat-focused next-gen firewall with unified management. It uniquely provides advanced threat protection before, during, and after attacks. These firewalls are perfect for the Internet edge and all the way in to the data center. The Cisco Firepower deliver business resiliency through superior threat defense. They provide sustained network performance when threat inspection features are activated to keep your business running securely. And they are now simpler to manage for improved IT efficiency and a lower total cost of ownership. It uniquely provides advanced threat protection before, during, and after attacks. The Firepower NGFW sustains its throughput performance as threat services are added. They do this by uniquely incorporating an innovative dual multi-core CPU architecture that optimizes firewall, cryptographic, and threat inspection functions simultaneously.
  • Dell SonicWALL TZ series: These firewalls are high-performance, enterprise-grade network security solutions for small and medium-sized businesses (SMBs), remote and branch offices and retail point-of-sale locations. With Zero-Touch Deployment and simplified centralized management, installation and operation is easy. Detect sophisticated threats, including encrypted attacks, with advanced networking and security features, like the multi-engine Capture Advanced Threat Protection (ATP) cloud-based sandbox service. This firewall has some optional features like PoE/PoE+ support and 802.11ac Wi-Fi, create a unified security solution for wired and wireless networks.
  • Barracuda NextGen Firewall X: This firewall series provides full application control, user awareness, and content security that’s so easy to use, it’s even manageable from the cloud. This firewall has many advantages include Easy-to-use, web-based administration, all-inclusive pricing, Unlimited users and protected IPs per firewall, Unlimited remote connectivity VPN clients included, Cloud-based centralized management and Flexible web filtering options.

 

 

———————————

Sources:

firewalls.com

cisco.com

fortinet.com 

axient.com.au   

sophos.com 

sonicwall.com

barracuda.com

 

 

Our posts about hardware firewalls:

pfSense Firewall
SonicWall Firewall
Cisco ASA Firewall
Watchguard Firewall