Malware-fighting firewalls miss the mark
InfoWorld Test Center attacks Astaro, SonicWall, WatchGuard, and ZyXel firewalls, and only one puts up a fightFollow @infoworld
So who won? We do have a clear overall victor in the group, but before we get to that, let's talk about the winners in several important categories. If initial purchase price is your primary consideration, then ZyXel has a UTM for you. Make sure to keep tabs on just how much bandwidth you ask the ZyXel to protect, because it runs out of steam much earlier than the SonicWall and WatchGuard appliances. But at one-fifth the cost of the Astaro, the ZyXel ZyWall ($3,399 as tested) provides just as much throughput and twice the attack protection. Playing within its limits, the ZyWall is a solid, economical choice for organizations with smaller, less-demanding networks.
Maybe your primary criteria is out-of-the-box safety, though your system will require substantial customization before your users are all happy. It sounds like the WatchGuard system is for you. Also a terrific value (at $9,299 as tested), the WatchGuard Firebox lays claim to enterprise-class manageability and the most throughput in our test. This is a firewall with plenty of headroom.
If you seek the greatest number of functions in a single box, the Astaro Security Gateway appliance brings an incredible range of security options to the table in a Linux-fueled package. The Astaro is even available as a VMware virtual machine, if protecting your company's virtual server farm is what you have in mind. However, the Astaro pulls up short on attack protection and throughput, especially for the price ($18,565 as tested).
Finally, if you need nothing short of the most serious combination of uncompromising security and maximum throughput, the SonicWall NSA is your box. The clear winner of our test, the SonicWall ran only a step behind the WatchGuard in throughput and far surpassed all three competitors in attack protection. Add its wizard-based setup routine that steps administrators through an otherwise complex process, and you have a product that clearly benefits from being the sixth generation of its family.
The purchase price of the SonicWall NSA E7500 ($38,990 as tested) is significantly higher than the other appliances here. But its combination of attack defense and throughput arguably shows an even greater gap from the competition. The SonicWall is not only a UTM truly worthy of the label, but a mid-range UTM that could well keep company with much larger devices.
Curtis Franklin Jr. is a senior contributing editor to the InfoWorld Test Center.