Appliance firewalls, whether called device or hardware firewalls, are common and nearly essential elements of every moderate to large network infrastructure. Appliance firewalls can range from low-end consumer-grade to very expensive high-end, commercial-grade solutions.

A variety of manufacturers and vendors make and service appliance firewalls. Some of the major vendors/brands to consider include:

• Barracuda
• Cisco Meraki
• Fortinet
• Juniper Networks
• Linksys (owned by Cisco)
• NetGear
• SonicWall

When selecting a hardware or appliance firewall, keep a few important points in mind. Some of the most common concerns for businesses include ease of use, secured management interfaces, port-filtering support, stateful inspection filtering, and the ability to be firmware/software upgraded.

Never skimp on throughput. Firewalls often represent bottlenecks to network bandwidth and thus should be selected to maintain wire speed. Be sure a hardware firewall can more than handle the current network speeds and allow for future growth. If you are currently pushing a 1 Gbps network, consider a firewall capable of filtering at 2.5 Gbps wire speed or higher.

For larger networks, centralized and remote management options are often essential. If firewall management requires direct physical contact or if you can configure only a single firewall at a time, you may find these significant hindrances to managing very large networks. An important part of a realistic firewall solution for enterprise networks can be multiple device management, including simultaneous configuration synchronization features.

Consider whether add-ons, upgrades, or extras are available and whether that’s important to your decision. Some firewall devices convert to firewall-plus devices or true multifunctional devices. Additional features may include email scanning, message quarantine, attachment stripping, virus scanning, mobile code filtering, anti-spyware, intrusion detection system (IDS)/intrusion prevention system (IPS) features, spam filtering, compliance monitoring, and network access control. Products that support expansion or firewall additions are known as unified threat management tools or may fall under the heading of advanced IDS/IPS.

Whatever the options presented by a vendor, always consider those based on your actual current and future network needs. Just because a product is expensive does not guarantee it will work better than a free, build-it-yourself alternative.