Which firewall to choose. Comodo Firewall is the best free firewall. Protection of personal information

A firewall, or as it is also called a firewall, firewall and firewall, monitors and controls system connections between your computer, the network and the Internet in order to promptly detect and prevent attacks and intrusions. Programs of this class are especially useful in cases where it is necessary to control the Internet activity of installed applications.

No other free product makes the user more sad than a firewall. And the reason is simple, the process of finding a suitable firewall necessarily involves a process of trial and error. Good firewall should protect the system without being too intrusive or difficult to manage and configure. This review will provide you with the best free firewalls (according to this site) available today. As with all reviews, recommendations and advice are made based on experience different people. Therefore, if you have ideas or interesting opinions, they are always welcome.

Note: The reader should understand that powerful firewalls with flexible rules settings always require knowledge in the field of network design. However, even in their case there must be a more or less clear way of administration.

There are two types of firewalls - programs and hardware devices. Firewalls, which come in the form of programs (which are discussed in this article), are installed on your computer and run in the background to closely monitor system activity in real time. As with many security features, to avoid potential conflicts that may even involve manually deleting files from boot drives, it is recommended to install only one firewall. Hardware firewalls are usually special device with logic hardwired into the circuits and modules optimized for filtering (for example, special processors whose instruction system includes operations with IP addresses). You can use software and hardware firewalls together. For example, modern routers typically include a built-in firewall and, depending on the type of router, it may not only be firmware (as device programs are called), but also partially implemented at the chip level.

Having a basic firewall has long been critical to keeping your computer safe, which is why many antivirus programs are gradually incorporating some firewall functionality. Simple firewalls, like the default Windows Firewall, allow you to restrict access to your system and personal information, silently protecting you from incoming threats. As part of the review, we will look at several basic firewalls that allow you to protect Windows a little better than a standard security tool can do, for example, they monitor attempts by programs to open outgoing connections to the Internet (this action refers to outgoing threats).

Note: The reader should understand that the standard Windows firewall provides fairly limited capabilities for protection against outgoing threats. Third-party apps usually offer a wider range of features.

Proactive firewalls offer more advanced protection, including intrusion detection and prevention systems based on the collection of statistics on program behavior and heuristic analysis, which allows them to protect the computer from a wider range of threats. These firewalls strive to create strong two-way protection, stopping not only incoming threats, but also protecting you from programs transmitting your personal information to the Internet. The disadvantage of such firewalls is that they are more difficult to use and require more money.

It is important to understand that today, having a firewall and antivirus (either separately or as a single solution) is considered the minimum required basic approach to keeping your computer secure.

Note: On different parts you can find a lot of sites useful information about security, such as a review of intrusion detection and prevention programs for home use.

Tips and precautions:

Before installing security products, including antiviruses and firewalls, you should consider creating a full disk image. By creating such an image, you can restore your system back to previous state in cases where, after installing and configuring protection tools, critical errors in the system, for example, due to incorrect installation of components or you have changed critical settings systems. In addition, images allow you to cope with complex viruses or simply random conflicts in the system. For example, some system drivers may simply be incompatible with each other, causing your system to suffer. Beginning with Windows Vista Ultimate, the system includes a standard backup and recovery tool, but you can also use free programs to create a disk image.
To verify the complete removal of third-party firewalls and other security tools, it is recommended to use uninstallers, since services, registry entries, and other system objects may remain after removal.

Basic firewalls and firewalls

Preface or a few words about the built-in windows firewall

The built-in Windows Firewall is a more common choice of users, as it allows you to protect your computer from incoming threats and does not bombard you with pop-up messages. Also, the Windows firewall does not require installation (we are talking about versions of Windows where a firewall is included by default) and practically does not conflict with other programs. In addition, many average users cannot properly respond to pop-up notifications due to a lack of basic network knowledge.

So if you need to scan your system for viruses and you do not want (need) the additional capabilities of third-party firewalls, in other words, the level of risk is very low, then Windows Firewall may be exactly the solution you need due to its simplicity and undemanding.

Alternatively, you can download a third-party firewall and replace the standard Windows firewall with the base one for easier control of outgoing connections and for additional features. Most two-way firewalls are limited to simple questions like allow or deny Internet access for unknown programs. And also, many firewalls automatically configure access to a pre-configured list of programs (often this list includes most popular applications) and save your decisions in their database. So, after some time, you will hardly see any notifications.

And as an option, you can also use proactive firewalls by first disabling heuristics and analysis in them. In addition, this option may be even more suitable, since proactive firewalls, due to their complexity, simply contain a larger list of preliminary rule templates and access settings.

This is a well-made firewall for controlling outgoing and incoming operating system connections, which is suitable for users of any level. ZoneAlarm protects the system from intrusions and also controls program access to the Internet. The firewall has an easy to understand interface. You can configure security settings to suit your own needs, including shared (public) files and printers, network settings, and more. You can even turn off the firewall if necessary (by the way, the standard Windows firewall lacks quick access to this feature). All setup is done using simple elements controls (sliders and others), so in most cases you will need a few clicks of the mouse. To make it easier for users to get used to the program, when starting for the first time, ZoneAlarm prompts you to scan installed programs and setting access permissions/denies for them. Please note that this first scan does not always allow you to set access correctly.

The first time after installation, you will have to monitor and adjust the actions of ZoneAlarm to make sure that all programs have a sufficient level of Internet access. But, pop-ups are very simple and are presented in an "allow/deny" format with a checkbox to remember the selected action. Even novice users can easily figure it out (the name of the programs will also be indicated in the message).

You can set the program control level that suits you. Low level involves learning mode (the firewall remembers all programs that use the network), disabling protection and a minimum number of pop-up windows. The middle level assumes that any access to a trusted network or the Internet will be done with permission. High level is not provided in the free version of ZoneAlarm. You can set any of the levels at any time. Using the "Smart Defense Advisor" module, Firewall will suggest the most commonly accepted option for non-rule programs by users around the world. You don't have to use this module (although it will be very useful for beginners).

Setting up Internet zones includes a trusted zone, which implies local network with shared files, printers, etc., and an Internet zone for access from the network. Each zone has a simple control format of 3 options: "no security" (firewall disabled), "medium" (exchange/sharing of resources such as files and printers) and "high" (allows use of the network, but blocks someone on the network accessing your system). Medium level is recommended for home networks with more than one operating system, and for cases where devices (routers, routers) require this. A high level is recommended for single machines with Internet access (for example, there is only one computer at home and there is no internal network), as well as for public places where you are going to go online (WiFi in restaurants, etc.).

Overall, ZoneAlarm Free offers basic two-way protection with stealth mode and anti-phishing protection. However, the firewall lacks heuristic and behavioral modules, as well as the ability to allow/block access between programs.

It is worth noting that from version to version, the firewall becomes a little lighter in terms of functionality. Perhaps this is only a temporary dynamic, but still.

It will be a good choice for those who aim to use the built-in Windows firewall. Despite its name, the program is compatible with Windows XP and higher. In a few words, Windows 10 Firewall Control allows you to more conveniently and simply configure blocking and application access to the Internet in the standard Windows firewall. This firewall also adds a better way to manage outgoing connections. It is based on the Windows Filtering Platform, which also powers the standard firewall. Therefore, unlike most other firewalls, the application does not install any drivers on the system. User interface made very simple and clear. It displays only what the program can do, i.e. a block with settings to “allow/deny” access and nothing more.

There are three modes in total - “normal”, “allow all” and “disable all”. The latter mode completely disables access to applications, regardless of firewall settings. The “allow everything” mode is self-explanatory, meaning unhindered Internet access for all applications (similar to turning off the firewall). If you do not need to test something, then normal mode is recommended - Internet access for programs will be provided depending on individual settings.

In normal mode, when the program tries to access the Internet for the first time (after installing W10), a pop-up window will appear with information about the application, publisher, etc. You can allow or deny access either one-time or permanently. If you select the first option, the next time you start the program the window will appear again.

In addition to pop-up windows for selecting Windows 10 Firewall Control actions, small windows also appear in the lower right corner of the screen with access information (access blocked/allowed, etc.). These notifications can be turned off in Settings.

That's basically all this firewall can do. The disadvantages include the fact that you will have to configure access for all your applications, from the browser to the antivirus, which can be somewhat annoying in its routine. However, Windows 10 Firewall Control allows for much easier and more convenient control over the built-in Windows firewall than the operating system offers.

It is a lightweight firewall that is based on the standard Windows firewall. It is completely free of pop-ups, so this firewall may be ideal for those who need a "set it up and go do other things" solution. The installer for this program weighs only about 1 MB. Installation is simple, but, unfortunately, does not include the ability to select the installation location. After installation, the firewall runs in the background with an icon in the system tray. All program functions are accessible only from the system tray - there is no “main window” interface in it. In the pop-up menu, the user can select the necessary items, in particular, firewall mode, general network activity, add/exclude applications/processes and call up a dialog with firewall settings.

The firewall settings dialog box is also quite modest. General settings, with the ability to set a password to protect settings. A section that specifies applications that are allowed to connect to the network. There is also a "Detect" function that will try to detect known applications so that the user does not have to add programs manually. In addition, TinyWall can recognize related processes of one application. For example, if you have a program that runs multiple processes, then adding the program to White list, all open connected processes will also have access to the Internet.

It should be noted that when adding a program to the exclusion list, the application is not limited to UDP and TCP traffic. Depending on the nature of the program, it may be more prudent to limit it to, for example, only "outgoing" traffic.

The special exceptions tab allows the user to set Extra options. In particular, choose to allow or block access for system services. If you are not very computer savvy, it is recommended to leave the settings as they are. On the maintenance tab, you can import/export settings, check for versions, and also go to the developer page.

Overall, TinyWall is a lightweight firewall that is a good choice for those looking for an unobtrusive and easy to manage firewall.

Firewalls and firewalls with intrusion detection and prevention systems

Preface or a few words about firewalls with intrusion detection and prevention systems

The following firewalls and firewalls provide better network protection and also support various options execution of intrusion detection and prevention systems. Every firewall comes with default settings, so very few adjustments may be required depending on the user's needs

The firewalls in this section require more knowledge and time from the user to set up and become familiar with than basic firewalls, but they allow you to provide more high level protection.

When choosing a suitable firewall, you should not rely on publicly available independent testing and other claims, as testing verifies the effectiveness of maximum settings, while most users have a simpler level of protection (after all, they want to use the Internet, and not sit in a trench with access to one site). Therefore, most firewall developers strive to ensure maximum “friendliness” of functionality, sometimes with a lower level of security settings (disabling monitoring of some indicators).

Please take these circumstances into account.

This is a solid firewall for those users looking for a full-featured security package. This product is mostly intended for experienced and tech-savvy users. Its intrusion detection system is called "Defense+" and matches or even exceeds the capabilities of paid products. Komodo firewall provides quite a lot of control and settings, which will especially appeal to curious and restless users whose task is to ensure the maximum level of security.

Comodo includes protection against buffer overflow attacks and a lightweight sandboxing option that allows you to check unknown applications and program installations to see how their launch will affect the computer's operating system. Using a sandbox limits negative consequences malware. Komodo contains a long list of known, trusted applications, but if an unknown application tries to gain access through the firewall, Comodo will first restrict the program and ask you what to do with it. In addition, all the functionality to control ports, protocols and configurations will be at your disposal.

During installation, you will have three options to install the firewall - "firewall only", "firewall with an optimal set of proactive protection" and "maximum proactive protection" (i.e. "Defense+", as mentioned earlier). After Comodo installations automatically selects "Safe Mode" which will result in numerous pop-up notifications for apps that are not included in the list trusted programs. If you select allow/deny and choose to remember the response, Comodo will create and save a custom rule for the application, which you can always edit from the general list.

If you select the mode clean computer(Clean PC Mode), Defense+ will automatically mark all applications on your disk as safe. Please note that if there is a virus among the programs, it will also be considered safe, so use it carefully this function and only in cases where you are truly confident in the safety of the programs. However, these applications will still be monitored, albeit at a minimal level - checking Comodo protected objects (registry and COM interface), monitoring established rules, etc. Any files you add will be automatically added to the review list, flagged as potentially unsafe, and running them will result in pop-up messages as if you were using Safe Mode, until you set rules.

Comodo reduces the frequency of alerts by automatic detection programs as safe, based on Internet access rules. However, you can further reduce the number of Defense+ alerts using one or more methods:

Immediately imply your answer as "remember answer" for all warnings. In other words, when any application is launched for the first time, the answer will immediately be implied as permanent solution. However, you must use this setting carefully, as from time to time applications need to temporarily grant or deny access
Add programs to lists of safe or trusted files
Use clean computer mode. It is recommended to first make sure that the programs on your disk do not contain viruses and Trojans

Generally, Comodo Firewall a powerful firewall with a lot of flexible settings, which is perfect for providing a high level of protection. However, it is aimed at those users who have some knowledge of Windows device and networking. Beginner users are strongly advised not to use this firewall.

The former commercial firewall is now free without restrictions. This proactive, multi-layered security solution includes behavioral blocking technology that monitors and checks for viruses, spyware, malware, process and application security, the registry, and more along with standard firewall protection. Private Firewall can certainly be called a multifunctional firewall with an intrusion detection and prevention system.

The program's user interface may seem a little confusing and cumbersome. There are a lot of customizable options, so sometimes it can feel a bit lacking in sorting. Of course, each section contains quite a lengthy reference with explanations, but still. The training mode allows you to allow all program actions within 180 seconds, which is ideal for quickly setting up rules for newly installed programs (no need to create dozens of rules for each port, protocol and address). However, be prepared that the first launch of the firewall may lead to blocking of a number of seemingly well-known programs.

You can set different security levels (high, low, and custom) for your internal network and the Internet. In other words, for example, if you have a couple of computers or a printer on your home network, then there is no point in limiting them in the same way. You will also have three profiles at your disposal - Home, Office and Remote. You can set the appropriate settings for each and easily switch as needed, especially useful for laptops. Another useful feature is that you can block outgoing mail in one click, which is convenient when you have launched an email client and don't want the application to send emails randomly or on a schedule.

Overall, Private Firewall is a fairly effective firewall that has fairly good ratings on the Internet. Nevertheless, GUI and ease of use will be more appreciated by technically savvy users. A beginner will simply be confused.

The firewall is a good choice for users who want flexible security settings without compromising ease of use. Its interface is carefully organized and retains its functionality (it can be easily navigated by ordinary users). For example, alerts are simplified but just as functional, so you can quickly and easily set up rules or apply actions. In addition, the firewall remembers all responses in pop-up messages without the need to create additional rules, notifies you of all configured rules in training mode, and notifies you of all automatically applied rules, for example, for browsers when changing versions.

The free version lacks many of the additional features of the paid version, such as the ability to disable active connection. However, there are plenty of opportunities. You can choose 5 levels of protection, ranging from complete blocking connections and ending with the permission of all actions, including the average manual training mode "Rules Wizard". In addition, the Outpost firewall controls various dangerous application activities, including memory injection, driver loading, and access to critical system objects (registry, files). Also, the Outpost database includes quite a lot of pre-configured rule templates, so setting up Internet access for applications will most often consist of a couple of mouse clicks.

The installer will ask you if you want the firewall to train for a week (using auto-learning mode and manual training "Rules Wizard"). In this mode, the firewall will automatically set rules for known safe applications.

Overall, Outpost Firewall Free is a good choice for those looking for a balance of functionality and interface.

The firewall differs from its counterparts in that it comes with additional security modules, namely the registry, pop-up blocker and parental controls - something like a packaged solution. Firewall is less customizable than the previous firewalls listed in the review, but many standard sections are still available. Three levels of protection - off (turns off the firewall), custom (allows you to configure rules for connections) and high (blocks all connections). Each section in the program interface is designed quite cleanly. Alerts generally provide clear and concise information.

The registry protection module provides control and security of the registry for modifications, with the ability to configure specific sections. The Parental Control module, as the name suggests, limits the available list of sites, but you need to manually add each site. The module problem is in logic. You can only allow certain websites, you cannot just block individual sites. The pop-up blocker monitors browser behavior and blocks pop-up ads and more. All these three additional modules can be disabled individually. AVS Firewall also comes with a monitoring utility so you can check the amount of network traffic passing through for each application.

During the installation of this firewall, the installer automatically installs the AVS Software browser. Unfortunately, there is no option to opt out, but after installation you can remove it separately without any consequences for the firewall.

Overall, AVS Firewall is a pretty good firewall that will appeal to those who need to provide more security than in the case of basic firewalls, and who do not want to delve too deeply into the specifics of the network design.

Note: AVS Firewall is no longer supported by the manufacturer.

Other firewalls and firewalls for Windows

Although it is rare to see older operating systems, such as 98 or Me, they still should not be left unprotected, especially if they are not hidden behind other systems with firewalls. Therefore, if for some reason you use them, then here is a small list of firewalls and firewalls for Windows 95-2000. Please note that these firewalls are no longer supported by the manufacturers and may contain errors or lead to problems that, most likely, no one except you will consider. However, having an opportunity is better than not having one.

Sygate Personal Firewall (Windows 2000/XP/2003) [no longer supported]
NetVeda Safety.Net (Windows 95/98/Me/NT/2000/XP, requires registration) [no longer supported]
Filseclab Personal Firewall (Windows 95/98/Me/NT/2000/2003/XP 32-bit) [no longer supported]

Anyone who has ever thought about the question “which firewall to choose?” has probably encountered the magic square Gartner(a well-known analytical agency).

At the end of June 2017 Another market report has been released Unified Threat Management (UTM) - Magic Quadrant for Unified Threat Management (SMB Multifunction Firewalls) and in July 2017 Enterprise Firewalls - Magic Quadrant for Enterprise Network Firewalls. If you are interested in finding out who was among the leaders, how the situation has changed over the past year and what trends are observed, then welcome to the cat...

UTM Market:

Let me remind you that according to Gartner’s definition:

“Unified threat management (UTM) is a converged platform of point security products, particularly suited to small and midsize businesses (SMBs). Typical feature sets fall into three main subsets, all within the UTM: firewall/intrusion prevention system (IPS)/virtual private network, secure Web gateway security (URL filtering, Web antivirus) and messaging security (anti-spam, mail AV). ”

That is, platforms fall under this definition network security, aimed at small companies (Small) and slightly larger companies (Midsize) (under small companies (Small and Midsize Business), Gartner considers companies with employees from 100 to 1000 people). UTM solutions usually contain today's typical firewall functionality, an intrusion prevention system (IPS), a VPN gateway, a web traffic filtering system (URL filtering, streaming antivirus system for web traffic), and a mail traffic filtering system (filtering spam messages and an anti-virus system for mail traffic), and of course we cannot forget about the basic routing system and support for various WAN technologies.

It’s interesting that, judging by Gartner’s predictions, the firewall market by 2020 will will remain in approximately the same condition as it is now. In 2022 according to Gartner's predictions, solutions of the class will begin to come into use in SMB Firewall as a Service (FWaaS), i.e. cloud firewalls where client traffic will be tunneled, and the share of new installations in the SMB market will be more than 50%, compared to the current share of 10%. Besides, 2022 25% of SMB users will use their firewall as a monitoring tool and intermediate broker to provide inventory and control the use of SaaS resources, as a means of managing mobile devices, or as a means of enforcing security policies on end user devices (currently less than 2% of users use this functionality on firewalls). FWaaS solutions will be more popular for distributed branch structures, this decision 10% of new installations will use it, up from less than 1% today.

Since UTM solutions are aimed at relatively small companies (by Gartner's standards), it is clear that having received all the functionality from one box, the end customer will one way or another be content with compromises in terms of performance, network security efficiency and functionality, but for such customers it is also it is important that the solution is easy to manage (control via a browser as an example), the solution administrator can be trained more quickly due to simplified management, that the solution contains built-in tools for at least basic reporting; for some customers, the presence of localized software and documentation is also important.

Gartner believes that the needs of SMB customers and Enterprise customers are very different in terms of Enterprise's needs for the ability to implement more complex management policies, advanced capabilities in implementing network security. For example, Enterprise customers with a distributed branch structure often have branches that can be the same size as an entire SMB company. However, the criteria for choosing equipment for a branch are, as a rule, dictated by the choice of equipment at the head office (usually equipment from the same vendor that is used in the head office is selected for branches, i.e. Low End Enterprise class equipment), since the customer needs to have confidence in ensuring equipment compatibility, and in addition, such customers often use a single management console to ensure manageability of the branch network (where there may not be specialists in the corresponding profile) from the head office. In addition, the economic component is also important; a corporate customer can receive additional discounts for “volume” from manufacturers of internetworking solutions, including solutions for branch networks. For these reasons, Gartner considers solutions for distributed branch structures of Enterprise customers in the solution squares for the Enterprise segment (NGFW/Enterprise Firewall, IPS, WAF, etc.).

Separately, Gartner identifies customers with a distributed network of highly autonomous offices ( typical example– retail networks, where the total number of employees can be more than 1000 people), which, like a typical SMB customer, have rather limited budgets, a very large number of remote sites and usually a small IT/IS staff. Some UTM vendors even specifically focus on solutions for such customers more than for traditional SMB.

UTM as of June 2017:

And here’s what happened a year ago, in August 2016:

The list of UTM market leaders includes the same familiar faces – Fortinet, Check Point, Sophos. Moreover, the situation is gradually heating up - the positions of the leaders are gradually moving closer to each other. Juniper has moved from pursuers to niche players. SonicWall has improved its position a little.
What does Gartner think about the market leaders in the UTM segment individually:

A representative of the UTM market leaders, the SMB solution is represented by an enterprise-class firewall (Enterprise), which is quite easy to manage and has an intuitive graphical interface (GUI).

Headquarters are located in Tel Aviv (Israel) and San Carlos (USA). Check Point is a network security-focused vendor with more than 1,300 R&D employees. The product portfolio includes SMB and Enterprise class firewalls (Security Gateway), a specialized solution for endpoint protection (Sandblast Agent), a security solution mobile devices(Sandblast Mobile) and virtual firewalls (vSEC for private and public clouds). The current line of SMB class firewalls includes the 700, 1400, 3100, 3200, 5100, 5200, 5400, 5600 families, all devices were introduced in 2016/2017.

3. Sophos:

He is a representative of UTM market leaders. It continues to increase its market share due to ease of use, good functionality of the Security component, and successful integration with its own endpoint protection solution. A frequent guest on SMB customer shortlists, as well as for distributed networks autonomous offices.

Headquartered in Abingdon (UK), it employs more than 3,000 employees worldwide. The product portfolio contains a mixture of network security and endpoint protection solutions. The Sophos XG line of firewalls contains 19 models and was last updated in the 4th quarter of 2016, and the portfolio also includes the outdated Sophos SG line. Sophos UTM solutions are available as virtual applications with integration with IaaS platforms - AWS and Azure. Endpoint security solutions include Sophos Endpoint and Intercept X. The integration solution between Sophos UTM and Sophos Endpoint is called Sophos Synchronized Security. The vendor's portfolio also includes solutions for protecting mobile devices and providing data encryption.

Enterprise Firewall Market:

In 2011 Gartner has introduced a new definition to the Enterprise Firewall market – Next Generation Firewall (NGFW):

“Next-generation firewalls (NGFWs) are deep-packet inspection firewalls that move beyond port/protocol inspection and blocking to add application-level inspection, intrusion prevention, and bringing intelligence from outside the firewall. An NGFW should not be confused with a stand-alone network intrusion prevention system (IPS), which includes a commodity or nonenterprise firewall, or a firewall and IPS in the same appliance that are not closely integrated.”

Back then it was an innovation and there was a lot of controversy around it. Several years have passed, a lot of water has passed under the bridge, and now in 2017. Gartner no longer considers this to be any special advantage, but simply states the fact that all the leading players in this market have long acquired this functionality, and are now differentiating themselves from other vendors in terms of functionality.

According to Gartner forecasts by 2020. virtualized Enterprise class firewalls will occupy up to 10% of the market compared to 5% currently. By the end of 2020 25% of firewalls sold will include integration by cloud brokers of security connections to cloud services ( Cloud Access Security Broker, CASB), integrated via the corresponding APIs. By 2020 50% of new firewall installations will use outbound TLS inspection, up from less than 10% currently.

According to Gartner, the Enterprise Firewall market consists mainly of solutions for protecting corporate networks (Enterprise Networks). The products included in these solutions can be deployed as a single firewall, or in larger and more complex scenarios, including branch networks, Multitiered DMZs, and traditional “large” data center firewall deployment scenarios. and also include the ability to use virtual firewalls in the data center. Customers must also be able to deploy solutions within the public cloud infrastructures of Amazon Web Services (AWS), Microsoft Azure, and the vendor must have Google Cloud support in its roadmap within the next 12 months. Products must be able to be managed with highly scalable (and granular) management tools, have advanced reporting capabilities, and have a wide range of solutions for the network edge, data center, branch network, and deployment in virtualization infrastructure and public cloud. All vendors in this market segment must support fine-grained definition and control of applications and users. The functionality of Next Generation Firewall is no longer an advantage, but a necessity. So Gartner crosses out the term it coined, since this functionality is considered quite common and absolutely necessary in the Enterprise Firewall market. Essentially, Gartner considers NGFW and Enterprise Firewall to be synonymous. Manufacturers operating in this market place emphasis and build a sales strategy and technical support for large companies (Enterprises), and the functionality they develop is also focused on solving the problems of large companies (Enterprise).

Gartner says its research shows NGFWs are continuing the trend of replacing stand-alone IPS devices at the network edge, although some customers say they will continue to use dedicated Next Generation IPS (NGIPS) devices in a Best of Breed strategy. Many enterprise customers are interested in cloud-based Malware detection solutions as a cheaper alternative to standalone established solutions sandbox class ( Sandboxing Solutions).

Unlike the UTM market, the enterprise firewall market does not imply that NGFW solutions must contain all network protection functionality. Instead, Gartner sees the need for enterprise firewalls to specialize specifically in NGFW functionality. For example, Enterprise-class branch firewalls require support for a high degree of granularity in blocking network traffic, which must be included in the product base, an integrated service approach to processing network traffic is required, product management must be highly integrated, and not look like a hastily compiled compilation of different engines in one product . The level of protection and ease of configuration of enterprise-class firewalls for branch networks should not be inferior to solutions for the head office.

In 2017 Gartner focuses on TLS session termination solutions to ensure outbound traffic is inspected for threats such as malicious code downloads and botnet management. In some ways, the ability to inspect outgoing TLS traffic brings NGFW closer to lightweight DLP solutions, since decryption and subsequent inspection of outgoing TLS traffic makes it possible to ensure that sensitive data is not sent outside. However, some customers using this opportunity, may notice a significant performance hit when this feature is enabled due to the high overhead of TLS decryption.

Some advanced customers are planning, and some are already leveraging the capabilities provided by the Software Defined Networking (SDN) paradigm and leveraging micro-segmentation capabilities in a virtualized data center. These customers are looking at vendors with support for various SDN solutions, as well as their plans for further development towards SDN. Solution vendors are incorporating increasingly automated approaches to firewall policy orchestration to deliver the flexibility and business benefits that the SDN paradigm promises.

Let's now look at current situation with Gartner market square Enterprise Firewall as of July 2017:

And here’s what happened a year ago, in May 2016:

The list of long-time leaders in the Enterprise Firewall market includes Palo Alto Networks and Check Point. This year, Gartner moved Fortinet from Challengers to Leaders. Passions are heating up - the positions of the leaders in this segment are also approaching each other. Cisco was not able to take the lead this year either, remaining in the pursuers. But what surprises is Huawei, which, among the niche players, was quite confidently placed in the pursuer section.

What does Gartner think about the Enterprise Firewall market leaders individually:

1. Palo Alto Networks:

It is one of the leaders in the Enterprise Firewall market, also a pure Security vendor, based in Santa Clara (USA, California), with a staff of more than 4,000 employees. Produces firewalls since 2007, in 2016. revenues exceeded $1.4 billion. The portfolio of solutions includes Enterprise-class firewalls in physical and virtualized versions, endpoint protection solutions (Traps and GlobalProtect), collection, aggregation, correlation solutions, real-time threat analytics to support defensive measures (Threat Intelligence , AutoFocus), security solutions for SaaS (Aperture). The manufacturer is actively working to integrate solutions into a unified network security platform.

Palo Alto Networks recently released version 8 of the PAN-OS operating system with improvements for WildFire and Panorama, new SaaS security functionality, and user credential protection. An entry-level firewall model PA-220, a mid-range device PA-800 Series was also released, and the line of firewalls PA 5000 Series (new models 5240, 5250, 5260), which has been produced since 2011, was also updated.

He is a representative of the Enterprise Firewall market leaders. The product portfolio for the Enterprise market contains a large number of solutions, including NGFW firewalls and endpoint protection solutions, cloud and mobile solutions network security. Check Point's flagship products are enterprise security gateways (Enterprise Network Security Gateways include the 5000, 15000, 23000, 44000 and 64000 families). Cloud security is provided through a vSEC solution for private and public clouds, and there is also a SandBlast Cloud solution for SaaS applications. Endpoint protection solutions include SandBlast Agent and endpoint security solutions. mobile protection– Check Point Capsule and SandBlast Mobile. The SandBlast Cloud solution for scanning email traffic in Microsoft Office 365 was also released. In 2016. models 15400 and 15600 became available for large corporate customers, as well as 23500 and 23800 for data centers.

Recently, the new Hi-End platforms 44000 and 64000 were introduced, vSEC was released for Google Cloud, and a new software version R80.10 was released with improvements to the management console, improved performance and SandBlast Anti-Ransomware, which provides protection against ransomware-class malware. Also introduced is the new Check Point Infinity network security architecture, which integrates the security of networks, clouds and mobile users.

Check Point has also expanded its cloud-based anti-Malware solution, which can be integrated in front of SaaS email services. Check Point offers numerous software blades that expand the capabilities of the firewall, including advanced protection against malware - Advanced Mailware Protection (Threat Emulation and Threat Extraction), Threat Intelligence services - ThreatCloud IntelliStore and Anti-Bot. Check Point supports its firewalls in public clouds Amazon Web Services (AWS) and Microsoft Azure, integration solutions with SDN solutions from VMWare NSX and Cisco Application Centric Infrastructure (ACI) are available.

A Check Point solution should be on the short list of enterprise customers for whom price sensitivity is not as important as the granularity of network security functionality coupled with high quality centralized management for complex networks. It is also a good candidate for customers using hybrid networks consisting of on-premise equipment, virtualized data centers and clouds.

Only registered users can participate in the survey. Come in, please.

Which one is the best best firewall (Firewall) for Windows - this question plagues many Internet users, paid or free, software or hardware. This question can be answered immediately and almost unambiguously: the best firewall ( Firewall) this is a hardware one, but the best firewall ( Firewall) this is the one that is adjusted with straight hands...

As previously mentioned the best firewall ( Firewall) this is hardware, prices for which sometimes reach 50-70 thousand. but today’s topic will be a brief analysis of software firewalls ( Firewall) For Windows in terms of reliability/performance ratio...

Firewall (Firewall) an important element in your PC security arsenal. Unfortunately, the standard firewall ( Firewall) for Windows does not provide the desired functionality and blocks or allows only incoming connections, while all outgoing connections are allowed by default, although the reliability of the built-in Windows firewall (Firewall) without doubt.

The most popular firewalls today ( Firewall) for personal PCs this is:

You need to decide what is the decisive factor for you when choosing - ease of use or reliability/performance?! Above given list of the most common firewalls (Firewall) for Windows, in order of preference by our citizens. We will not delve into the details of each product, but will consider only the main points of the first two...

Agnitum Outpost Firewall Pro

Agnitum Outpost Firewall Pro developed by domestic programmers and is the most preferred firewall ( Firewall) among ordinary ordinary domestic users who almost never look at " Task Manager". Agnitum Outpost Firewall Pro more convenient to use and provides more extensive information about ongoing network events around your PC..

It is easy to use and provides good statistics about what is happening on the network, but ease of use does not mean reliability/performance! Ease of use " Agnitum Outpost Firewall Pro"costs the user an overuse of system resources and, in some places, regular BSOD. So for example the combination NOD32 v4.0 + Outpost Firewall 2.x called regular BSOD, Outpost Firewall older ones are more voracious for system resources, especially when downloading large files over a fast network connection and from servers with good performance!

The versions of " Outpost Firewall"above the 6th in which the process" acs.exe"When downloading large files over a fast network connection and from servers with good returns, it devours from 15 and up to 50% system resources, and sometimes even higher! And here it doesn’t matter setting the rules or disabling all additional features - it devours system resources ( CPU+Memory) no matter what and even in idle state ( CPU 8-15%)!!! In version " Outpost Firewall 7.5"named" Performance Edition":)) "acs.exe"When idle, it behaves less aggressively, but the time it takes to download large files over a fast network connection and from servers with good performance still eats up from 15 and up to 50%

Version " Outpost Firewall 4"not so voracious, but crashes were often observed when changing user accounts and more! No offense to the company's programmers" Agnitum"but they are still very far from products like" Comodo Firewall Pro", "Comodo Internet Security" or " Checkpoint Firewall-1"! Whatever one may say, Western developers are achieving greater success in the software field than domestic ones...

Comodo Firewall Pro

After long wanderings in search of the best firewall ( Firewall) my choice finally settled on " Comodo Firewall Pro 3.14"which is different from" Outpost Firewall"remarkably stops attempts at incoming connections and does not wildly devour system resources - when idle it uses no more 0-2% CPU and 3-4 MV. In addition, when complete shutdown or fall" Comodo Firewall Pro 3.14"which is unlikely, there is no access to the network, which cannot be said about " Outpost Firewall".

The program is able to independently analyze each potential threat and, if necessary, issue an appropriate warning. Wherein " Comodo Firewall"recognizes more than 10,000 different applications in various categories ( for example, “safe”, “spyware”, “adware”, etc.).

"Comodo Firewall"also has proactive protection, proactive protection includes HIPS ( Host Intrusion Prevention Systems) - a system for repelling local threats. The task HIPS is to monitor the operation of applications and block potentially dangerous operations based on specified criteria.

Main characteristics " Comodo Firewall Pro":

- Complete constant control and protection of your personal computer from Internet attacks, Trojans, hackers, malicious scripts and other unknown threats.
- Free updates - Comodo Firewall Pro will notify you about the availability of updates and, after your consent, will install them.
- Full control for the activity of programs on the Internet.
- Control over software updates.
- Real-time traffic monitoring gives you the ability to instantly respond to possible threats.
- Simple, intuitive multilingual interface ( including Russian).
- Free for home and other online users.

"Comodo Firewall Pro"by default it does not provide statistics on all rejected attempts at incoming connections, but if you create certain rules and properly configure it, you can get these statistics. My choice is definitely in favor of " Comodo Firewall Pro 3.14"and I think that it will remain unchanged... Why version 3.14, and not 4.x or 5.x? - yes, because version 3.x concentrates the most basic functions without unnecessary bells and whistles and is less demanding resources than 4.x or 5.x?...

According to the website matousec.com, Comodo products continue to occupy first positions among test participants: http://www.matousec.com/projects/proactive-security-challenge/results.php

The truth in " Comodo Firewall Pro"there are no such useful features as blocking of active elements and the statistics are poor, but this shortcoming in favor of saving system resources can be compensated by the browser" Firefox"and plugins" AdBlock " + "NoScript", and if necessary, we will collect statistics using other programs...

wipfw

wipfw- This is an analogue of the ipfw console firewall, but only for Windows. It has more features compared to the standard firewall from Windows XP. Can limit the number of connections from a specific IP address or range of IP addresses. It is possible to identify packets by the set flags SYN, FIN, etc.

If you used a personal computer in the 90s, you probably thought that firewalls were needed for organizations, but not for ordinary users. It took the ZoneAlarm team several years to convince consumers of the need for reliable network protection using a firewall. ZoneAlarm Free Firewall has been developing all this time, and its interface has been transformed. The product remains an excellent choice for users who want more features than Windows' built-in security offers.

The program installs instantly and starts working immediately. The main window is made in gray, green and blue tones and contains three large panels: Antivirus, Firewall and Personal Data Protection (Identity & Data). The antivirus panel is grayed out - it is assumed that the user can use the solution with any preferred antivirus, for example, the free AVG AntiVirus Free or Panda Free Antivirus. When installing the product, you can optionally choose to install ZoneAlarm Free Antivirus + Firewall 2017.

Protection against hacker attacks

ZoneAlarm has not received major changes since the previous release, which means it is still effective in countering network attacks. During testing, port scans and other types of web attacks were carried out, but the product reliably fended them off. ZoneAlarm successfully put all system ports into stealth mode, making them invisible to attacks coming from the Internet.

ZoneAlarm invented the concept of a firewall protection mechanism against direct targeted attacks. During testing, it was not possible to terminate program processes or interact in any way with Windows services- in all attempts the message “Access denied” was displayed. Disable protection by manipulating system registry it didn't work either.

Intrusion prevention is a feature that is associated with firewall technologies, but this is not entirely true. When attacking test system using 30 exploits generated by the CORE Impact tool, ZoneAlarm did not react at all. However, the attacks were not able to compromise the security of the system because security patches were installed in a timely manner.

By comparison, Symantec Norton AntiVirus Basic blocked two thirds of exploits on network level, ensuring that they cannot get on target system. Kaspersky Internet Security performed well in this test - the product blocked about half of the exploits.

ZoneAlarm assigns networks to the Public Zone or Trusted Zone. By default, the security level is raised to the maximum level when connecting to a public network. The user will be able to connect to the network, but other devices on it will not be able to communicate with the user's device. Installed in the trusted zone average level security, it becomes possible to exchange files and send documents for printing.

Application Control

The built-in firewall in Windows is effective at blocking external attacks. The main reason for choosing a third-party firewall is to gain application control functionality, which helps prevent unwanted applications from using the network and Internet.

In earlier versions of ZoneAlarm, the user had to decide for himself which programs could access the Internet. Numerous pop-up queries confused users. Allow or block? Who knows! In recent years the company has added a cloud database famous applications. ZoneAlarm can now automatically set the appropriate network permissions for almost any program you use.

If you look into the settings in detail, you will find a slider that sets the security level for application control. Available values: off (off), minimum (Min), average (Med) and maximum (Max). The default level is set to medium - in this mode, ZoneAlarm does not screen all programs. The product detected an attempt to access the Internet from a custom browser and automatically allowed access.

When the maximum security level was set, ZoneAlarm began to respond to all unknown programs and display a request to allow or block access. This security regime had other noticeable effects. Thus, the behavioral analysis component OSFirewall switched to an enhanced mode of operation and notified about a wide range of actions that may indicate malicious activity, but may also be signs of a safe program.

When trying to install 20 old PCMag utilities, ZoneAlarm generated at least one alert for each application. One of the installed utilities caused four warnings to be displayed. Similar function Comodo Firewall 8 generated even more warnings.

Protection of personal information

On the Data Protection (Identity & Data) page in ZoneAlarm you will find additional ways strengthening security. To begin with, you can activate cloud storage 5 GB backups offered by ZoneAlarm's partner, IDrive. The same storage can be obtained directly from IDrive.

Another ZoneAlarm partner, Identity Guard, offers a free one-year subscription to personal data protection. After registering and entering data, the service warns about various events, for example, data verification or potential account takeover. You can access the Data Theft Help Desk.

Identity Lock offers a completely different approach to protecting personal data. The user simply adds confidential data to a special safe. ZoneAlarm allows you to save 15 various types data, including credit card numbers, online store passwords, and even your mother's maiden name. It is also possible to use a different category.

For each object, you can set one-way encryption, otherwise the data will be at risk. You should also leave activated options data protection for the Internet and email.

If you set the Identity Lock protection level to high, the function will block data transfer from your computer until you visit a web resource that you personally define as trusted. Personal information is replaced with asterisks. In medium security mode, Identity Lock displays a warning and suggests blocking the transfer. During testing, there were cases where data was sent despite attempts to block the transmission. Additionally, Identity Lock cannot protect data transmitted to HTTPS-protected sites.

Easy win

Previously, there was fierce competition in the third-party firewall segment, but systematic improvements to the Windows Firewall have eased this competition. Paid firewalls found themselves in a particularly disadvantageous position, the need for which dropped sharply with the advent of free and effective system protection.

ZoneAlarm remains PCMag's Editors' Choice in the third-party firewall category. The product shares the title with Comodo Firewall 8, which, however, has not been updated for quite some time. If you want advanced firewall protection, then feel free to choose these solutions.