This week’s question was asked by mdegges - What is the difference between $200 and $1,000+ firewalls?
This sparked some interesting discussion, as well as making me think quite deeply about it. In general, like many other IT people, I see enterprise level firewalls in my day job and run cheap SoHo firewalls for my home network and while it makes sense at these two extremes that there would be cost differences, what are the actual differences in practical terms?
tylerl flagged the two most important differentiating factors for an enterprise, and they aren’t even security features
In addition Paul listed the number of concurrent connections as a third factor. Again, this is not a security feature.
For an organisation with thousands of connections or large data flow this makes perfect sense – you can’t allow the security device to become a bottleneck which hampers your business.
So does this just mean that you are paying for the firewall to be faster?
No – there is more to it than that:
SoHo firewalls tend to be very simple – applying rules based on source or destination address, port and protocol, sometimes with some intelligence around matching responses to requests, whereas enterprise-grade firewalls often have deep inspection capability. tylerl gave some good comments around this functionality.
Paul also described the different frameworks – with home firewalls usually being single function devices, and enterprise firewalls providing multiple features dependent on licence, including IPSec, VPN etc.
David also pointed out a final factor that is very important for large organisations – availability. So firewalls at this level need to have High Availability or cluster capability to minimise downtime.
As a quick summary then, the difference is mostly about speed, with a few extra security capabilities.
If you have more information on other differences, please add an answer of your own over on http://security.stackexchange.com/q/9409/what-is-the-difference-between-200-and-1-000-firewalls