Next-gen firewalls require external visibility tools

By Joel Snyder, Network World |  Security, firewalls

The FortiGate reporting engine is based on an SQL database and Fortinet isn't shy about exposing the internals of the database. All reports are configured within the firewall and you can easily get to the raw SQL used to generate the results. If you're the type of network manager who wants a lot of very custom reports, but don't want to extract the data and dump them into your own database, Fortinet's approach will be very attractive.

SonicWall and Barracuda also have good visibility tools, but we found them weaker than what Fortinet and Check Point offered. SonicWall confuses the issue a bit by having four separate visibility tools, ranging from the on-box tools (only suitable in very small environments) to their enterprise-class management system, SonicWall GMS.

We looked at GMS, and were disappointed to see that there isn't feature parity between the on-box reporting and the high-end GMS. For example, in on-box reporting you can generally drill down to individual log entries, and then go directly to policy editing if you want. With GMS, you can drill down, but if you want to change policy, you'll have to go find the affected rule yourself before you can start editing it.

Visibility isn't just reporting and top-10 lists; you also might want to look at what is happening in the firewall right at this moment. Instantaneous reporting is a weakness of most firewalls, but we found a great reporting screen in the Barracuda NG firewall that let us see open connections flowing through the firewall in real time.

Overall, we think that the visibility tools we found offer a good start into what is needed for next generation firewalls. All of the products have slightly different approaches, but it was clear that an off-box reporting engine — even if you only have a single firewall — is a minimum requirement to effectively build next-generation firewall policies.

Fortinet's FortiGate FortiAnalyzer and Check Point Security Gateway SmartEvent led the pack, with Barracuda NG Firewall and SonicWall SonicOS falling slightly behind in our feature-focused comparison.

Read more about wide area network in Network World's Wide Area Network section.

Originally published on Network World |  Click here to read the original story.
Join us:






Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Ask a Question