Select Page

Feb 16, 2021

How to Choose a Firewall


In a previous post, we discussed the evolution of types of firewalls, what they do, and why they are important in your network. Within the broader category of next-generation firewalls (NGFWs), there are critical differences in how they perform, how they protect your network assets, and how easy they are to administer on a day-to-day basis, for example.

It can be difficult to discern some of the nuances that can make a big difference in the security of your network including how to choose a firewall. Here, we offer a number of factors to keep in mind as you choose the right type of firewall for your organization.

Key Things to Consider When Choosing a Firewall

Form factor aside, there are other critical factors to consider in choosing a firewall. In no particular order, they include:

  • Performance. Will the NGFW accommodate not only normal traffic flows, but also bursts in traffic, without introducing latency that can slow network response? Will implementing any of the sub-technologies, like IPS, drag down the throughput? Can the next-gen firewall maintain acceptable performance even while processing SSL-encrypted traffic?
  • Completeness. Does the NGFW offer a full complement of protections against network attacks and malware, such as defending against botnet C&C communications, spam and evasive actions? Does it unify threat detection and analytics across all security mechanisms to enhance efficiency and reduce network latency?
  • Policy Tools. Policies can quickly become hard to manage and fraught with errors. Does the NGFW include automation to flag redundant policies, make suggestions for refinements, etc.? Can policies be aggregated (or grouped) to operate as a single policy? Can policies be automatically deployed to user devices?
  • Ease of Use. Is the NGFW’s user interface (UI) intuitive, easy to understand and simple use? If you’re deploying multiple next-gen firewalls, is the management interface consistent across form factors?
  • Regulatory Requirements. Will the firewall assist in meeting the requirements of GDPR, PCI-DSS, HIPAA and other applicable regulations? Does the vendor offer guidance in meeting these requirements?
  • High Availability. High availability is very important for NGFW deployment. Does the NGFW offer a twin-mode type of structure for 24/7/365 availability?
  • Future Growth. For hardware NGFWs, does it offer good expansion capability for future growth (for example large port numbers or expansion slots for expansion modules)?


There are many options to choose from among next-gen firewalls, from functionality, to form factor, to performance, to usability, and more. The right type of firewall will ensure that your network perimeter is protected against the ever-changing threat landscape.

Hillstone’s next-gen firewalls offer fast, effective, efficient and future-ready security protection for your network. Available in compact hardware form factors and software/cloud NGFWs, these NGFWs offer advanced threat detection and prevention, smart and efficient policy management, high performance (especially at the application layer), and much more.

If you need assistance in choosing the right type of firewall for your organization, reach out to us today. Our experienced and knowledgeable team is happy to assist.