This document provides some resources on firewalls including terms, features to look for, and vendors.

Terms Not Defined Elsewhere

• Stateful Firewall – Inspects protocols.
• Next Generation Firewall – Inspections applications.

Vendors

• Astaro
• Check Point Software
• Cisco Systems
  • Meraki
• Fortinet
• Juniper Networks
• McAfee
• Palo Alto Networks
• SonicWALL

Features to Look For

• VLAN Support – Ability to create VLAN’s to separate traffic.
  • Ubiquiti UnFi Security Gateway – Supports.
  • Meraki MX400 Security Appliance
• IPSec VPN Support – Allows remote clients to establish a VPN connection to the network.
  • Meraki MX400 Security Appliance – Supports.
• Site-to-Site Virtual Private Network (VPN) Support – Ability to create a VPN between two sites.
  • Ubiquiti UnFi Security Gateway – Supports.
  • Meraki MX400 Security Appliance – Supports.
• Quality of Service (QoS) Support – Ability to prioritize some network traffic over other types of traffic.
• Ports – How many ports will you need incoming and outgoing? Of what type?
  • Ubiquiti UniFi Security Gateway
    • 2x 1Gb RJ45 ports, 2x 1Gb RJ45/SFP Combination Ports.
    • 1x RJ45 Serial Port (Console).
  • Meraki MX400
    • 12x GbE.
    • 8x GbE (SFP).
    • 2x 10 GbE (SFP+).
• Layer 3 Forwarding Performance
  • Ubiquiti UniFi Security Gateway
    • Packet Size of 64 Bytes – 2,400,000 pps.
    • Packet Size of 512 Bytes or Larger – 4 Gbps (Line Rate).
• Processors/Memory/Storage
  • Ubiquiti Unifi Security Gateway
    • Dual-Core 1 GHz, MIPS64 w/Hardware Acceleration for Packet Processing.
    • 2 GB DDR3 RAM.
    • 4 GB Flash Storage.
• Redundant Power
• 3G/4G Modem Support
• Recommended Maximum Clients
  • Meraki MX400 Security Appliance – 2,000.
• Stateful Firewall Throughput
  • Meraki MX400 Security Appliance – 1 Gbps.
• Advanced Security Throughput
  • MX400 – 1 Gbps
• Maximum VPN Sessions
  • MX400 – 1,000
• Layer 7 Application Type Filtering – Ability to filter traffic at the application level – e.g., P2P, video games, etc.
  • Meraki MX400 Security Appliance – Supports.
  • Ubiquiti Unifi Security Gateway
• Content Filtering
  • Meraki MX400 Security Appliance – Supports.
• Intrusion Prevention (IPS)
  • Meraki MX400 Security Appliance – Uses PCI compliant IPS which utilizes SNORT Signature DB from Cisco Sourcefire.
• Antivirus / Antiphishing
  • Meraki MX400 Security Appliance – Uses Kaspersky.
• Identity Based Security Policies and Application Management
  • Meraki MX400 Security Appliance – Supports.
• Branch Gateway Services
  • DHCP
  • NAT
• Web Caching – Cache frequently accessed content.
• Load Balancing – Combines multiple ISP links into a single high speed source.
• Warranty

Comparisons

Further Resources

• Ubiquiti UniFi Security Gateway
  • Data Sheet.
• Meraki MX400 Security Appliance
  • Data Sheet.
• Michael Brandenburg. Choosing a Next-Generation Firewall: Vendor Comparison. TechTarget SearchNetworking.
  • Not really a comparison, rather a survey of several different companies on how their NGF works.