Gartner defines the network firewall market as the market for firewalls that use bidirectional stateful traffic inspection (for both egress and ingress) to secure networks. Network firewalls are enforced through hardware, virtual appliances and cloud-native controls. Network firewalls are used to secure networks. These can be on-premises, hybrid (on-premises and cloud), public cloud or private cloud networks. Network firewall products support different deployment use cases, such as for perimeters, midsize enterprises, data centers, clouds, cloud-native and distributed offices.
Cloud firewalls: These firewalls from cloud infrastructure vendors are designed for cloud-native deployment as separate virtual instances or in containers. Container firewalls can also secure connections between containers.
Hybrid mesh firewalls: These are platforms that help secure hybrid environments by extending modern network firewall controls to multiple enforcement points, including FWaaS and cloud firewalls, with centralized management via a single cloud-based manager.
Firewall as a service (FWaaS): A FWaaS is a multifunction security gateway delivered as a cloud-based service, often to protect small branch offices and mobile users.
Networking: This includes support for routing tables with destination network address translation (DNAT) and static network address translation (SNAT) capability.
Stateful inspection: This enables inspection of traffic based on stateful firewall rules.
Threat detection and inspection: This includes intrusion prevention system (IPS) and malware inspection capabilities.
Web filtering: This includes filtering of outbound traffic for HTTP and HTTPS and applications.
Advanced logging and reporting: All actions of firewall administrators can be logged, and reports can be customized and run based on different object types and traffic types. Threat-based and web-filtering-based granular reports can be generated.
Internet of Things (IoT) security: This is achieved either using a module built into threat detection controls or via a dedicated subscription integrated within network firewall offerings. Specific features may include discovery of IoT devices, risk analysis and dedicated rules to block attacks related to these devices. Also, IoT signatures as a part of IPS signature base.
Network sandboxing: Network sandboxing monitors network traffic for suspicious objects and automatically submits them to the sandbox environment, where they are analyzed and assigned malware probability scores and severity ratings.
Zero trust network access (ZTNA): Zero trust network access (ZTNA) makes possible an identity- and context-based access boundary between any user and device to applications.
Operational technology (OT) security: This includes integrated or dedicated features related to protecting an OT environment. Stand-alone OT security offerings are not considered here. Features may include dedicated OT-related threat intelligence, dedicated IPS signatures for OT devices, support for supervisory control and data acquisition (SCADA) applications and threat inspection.
Domain Name System (DNS) security: This secures traffic to DNS by offering monitoring, detection and prevention capabilities against DNS layer attacks.
Software-defined wide-area network (SD-WAN): This provides dynamic path selection, based on business or application policy, centralized policy and management of appliances, virtual private network (VPN), and zero-touch configuration
As network firewalls evolve into hybrid mesh firewalls with the emergence of cloud firewalls and firewall-as-a-service offerings, selecting the most suitable vendor is a challenge. Gartner assessed 17 Network Firewall vendors to help security and risk management leaders make the right choice for their organization.
Fortinet was recognized in 2022 Gartner® Magic Quadrant™ for Network Firewalls for the 13th time. It leads for appliance-based distributed-office use cases, thanks to its offer of mature SD-WAN and firewall capabilities in a single box.
The company’s FortiGate Next-Generation Firewalls deliver seamless AI/ML-powered security and networking convergence over a single operating system (FortiOS) and across any form factor. This includes hardware appliances, virtual machines, and SASE services.
Integrated SD-WAN: Fortinet offers built-in advanced SD-WAN and routing capabilities in FortiGate firewall appliances. Fortinet offers a complete SD-WAN package, with features including forward error correction, packet duplication, and intelligent and dynamic app routing.
Hybrid ZTNA deployment: Fortinet offers flexible ZTNA deployment modes. ZTNA enforcement is part of the FortiGate operating system (FortiOS) and can be deployed on-premises or as a service as part of FortiSASE (a stand-alone offering). The vendor has also introduced an in-line CASB integrated with ZTNA capabilities.
Product portfolio: Fortinet has a large product portfolio. It offers products for networking, network security and security operations. The majority of its products can be managed through a single management interface and offer integration through the Fortinet Security Fabric.
Centralized management: Fortinet offers mature on-premises and cloud-based centralized management through FortiManager and FortiCloud, respectively. These offerings have feature parity and support centralized management of the majority of Fortinet’s devices. FortiGate customers like the ease of management and configuration of Fortinet’s firewalls.
FortiGate NGFWs offer (Source: Fortinet):
- Powerful security and networking convergence. Secure networking services like SD-WAN, ZTNA, and SSL decryption are included – no need for extra licensing.
- Best price-per-performance. Our unique ASIC architecture delivers the highest ROI plus hyperscale support and ultra-low latency.
- AI/ML-powered threat protection. Multiple AI/ML-powered security services stop advanced threats and prevent business disruptions.
Palo Alto Networks was among the 17 vendors that Gartner evaluated for its 2022 Magic Quadrant for Network Firewalls, which evaluates vendors’ Ability to Execute as well as their Completeness of Vision. Palo Alto Networks believes its vision of offering best-in-class security as part of an integrated network security platform, combined with its commitment to customer success, has helped the company earn a Leader position for the 11th consecutive year.
“From the industry’s first Next-Generation Firewall in 2007 to the most recently announced PAN-OS 11.0 Nova, Palo Alto Networks relentless innovation helps provide powerful protection for customers. We are honored to be recognized as a Leader in eleven consecutive Gartner Magic Quadrant for Network Firewalls reports,” said Anand Oswal, senior vice president for Products, Network Security. “We believe this recognition by Gartner is a testament to both our innovation, using ML and AI to stop the most evasive threats, and our ability to simplify network security for our customers with a consolidated platform approach.”
Palo Alto Networks believes its leader position in network firewalls is fueled by:
- Best-in-class security that prevents zero-day threats: Modern malware is now highly evasive and sandbox-aware. To address this, the recently announced PAN-OS 11.0 Nova introduced the new Advanced WildFire® cloud-delivered security service, which provides unprecedented protection against evasive malware. Advanced Threat Prevention (ATP) now helps protect against zero-day injection attacks in addition to highly evasive command-and-control communications. Additionally, Advanced URL Filtering offers industry-first prevention of zero-day web attacks with inline machine learning capabilities.
- Strength in SASE: The industry’s most complete SASE solution, Prisma® SASE simplifies secure access by connecting all users and locations with all apps from a single product. The superior security of ZTNA 2.0 protects both access and data to dramatically reduce the risk of a data breach, while a cloud-native architecture with integrated Autonomous Digital Experience Management (ADEM) provides exceptional user experiences.
- Helping customers improve their security posture: Palo Alto Networks AIOps helps customers adopt best practices with guided recommendations, reduce misconfigurations that can lead to security breaches, and predict network-impacting issues before they occur. AIOps, launched earlier this year, now processes 49 billion metrics monthly across 60,000 firewalls and proactively shares 24,000 misconfigurations and 17,000 firewall health and other issues with customers for resolution every month.
- A comprehensive product portfolio offered as a platform: Palo Alto Networks offers multiple cloud-delivered security services that work together to prevent attacks at every stage of the attack lifecycle. These security services are offered as part of a network security platform, which makes it easy for customers to consume these services while consistently protecting their data centers, branch offices and mobile workers as well as applications in multicloud and hybrid environments with best-in-class security everywhere.
Since the Gartner evaluation, Palo Alto Networks has further strengthened its NGFW capabilities with the announcement of the latest version of its industry-leading PAN-OS® software, PAN-OS 11.0 Nova. The innovations announced also included the new Advanced WildFire cloud-delivered security service, which brings unparalleled protection against evasive malware, enhancements in the Advanced Threat Prevention service and new fourth-generation ML-powered NGFWs. The company has also taken strides to enhance its customer support experience and grown its Global Customer Service organization.
To learn more about Palo Alto Networks recognition in the 2022 Gartner Magic Quadrant for Network Firewalls, please visit:
To read a complimentary copy of the 2022 Gartner Magic Quadrant for Network Firewalls, please visit:
Register for the Palo Alto Networks PAN-OS 11.0 Nova launch event here:
To learn more about the Palo Alto Networks Next-Generation Firewall platform, visit: