Finding your suitable readers for next generation firewall appliance is not easy. You may need consider between hundred or thousand products from many store. In this article, we make a short list of the best readers for next generation firewall appliance including detail information and customer reviews. Let’s find out which is your favorite one.
580 reviews analysed
1. Fortinet FG-60E-BDL Fortigate Next Generation (Ngfw) Firewall Appliance Bundle with 8×5 Forticare and Fortiguard
2. Fortinet FortiGate-60E / FG-60E Next Generation (NGFW) Firewall Appliance, 10 x GE RJ45 Ports
- FortiGate-60E Base Model | FG-60E
- Includes 8×5 Trial Support
- 10 x GE RJ45 ports (including 7 x Internal Ports, 2 x WAN Ports, 1 x DMZ Port). Max managed FortiAPs (Total / Tunnel) 30 / 10
- Firewall Throughput: 3 Gbps | New Sessions: 30000 | IPS: 400 Mbps | SSL VPN: 150 Mbps
- Dimensions(in): 1.5 x 8.5 x 6.3 | Weight(lbs): 2
3. Fortinet FortiGate-50E / FG-50E Next Generation (NGFW) Firewall Appliance, 7X GbE RJ45 Ports
Fortinet FortiGate-50E / FG-50E Next Generation (NGFW) Firewall UTM Security Appliance – 7x GE RJ45 Ports (including 2x WAN Port & 5x Switch Ports) – (Hardware only – No subscription services are included)
4. Fortinet FG-30E-BDL FortiGate Next Generation (NGFW) Firewall Appliance Bundle with 8×5 Forticare and FortiGuard
The FortiGate/Forti Wi-Fi 30E are compact, cost effective, all-in-one security appliances that deliver Fortinet’s Connected UTM. Ideal for small business, remote, customer premise equipment (CPE) and retail networks, these appliances offer the network security, connectivity and performance you need.
5. Zyxel Next Generation VPN Firewall with 1 WAN, 1 SFP, 4 LAN/DMZ Gigabit Ports [USG20-VPN]
- High Performance Gigabit Ports 1x Internet (WAN) Port, 4x Local Network (LAN) Ports, 1x SFP Gigabit Fiber (SFP WAN) Port for Uplink to Fiber Internet Services
- Up to 90Mbps Encrypted VPN throughput (IPsec/L2TP: 10 Concurrent, SSL: 5 Concurrent Upgradable to 15 Max) for Secure Remote Access, Office to Office or Device to Office
- Up to 350Mbps Stateful Packet Inspection (SPI) Firewall and 20,000 Max TCP Concurrent Sessions ideal for Small Offices <
- 10 Users
- FANLESS design and Desktop Form Factor for quiet no noise 0dB operation and installation anywhere
- Easy to Install browser-based configuration and management interface with Quick and Easy setup/VPN wizards
- Optional Website Content Filter Blocking and Anti-Spam Email Blocking (Subscription Required, Sold Seperately)
- TRUSTED BRAND with LIMITED LIFETIME HARDWARE WARRANTY
- FREE TECH SUPPORT / NO SUPPORT CONTRACTS
USG20-VPN – NEXT generation unified security Gateway vpn firewall. Provides an extensible design that enables Service prioritization for data. Design that delivers high availability, scalability, and for maximum flexibility and price/performance. The country of Origin is Taiwan.
6. Sophos XG 125 Rev.3 Next-Gen VPN Firewall Appliance
- Sophos Next Generation Firewall XG 125 (rev.3) is ideal for SMB and branch offices at excellent price-to-performance ratio
- Work with software modules (to be ordered) for the security features.
- Firewall: 6.5 Gpbs, VPN: 700 Mbps, NGFW(IPS+App Ctrl): 1.1 Gbps, AV Proxy: 700 Mbps
- Ports: 8 GbE copper, 2 GbE SFP
- SFP transceivers sold separately Flexi Port Slot: 1 Swappable Components: opt. ext. Power, 3G/4G
- Power Code: EU/UK/US Rackmount kit available (to be ordered separately)
7. Fortinet FG-50E Next Generation (Ngfw) Firewall Appliance, 7X GbE RJ45 Ports
8. Fortinet | FortiGate 30E Next-Generation Network Security UTM Firewall | FG-30E
- FortiGate 30E Base Wired Appliance | FG-30E
- Includes 8×5 Trial Support
- 5 x GE RJ45 ports (Including 1 x WAN port, 4 x Switch ports), Max managed FortiAPs (Total / Tunnel) 2 / 2
- Firewall Throughput: 0.95 Gbps | New Sessions: 15000 | IPS: 300 Mbps | SSL VPN: 35 Mbps
- Dimensions(in): 1.61 x 8.27 x 5.24 | Weight(lbs): 2
9. Zyxel Next Generation Unified Security Gateway with WLAN Controller and 4 LAN/DMZ, 2 WAN, 1 OPT Ports [USG110]
- Includes 1 Year of Anti-Virus (AV), Intrusion Detection and Prevention (IDP), Anti-Spam (AS), and Content Filtering (CF) UTM Services.
- 7 x GbE RJ-45, 2 x USB (multi-WAN and mobile broadband)
- 1,600 Mbps firewall throughput
- 400 Mbps VPN throughput (IPsec/L2TP: 100 Included, SSL: 5 Included Upgradable to 25 Max)
- Comprehensive Anti-malware threat protection with firewall, anti-virus, content filtering,anti-spam,Intrusion detection and prevention, application intelligence and SSL inspection
- Built in WLAN Controller for centralized management of ZyXEL access points
- User-aware policy engine can set bandwith or network access based on user login or using Single Sign On
- Comprehensive Anti-malware threat protection with firewall, Kaspersky anti-virus,content filtering,anti-spam,Intrusion detection & prevention, application intelligence and SSL inspection
Zeal next generation unified security Gateway with WLAN controller and 4 LAN/DMZ, 2 WAN, 1 opt ports [USG110]
10. ZyXEL Next Generation VPN Firewall with 2 WAN, 1 OPT, 4 LAN/DMZ Ports Includes 1-Year UTM Services Bundle [ZYWALL110]
- Multi-core CPUs deliver up to 1 Gbps firewall throughput and 300 Mbps VPN throughput
- More secure VPN connections with SHA-2 encryption
- VPN high availability (HA) with dual-WAN failover and fallback support
- L2TP support for iOS, Android and Windows mobile devices
- Auto-provisioned client-to-site IPsec setup with Easy VPN
- 100 IPSEC VPN Tunnels, 25 SSL VPN Tunnels included
- 60,000 Concurrent Sessions
- IPV6 Support
Best-in-Class VPN and Firewall Throughput
The new ZyWALL 110 VPN Firewall is designed with multi-core CPUs to deliver the fastest VPN and firewall performance on the market. High-speed networking performance up to 1 Gbps firewall throughput and 300 Mbps VPN throughput keeps up with the high bandwidth demands of todays applications without sacrificing security. Designed with completely new and advanced hardware platforms, the new ZyWALL 110 VPN Firewall delivers uncompromising performance for high-speed site-to-site and client-to-site VPN
Safer, More Reliable VPN Connections (100 IPSec / 25 SSL)
Faster processors today have greatly boosted the capabilities of attackers to decrypt VPN tunnels. Legacy VPN encryption algorithms like Message Digest 5 (MD5) and Secure Hash Algorithm 1 (SHA-1) are no longer sufficient to guarantee secured external communications. Supporting the more advanced Secure Hash Algorithm 2 (SHA-2), the ZyWALL 110 provides the safest VPN connections in its class and ensures maximum security for business communications. The ZyWALL 110 VPN Firewall delivers reliable, non-stop VPN services with dual-WAN failover and fallback support. With two WAN connections — one primary and one for redundancy — the ZyWALL 110 VPN Firewall automatically switches to the backup connection should the primary link fail, and automatically switches back to the primary connection once it is back online.
Unlimited Business Mobility
To support dynamic, mobile business operations in today’s BYOD (bring your own device) business environment, the ZyWALL 110 VPN Firewall offer unlimited business mobility with Layer 2 Tunneling Protocol (L2TP) VPN for mobile devices. The ZyWALL 110 supports L2TP VPN on a wide variety of mobile Internet devices running the iOS, Android and Windows mobile platforms.
Zero-Configuration Remote Access
Virtual private networks provide businesses a secure and convenient way of sharing company resources with partners, customers, or employees on business trips. Yet typical VPN solutions are hard for non-technical users to configure, which greatly reduces their usability and convenience. The ZyWALL 110 VPN Firewall features Easy VPN to provide auto-provisioned client-to-site IPsec VPN setup. A wizard is available with the ZyXEL IPsec VPN client software that automatically retrieves the VPN configuration file from the remote ZyWALL 110 VPN Firewall and completes the IPsec VPN setup in 3 simple steps. ZyXEL’s Easy VPN lowers administration effort and allows partner, customers, or traveling employees to access company servers, email, or data centers easily and securely.
Ultra-fast Performance for Tomorrow’s VPN Deployments ZyXEL ZyWALL 110 VPN Firewall
- Multi-core CPUs deliver up to 1 Gbps firewall throughput and 300 Mbps VPN throughput
- 7 High Throughput GbE Ports (2x WAN, 1x Optional WAN/LAN, 4x LAN/DMZ)
- 60,000 Sessions, IPv6, VLAN Support
- 100 IPSec New Generation VPN Security connections with SHA-2 encryption
- 25 SSL VPN tunnels included for easy VPN connection for remote clients
- Multiple WAN load balancing function to increase internet bandwidth capacity
- VPN high availability (HA) with dual-WAN failover and fallback support
- L2TP support for iOS, easy connection of Android and Windows mobile devices
- Auto-provisioned client-to-site IPsec setup with Easy VPN (Using ZyXEL IPSec VPN Client)
There was a problem filtering reviews right now. Please try again later.
Reviewed in the United States on October 30, 2017
during that time from 50Meg to 250Meg.My service provider replaced my modem with a DOCSIS 3 modem and I tested bandwidth
with directly connected PC,The directly connected PC got 280 Mbytes, while thru the USG50 I was getting less than 50.Turning off ADP
got me up to 75Megs.So I ordered this box which advertized 1.6Gbytes through the Firewall.
The Zyxel website seems to offer a service to convert the USG 50 configuration to the 110, but it only really works for USG 110.I was never able to figure out the difference between the two boxes, but USG 110 costs about $50 more.
I was able to setup the 110 by manually coping the settings from the USG50.Which was good, because I cleaned up a lot of settings that were no longer needed.
I have been pleased with the performance of the box.It is showing 280Megs throughput with ADP enabled and only hits 25% CPU during the
This box is probably overkill for personal use, but I work out of my house and I need the unit to nail up a VPN to my corporate network.I also have IP Phones and IP PBX operating behind it.It all just works.
I don't use the Service provider routers as I need much better control.I also utilize advanced features such as VLANs.I also have a lot of IOT and typically have > 60 active IP connected devices (smart switches, TVs, phones, tables besides computers and laptops.)
Reviewed in the United States on January 15, 2017
1. Less noise in my office (except when I need to fire up my sun servers for development work)
2. Less heat being generated in my office
3. Faster download speeds
4. Nice and tidy fit in my server rack
I am happy I purchased the unit and I recommend it to anyone who just wants to get their work done without too much hassle.
Reviewed in the United States on April 7, 2018
I would have been willing to overlook the very difficult to setup and horrible GUI. Had to login via SSH to actually get any work done.
Reviewed in the United States on July 24, 2014
1) Fairly quick initial setup - I was able to plug the router in, and get up and running in 20 minutes or so. Well, almost. My first unit had a defective gigabit Ethernet port that would revert to 10/100 speeds after 3 hours of usage. This didn't impact initial connectivity, however, and a replacement unit fixed this issue (see negatives). The VPN setup is also a bit complicated (somewhat unnecessarily, IMHO - 3 disparate screens just to get the VPN configured - not including user management). But ZyXel tech support was very helpful and even remotely logged into my router and set the VPN up for me. Thanks! Which brings me to my next positive:
2) Free telephone tech support - ZyXel's support staff are based in the US, and their support engineers have been very helpful (to the extent they are able to help - especially given the router's limitations). However, the design engineers are all in Taiwan, while the telephone support staff is in the USA, so I'm not sure how often the two parties communicate to identify / resolve lingering issues.
3) GUI chock full of options - You can configure most (all?) of the router's features using the GUI interface. This is particularly if you're not familiar with CLI configuration (not my case, but worth mentioning). There are a lot of options, and I mean a lot. Not for the faint of heart, but spend enough time and even novices would get used to it. While the interface has a lot of features, there definitely could be some more thought put into the layout. I've often found myself having to click through various disconnected menu options to perform one simple task. But I'm listing this as a positive, since the options are there, and you can call tech support if you're really stuck.
4) Good router performance - at least when it works. I've test the router using QOS, and it does a good job. Much better load balancing than my previous router. While I haven't maxed out the router's throughput, it hasn't choked on my 75 megabit connection. SmallNetBuilder did test the router, however, and found the router throughput to be ~half the rated speed of 1 Gbps. I don't have that kind of connection yet, and by the time I do, hopefully the issue will be rectified by a firmware update.
5) Load balancing wan with fallback - while I never tried this feature, it seems like a nice option to have. But honestly, I think the target demographic (SMBs, homes?) would rarely use this feature, if ever. Regardless, +1 for effort
6) Multiple configurable Ethernet ports - for DMZ, VLANs, etc. Again, a feature I'm not currently utilizing, but nice to have. But given that companies are moving their servers to the cloud, and layer 3 switches do a better job with VLANs and intra-office routing, I'm not sure how beneficial these ports will ultimately be.
1) Crashes . Seriously. Three times in the past 7 months. The router interface froze on me, and locked me out of accessing the VPN, router configuration, or communicating directly with the router in any manner whatsoever. Oddly enough, internet access through the router wasn't impacted, just access to the router itself. I needed to physically reboot the router to restore access. This can be problematic if you're at a remote location (my situation). I had to buy a remote power switch that periodically pings the router and power cycles it in case it freezes. Totally unacceptable, IMHO.
2) Frequent VPN disconnections - I've found the router to frequently disconnect me from L2TP VPN connection. This is especially apparent during peak times. I've read that these issues aren't unique to ZyXel, but other router manufacturers have been able to mitigate these problems somehow. The disconnect issue is particularly bothersome as once you're disconnected, the previous state is locked for a few minutes and you can't log back in until the router drops the connection. This is incredibly frustrating, especially once it start happening more than two times in an hour.
3) No support for multiple remote IPSEC VPN clients behind a single public IP address. To be fair, this issue also isn't unique to ZyXel (something to do with the encrypted connection), but other manufacturers have been able to mitigate this limitation as well. In addition, if a remote user is logged into the VPN, another remote user with the same IP address as the VPN user is completely locked out from accessing the router services - VPN, configuration, etc. This is especially frustrating if you need to remotely modify router settings, and another user from your local LAN (assuming you're sharing public IPs) is logged into the VPN. Here's what I mean:
** Imagine two remote users behind the same public IP address, and the ZyXel 110 at a different location, with both IPSec VPN and router configuration access enabled over the WAN side. One remote user decides to log into the ZyXel 110 using the IPSec VPN. All is good. Then, the second user, using a different computer, decides to access the ZyXel 110 configuration page through the public IP address (not VPN). Denied! Even though the web interface uses a different port (SSL - 443) than the IPSec VPN, the ZyWall can't differentiate the traffic. Same thing happens if two users behind the same IP address try to use the VPN simultaneously.
4) Proprietary 2-step verification - You need to use ZyXel's silly offering - no support for 3rd party tools such as Google Authenticator. Really? Come on ZyXel. Other router manufacturers are on top of this, why aren't you? ZyXel's solution is pricey (you need a dongle) and cumbersome, given that Google's app is free and runs on most smartphones. The free price range also probably best fits the target market of ZyXel's customers - SMBs with limited budgets. I mean, if I wanted faux-enterprise security with a silly little dongle, I'd call Cisco and RSA (NSA?).
5) No support for OpenVPN, GRE routing, multicast tunnel, etc. It's not as though the router and it's fast processor couldn't handle these tasks. OpenVPN is great since it's highly secure and you can specify a port (unlike IPSEC). Certain WiFi hotspots block most ports aside from 80 and a few others, and only OpenVPN allows for custom port numbers to sidestep this limitation. Multicast routing and GRE tunnels have been available on other ZyXel routers in the past, but not with the 110. It's a guessing game when (if?) these features will ever make it to the 110. Ubiquiti Edge Router is only $100, and has supports all these aforementioned features - and more!
6) Infrequent firmware updates - I can't fathom this - especially since the router has some serious bugs. The latest router firmware (as of this writing) was dated in June 2014. Prior to that, it was Sept. 2013. Seriously, almost a year between firmware updates? Come on! It may be because ZyXel's design engineers are in Taiwan and they might not be reading the forums, or have infrequent communication with the tech support staff based in the USA. Whatever the case, one year is too long of a wait.
7) Weird IP address sorting scheme - IE if you click on Sort Ascending (or vice versa), you'll see x.x.x.1, x.x.x.101, x.x.x.2, etc. WTF? since when did 101 come before 2? So silly. Who came up with that logic?
8) No mounting holes underneath case - The manual indicates there are wall mounting holes (one of the reasons I initially bought the router), but that was a pipe dream. There are no mounting holes. At least for my unit (manufactured July 2013). Just a solid back. I guess somebody forgot to tell the factory. Silly factory.
9) Fan Noise - Okay it's not as loud as a laser printer, but it's still loud. Mind you, I have the router in a fairly quiet bedroom where you can actually hear the noise. What I can't figure out is why the fan was needed in the first place: The unit runs fairly cool (at least for the apps I run), and given the ridiculously spacious housing (you could cut off the left 1/3 of the router - it's just air), I'm sure lowering the fan speed, or ditching the fan altogether wouldn't be much of an issue.
10) Faulty Gigabit Ethernet port - I bought my unit in September 2013, and several times my gigabit connection would drop to 10/100 speeds. I tried various cables to no avail. This may have been a manufacturing issue. I replaced my unit and the problem went away, but there are reports of other people having the same issue. Caveat emptor.
11) Power brick - As I mentioned before - the router has a lot of empty space underneath the case. So why ZyXel didn't incorporate the power supply inside the unit is beyond me - but it certainly wasn't for a lack of space. Now, I have to keep track of yet another power brick (especially frustrating when moving things around), and since my unit is rack mounted -I now also need to find a place to mount the brick, as the dinky 2.5mm power connector won't support the brick's weight (it can't just dangle).
12) Logs and Reporting - A serious item of contention for me - especially since other SMB router manufacturers (along with DD-WRT, Tomato, etc) have much better graphical offerings. I found ZyWall's traffic reports to be confusing, and mostly unusable. Let me elaborate:
** Limited traffic statistic visibility - - You can only see a limited subset of current traffic going through the router (20 biggest, or last 20), yet there is a drop down menu that shows 50, 100, 200, as selectable options. I had to read through the fine print of the manual to realize that 20 is the limit. WTF? Why even present a drop down option then?
** No summary charts or data - looking for charts to identify biggest bandwidth users, sites most frequently visited, traffic by interface, period, etc? Ha! Good luck. The only solution I found was to upload the data to a syslog server and use that software to analyze your traffic.
** DHCP IP address binding list- Want to see what addresses have been assigned through DHCP, or which static IP addresses are active on the LAN side? Well, you can only do that if you enable IP address binding, which will block any devices with static IP addresses (unless you manually add them to the MAC table). Even then you won't see which devices are transmitting using static IPs on the LAN. Why this silly limitation? I have no clue. ZyXel, care to comment?
** Log File format - You can upload a plethora of data to a syslog server, but you need additional software to parse through the log(s), which only come in CIF or a proprietary VRPT format. These packages cost money, and most off the shelf CIF packages I encountered didn't support the ZyXel. ZyXel makes its own report analyzer, but that's another piece of software to buy just to get some basic summary data. Plus, it's overkill for most users. Come on ZyXel!
13) Limited USB port functionality - I found the USB port all but worthless. You can use it for only two purposes - Storing logs and connecting cellular modems. That's it. While many routers allow you to connect USB drives and have the router double as a NAS, the ZyWall 110 does not. You can add USB storage but only for log archival purposes. Fine. I have a separate NAS so no love lost. I was, however, disappointed to find that the router can't interface with battery backup units either (or any other peripherals with USB serial ports). My previous $30 cheapo router let me connect my APC battery backup via the USB interface and displayed the UPS status as well as sent me email alerts with any power related issues. I loved this feature as I could quickly monitor my UPS health without having to buy a new (and expensive) IP capable battery backup. I thought this was a basic feature that most routers supported, but the ZyWall 110 does not. In fact, the only uses for the USB ports are the ones I mentioned previously. Given these limited uses, I imagine that most people will find the USB ports utterly useless - just as I did.
14) Limited firewall filtering of IP addresses - Specifically, geographic IP address filtering. It's fairly common for routers in ZyWall's class to block IP address blocks from specified geographic areas (ie, North Korea, Iran, ZyXel Headquarters, etc). Not here. It's possible that ZyXel's other router offerings have this functionality, but definitely not this router.
15) No intelligent detection of Skype / torrent / or other L7 traffic. This is useful for QOS or bandwidth limiting purposes. To be fair, I believe ZyXel's USG offerings have this functionality in some form, but those routers cost a lot more and have subscription fees. With the ZyWall 110, you're mostly confined to shaping traffic using port ranges, which isn't very useful for prioritizing or controlling applications that dynamically assign ports (such as Skype or torrent apps). There are many other routers in the 110's class / price range that have at least some basic L7 functionality, but with ZyXel that functionality requires a different router and costs extra.
All in all, the router has good performance when it works, but given all these limitations, there's a lot to be desired. I paid $360 for this router, but considering its limitations and the issues I encountered, I feel its overpriced. This is especially true when you consider offerings from the competition, particularly Ubiquiti's Edge Router which sells for $100.
Granted, the Edge Router lacks the multiple Ethernet ports, load balancing capability, and the GUI configurability, but its CLI configuration gives it options and flexibility that the ZyWall 110 can't match. The Ubiquiti router seems to mitigate a bulk of my issues above, and it has better performance (firewall throughput, VPN) to boot (according to Small Net Builder)!
It's just my $0.02. For whatever it's worth!
Top international reviews
Reviewed in Canada on October 30, 2018
Reviewed in Canada on January 19, 2017
Similar products rated highly on "User interface"
This shopping feature will continue to load items when the Enter key is pressed. In order to navigate out of this carousel please use your heading shortcut key to navigate to the next or previous heading.
By our suggestions above, we hope that you can found Next Generation Firewall Appliance for you.Please don't forget to share your experience by comment in this post. Thank you!