next generation firewalls (NGFW)

Security Value Map
Empirical data from individual Test Reports and Comparative Reports is used to create NSS Labs’ unique Security Value Map™ (SVM). The SVM illustrates the relative value of security investments by mapping Security Effectiveness against Total Cost of Ownership (TCO) per Protected Mbps for tested product configurations.

Security Value Map Comparative Report
The Security Value Map™ (SVM) Comparative Report provides an aggregated view of the detailed findings from this NSS Labs group test. Enterprise security decision makers can use the report to determine the relative value of security investments.

Security Comparative Report
This report uses data from NSS Labs’ individual NGFW Test Reports to create security effectiveness ratings for each product. Products are scored on multiple factors that affect the overall security effectiveness of the system, including firewall policy enforcement, intrusion prevention, and resistance to evasions.

Total Cost of Ownership Comparative Report
Implementation of next generation firewall (NGFW) devices can be complex with multiple factors affecting the overall cost of deployment, maintenance, and upkeep. This report focuses on the Total Cost of Ownership (TCO) per Protected Mbps. NSS labs’ cost analysis includes a three-year TCO based on acquisition costs for an NGFW and a central management system, fees paid to the vendor for annual maintenance, support, and signature updates, and labor costs for the device’s installation, maintenance, and upkeep.

Performance Comparative Report
Implementation of next generation firewall (NGFW) devices can be complex with multiple factors affecting overall performance. This report provides data on factors that should be considered when evaluating an NGFW’s performance, including throughput, connection rates, latency, and traffic mix.

Test Reports
Test Reports provide detailed analysis on each product tested. They help enterprise security teams understand a product’s features as well as its limitations and can be used to shortlist products for further evaluation and proof-of concept testing. Data from these reports is used in the NSS Labs Comparative Reports.

Looking for something else? Ask an analyst.

As with all NSS Labs group tests, there was no fee for participation. All testing was conducted independently and was not paid for by any vendor. In addition, the test methodology applied is in the public domain to provide transparency and to help enterprises understand the results.

·      Barracuda Networks CloudGen Firewall F800.CCE v7.2.0

·      Check Point 15600 Next Generation Threat Prevention (NGTP) Appliance vR80.20

·      Cisco Firepower 4120 Security Appliance v6.2.2

·      Forcepoint NGFW 2105 Appliance v6.3.3 build 19153 (Update Package: 1056)

·      Fortinet FortiGate 500E V5.6.3GA build 7858

·      Palo Alto Networks PA-5220 PAN-OS 8.1.1

·      SonicWall NSa 2650 SonicOS Enhanced

·      Sophos XG Firewall 750 SFOS v17 MR7

·      Versa Networks FlexVNF 16.1R1-S6

·      WatchGuard M670 v12.0.1.B562953