In contrast, Barracuda NG Firewall and Fortinet FortiGate both allow you to define multiple policies, and bring each policy into play on a rule-by-rule basis. The NG Firewall and FortiGate are more flexible, but there's a price to be paid -- you don't have very good policy creation and management tools, which means that making more than one policy can turn out to be just aggravating.
If you think your IPS management will be a "set it and forget it" style where you define rough categories you want to enable and then never look again at the logs or the configuration, you'll be happy with any of these products.
When we turned to the IPS reporting interfaces, we found a clear winner in Check Point's Security Gateway when combined with the optional SmartEvent analyzer. Check Point's winning combination offers an easy-to-understand way to view IPS events, understand what is happening over time, and to drill-down into individual events and supporting evidence for each event. From the SmartEvent analyzer, we were able to jump directly to the IPS policy, enabling or disabling signatures or adding exceptions.
If you are thinking of replacing your standalone IPS with a next-generation firewall containing an IPS, and want to have the same level of reporting and analysis that a standalone IPS gives you, Check Point Secure Gateway with SmartEvent analyzer leaves the other devices far behind.
Second place in IPS reporting goes to SonicWall, when combined with their optional Global Management System. Fortinet FortiGate and Barracuda NG Firewall both were in our labs without separate reporting systems, leaving only the on-box analysis tools. FortiGate offers a nice slate of on-box IPS reporting features including some drill-down capabilities, but didn't do as good a job of presenting IPS information as either SonicWall Global Management System or Check Point SmartEvent analyzer.
Overall, the next-generation firewall closest to a standalone IPS in its visibility and policy management capabilities is Check Point's Security Gateway (but only when combined with the SmartEvent analyzer).
If you just want a set-it-and-forget-it IPS, Fortinet barely edged out SonicWall and Barracuda by bringing in a higher catch rate in our Mu Dynamics' IPS vulnerability coverage tests.
Sign up for Computerworld eNewsletters.