Presented by Duxbury Networking

Next-gen firewall buyer’s guide

In recent surveys, network administrators and IT managers cited the following top issues with their existing firewall:

  • Poor visibility into network applications, risks, and threats
  • Concerns about protection from the latest ransomware and attacks
  • Lack of any response or assistance when there is a threat on the network

When selecting a shortlist for your next firewall, it can be challenging to even know where to start.

You’ll want to begin by identifying your key requirements.

Once you’ve established those, it’s a daunting task to wade through vendor websites and datasheets to determine which firewall can not only meet your needs, but actually does what it claims.

“Sophos has compiled a guide that will help users you to choose the right solution for your organisation so you don’t end up with firewall buyer’s remorse.”

“It covers all the features and capabilities you should consider when evaluating your next firewall purchase”.

“These are We’ve also included important questions to ask your IT partner or vendor to ensure the product will meet your needs,” says Andre Kannemeyer – CTO at Duxbury Networking, local distributors of Sophos technology.

The perfect storm in network security: encryption

Ever-increasing encrypted traffic flows have created a perfect storm – with dire consequences.

Consider these important facts:

  • 90% of internet traffic is now TLS encrypted
  • 50% of malware, PUA, and hacker servers are utilising encryption to avoid detection
  • Most organisations are not inspecting encrypted traffic.

“When we ask organisations why they are not inspecting encrypted traffic, they cite performance as the number one reason.”

“TLS inspection is simply too resource intensive for most firewalls to keep up with the huge volume of encrypted traffic.”

“The second major reason for not inspecting encrypted traffic. It tends to cause usability issues; it breaks the internet,” says Kannemeyer.

This fundamental challenge with encryption and an inability to address it by most firewalls is creating a variety of other issues: visibility into risky behaviour and content, compliance, and protection from ransomware, attacks, and breaches.

In effect, encryption is the root cause of many of today’s top network security challenges.

Unfortunately, most networks are simply turning a blind eye to most of the traffic passing through them.

This is no longer necessary. There is a very effective way to deal with this challenge.

Top critical capabilities

To solve your top challenges with network visibility, protection, and response to threats, here are four must-have critical capabilities you need in your next firewall, that are likely missing today:

  • TLS 1.3 inspection – 90% of internet traffic is now encrypted and that number is growing, so it’s critical that your next firewall includes TLS 1.3 inspection. Perhaps more importantly, it must provide the intelligence and performance to do it efficiently, without becoming a bottleneck or forcing you to buy a much more expensive firewall than you really need. Not all encrypted traffic requires inspection, and not all encrypted traffic supports it. Your next firewall must support all the latest standards and cipher-suites. It must also have intelligent exceptions built in to be more selective in what traffic to inspect, while also providing tools to easily identify potential issues and add exceptions on the fly to avoid them. It should also offer adequate performance to deal with an ever-increasing volume of encryption – both today and into the future.
  • Zero-day threat protection – Threats are constantly evolving. The ransomware variant used to attack an organisation tomorrow will almost certainly be different from the one used yesterday. This is the nature of the current threat landscape. Your next firewall must have artificial intelligence based on multiple machine learning models, plus sandboxing with advanced exploit detection and crypto-guard ransomware detection to identify the latest zero-day threats and stop them before they get on your network.
  • FastPath application acceleration – About 80% of the traffic on your network likely comes from approximately 20% of your apps. These elephant flows are typical of meeting and collaboration tools, streaming media, and VoIP. These large traffic flows are both resource-intensive to inspect and require optimal performance for a great user experience, creating an enormous challenge. Your next firewall should be able to adequately handle these trusted traffic flows and offload them to provide optimal performance and create added performance headroom for traffic that needs deeper packet inspection.
  • Integration with other cybersecurity products – It’s no longer enough for IT security products to work in isolation. Today’s sophisticated attacks require multiple layers of protection, all working in coordination and sharing information to provide a synchronised response. Your next firewall should integrate with other systems like your endpoint AV protection to share important threat intelligence and telemetry. This will allow both systems to work better together to coordinate a defence when you come under attack. These systems should also share a common management interface to make deployment, day-to-day management, as well as cross-product threat hunting and reporting easier.

These four capabilities will ensure the top problems with your current firewall will be a thing of the past, and power your network protection well into the future.

Critical capabilities questions to ask your vendor

Critical capabilities Questions to ask your vendor
TLS 1.3 inspection

Provides visibility into the growing volume of encrypted traffic traversing networks

  • Does your TLS inspection support the latest 1.3 standard?
  • Does it work across all ports and protocols?
  • Is it streaming-based or proxy based?
  • What is the performance impact?
  • Does it provide dashboard visibility into encrypted traffic flows?
  • Does it provide dashboard visibility into sites that don’t support decryption?
  • Does it provide simple tools to add exceptions for problematic sites?
  • Does it come with a comprehensive exclusion list?
  • Who maintains the list and is it updated periodically?


Zero-day threat protection

Protection from the latest unknown threats using machine learning and sandboxing

  • Does your firewall include technology to detect previously unseen threats?
  • Does it use machine learning to analyse files?
  • How many machine learning models are applied?
  • Does your solution include sandboxing?
  • Does the sandboxing allow the file through while it’s being analysed?
  • Does the sandboxing solution run on-premises or in the cloud?
  • Does the sandboxing solution include leading endpoint protection technology to identify threats like ransomware in the sandbox environment?
  • What endpoint technology is used to assist in sandboxing?
  • What kind or reporting is provided on-box (versus a separate reporting product)?
  • What kind of dashboard visibility is provided?
FastPath application acceleration

Offloading trusted application traffic to a FastPath to improve performance and reduce overhead

  • Does your firewall support FastPath acceleration of trusted traffic and elephant flows?
  • Is it done in software or hardware?
  • How are applications identified for FastPath acceleration?
  • What policy tools are provided to admins to control which applications are offloaded?
  • Are any signatures provided out of the box to accelerate and FastPath some applications?
  • Are your FastPath packet flow processors programmable, upgradable, and futureproof?
Integration with other security products

Integration is essential to provide adequate layered protection and sharing of information across products for a response to threats or for forensic investigations and threat hunting

  • Does your firewall integrate with an endpoint technology?
  • What information is shared between the two products?
  • Is a threat identified by one product shared with the other?
  • What is the response when a threat is detected? Can it automatically isolate threats? How does it do this?
  • Does the endpoint provide any information on users or application usage to the firewall?
  • Can the firewall and endpoint be managed from the same console? Is it cloud-based?
  • Can you do cross-product threat hunting (XDR)?
  • Does the vendor offer a fully-managed network monitoring and threat response service?
  • Does the firewall integrate with any other products such as Wi-Fi, ZTNA, edge devices, or network switches?

For more information contact Duxbury Networking, +27 (0) 11 351 9800, [email protected],

Latest news

Partner Content


Share this article
Next-gen firewall buyer’s guide