Although stateful packet inspection is a fully mature and stable concept in network security, the firewall market itself is not at all static. The steady evolution toward unified threat management (UTM) is producing products with broad feature sets. Although still network edge firewalls, most include VPN, anti-virus, anti-spam, content filtering, intrusion detection and more.

This is an interesting shift, since even last year we saw a definite divide between enterprise-class firewalls and separate, best-of-breed content filtering. While many customers will still deploy their defenses in this way, some will prefer the UTM approach. Firewall manufacturers have had to move quickly to keep abreast.

In testing, we looked for enterprise features such as VLAN support, quality of service (QoS) and VoIP, and were pleased to see that most devices being tested provide bandwidth limit or QoS support.

We expect to see more edge devices offering fully capable traffic prioritization, class-based queues and bandwidth limits to ensure that business-critical traffic is not only filtered, but guaranteed at least a working minimum of operating bandwidth.

BEST BUY
Product:
TSP 7300 
Vendor: Secure Computing Corp. 
Verdict: Solid performer that shows the strong CyberGuard pedigree.
Website: www.securecomputing.com 

RECOMMENDED
Product:
Astaro Security Gateway 
Vendor: Astaro  
Verdict: A very strong all-round performer. 
Website: www.astaro.com 

Product: FortiGate-1000A 
Vendor: Fortinet 
Verdict: Good firewall with plenty of filtering capability. 
Website: www.fortinet.com