looking for a top of the range Firewall any ideas

[TedLasso]

Im surprised no one has mentioned Checkpoint.
It really is the top of the line device, but obviously there is a bit of a price premium.

Security is a black hole of money and can cost a small fortune depending on how deep you go.
If the data is worth millions you need to protect it through secure backups, malware and ransomware prevention, possibly DLP to stop accidental leaking.
Data encryption would be a must.
Might also need to look at a network design to ensure proper segmentation

I would recommend CheckPoint too ... enable all the blades (once configured) and you have sorta a single pane of glass expereince for security management.

 

[TedLasso]

As mentioned .. look at the bigger issue.Security is more then just your firewall.The sonicwall is an enterprise device so it good enough.So you need multiple layers of security and that still doesnt guarantee you will be virus free.

1) Get your sonicwall configured correctly and locked down as much as possible
2) Implement a server/client based antivirus solution
3) Implement group policies
4) Dont give users local admin rights
5) Lock down network shares and dont give normal users more rights then they need

In addition, separate clients from servers via firewall, and then enable IPS to monitor all traffic between clients to servers.
Security Awareness training is must for all employees.

 

[syntax]

I did Expensive, but best of breed.

typed my post same time as yours...you got there before me

Fortigate has built in Webfilter, AV and Ransomware protection. It has great reporting to see what's happening on your network with threat reports. Protect your Endpoints. Deploy GPOs with app whitelisting and prevent EXE execution. Make sure you have something like Mimecast for email security and most importantly make an effort to educate your end-users. There's great tech out there incl. Sonicwall. End user your greatest risk no matter how good your infrastructure are.

I dont think Fortigate reporting is particularly good, even with the Analyzer (which has its own lovely set of problems)
As for endpoint, Forticlient, even with the new EMS is still quite a bit behind other AV / endpoint vendors.

 

[JayM]

Palo Alto. The new models are now reasonable in price, and from experience, the protection, application visibility and ease of use are unmatched.