Choosing between two leading enterprise firewalls
Legacy cybersecurity solutions are no match for today’s hyper-distributed businesses. Safeguarding against modern threats requires stronger secure gateways capable of protecting a radically redefined perimeter. To stay ahead of the evolving threats, it’s time for security professionals to embrace modern Next-Generation Firewalls (NGFW).
The firewalls of today are vastly more agile, more capable, and more powerful than when the technology debuted 20 years ago. But not all firewalls are created equal — they come in different form factors, network interfaces and security packages. These packages may or may not include services such as IPS, application control, content filtering, anti-malware, DNS security and cloud management. To further complicate matters, there are enough firewall vendors in the market today that it can be difficult for the average customer to choose the right solution for their environment.
In March 2021, SonicWall commissioned Tolly Group to compare SonicWall NSa 2700 with the Fortinet FG 100F — and their report showed the NSa 2700 is a better choice for medium enterprises. Then, in July 2021, Tolly Group compared the price and performance of two firewalls designed for larger enterprises — SonicWall’s NSsp 15700 to the Fortinet FG 3600E. The two firewalls have a similar form factor and are comparable from a single appliance price point.
When choosing the right security solution, there are three key considerations: price, performance and protection. The ideal choice is the device that costs the least while providing similar performance and a comparable or better feature set than the alternative. Tolly used the published numbers and prices from both vendors to calculate the Total Cost of Ownership (TCO) for a 3-year, High-Availability appliance model with comparable security features. The full report is here. Here are a few of the key findings:
SonicWall’s three-year TCO is less than half that of Fortinet
This report compares SonicWall’s NSsp 15700 Total Secure Essential Edition with Fortinet FG-3600E Unified Threat Protection, both configured in HA mode. The SonicWall solution has a significantly lower TCO mainly because SonicWall does not require the purchase of a firewall license for the second unit. At $885,000, the Fortinet FG 3600E 3-year TCO is more than two times the $440,200 price of the SonicWall NSsp 15700 (see Figure 1).
SonicWall’s advertised threat prevention throughput is more than 2.5 times that of Fortinet
When looking at product data sheets, it’s not uncommon to be overwhelmed with multiple performance numbers. When evaluating a security appliance, you should look for performance numbers that will most closely replicate how you will use the solution in your environment. In the case of a firewall, that number is usually threat protection/prevention with most security features turned on.
While the two firewalls have similar form factor and price per appliance, SonicWall’s solution offers 80 Gbps threat prevention throughput, compared to Fortinet’s 30 Gbps.
SonicWall has a dramatically lower price-to-performance ratio
At the end of the day, what is most important to an organization is how much they have to spend to protect their environment while maximizing performance. For a firewall, that measure is commonly referred to as the price-to-performance ratio and is calculated by dividing the TCO by the relevant performance benchmark.
As detailed in Table 1, the cost of protecting each gigabit per second of network traffic for Fortinet ($29,500) is 5.5 times higher than SonicWall ($5,368).
Firewalls have different pricing, packages, performance, bells and whistles, which can make it difficult to choose between them. Given that a firewall purchase is a long-term investment, it is important to obtain and compare the three- to five-year total cost of ownership as opposed to just looking at list prices. It is clear that SonicWall firewalls, including both the NSa 2700 for medium enterprises and the NSsp 15700 for large enterprises, outperform comparable Fortinet firewalls at a lower total cost of ownership.