I read about people regularly using and setting up Pfsense or OPNsense in production environments, but it seems that NGFW is really a thing in these contexts these days, especially because of the TLS inspection and antivirus features.
What are your thoughts on NGFW firewalls? Is it really that important now?
Thanks
Through lots of marketing by firewall companies and based on how much it did matter in the past, people tend to over index on just how effective firewall security is here in 2025. Firewalls can block tor nodes and known bad IP’s which is why modern threat actors use things like Cloudflare tunnels and other well known & hard to block services.
Most modern attacks are focused on stealing identity either user & pass or session tokens from the endpoints via phishing. With many clients having laptops and a hybrid work policy they won’t always be behind that firewall which is why strong monitoring and controls of that endpoint are critical.
If you are doing modern security here in 2025 then your most important perimeter is identity.
So, you’re telling me that we can do without NGFW firewalls, like Palo Alto o Fortigate, in production environments if the local machines have already good protection, and I would add, if users know what they are doing?
Thanks
NGFW is a marketing term. You can setup pfsense to block things like tor sites and use tools that harden and monitor endpoints against threats. You can also use a SIEM platform to collect data from pfsense and the endpoints to give you visilbity into what happened when there is an incident.