I have been impressed with SonicWall in the past, and
I have not had any bad experiences yet with WatchGuard.
These things are at least 3 years old, and I expect the
market to have changed during that time.
Forget Cisco. I can’t imagine why anyone would recommend the PIX/ASA. If you love Cisco access-list syntax and want unintuitive global/static commands and interface behavior that differs depending on a numerical value, ASA is for you! Oh, also a web interface that inserts random numbers in address objects, making for CLI administrators that loathe the web people.
Personally I think it comes down to Palo Alto or Juniper SRX as the best these days. I personally prefer SRX because it’s an awesome router underneath as well (basically the greatest hits of Netscreen applied to JunOS) but Palo Alto probably has an easier learning curve and more layer-7 inspection built-in.
Many of the people recommending Cisco have a vested interest in maintaining Cisco market share due to their Cisco certifications. Don’t get me wrong, Cisco has some excellent products. ASA is not one of them.
Fortigate and Juniper’s SRX are my personal favourites for ease of configuration, simple upkeep and reliability.
I’m gonna go with what a lot of others on here have said, go with an upgrade from Sonicwall.
Plus side is because it’s an upgrade installation, with the serials of your old boxes (Sonicwall and otherwise) you’ll get 2 years of total secure for the price of 1 typically, and depending on your deployment size, may get a better deal even than that.
Their app-aware stuff in the latest gen boxes is AWESOME, and if you couple that with GMS for centralized monitoring and management, you’re sitting pretty.
Are you looking to stay around the Sonicwall and Watchguard prices? If you’re okay with spending more, I’d look at Palo Alto.
If all you need is a solid stateful firewall, the ASA is a safe bet. If you’re looking for a full UTM-type solution, definitely check out Palo Alto.
Check Point is very popular.
We switched from Watchguard to Cisco about 3 years ago and haven’t looked back once. I would say with them coming out with UTM based things it’s the best time ever to switch. Just my 2 cents.
CIsco gear is overrated, mkay. If I can find an easier to manage FW then I will, cuz it’s less time spent messing with shit. Even if it’s a Netgear FVX538, which I have at one location…choke
What features are you looking for in a firewall? I know Sonicwall has a bunch of built in scanners that work well IMO (as long as you’re willing to buy the subscriptions). MikroTik equipment is great, and I prefer the way their firewall works.
As someone who worked for a MSSP where I did nothing but configure/troubleshoot Firewalls/UTMs (from various vendors)for 8-10 hours a day for 2 years, let me chime in.
I would say in a truly “next generation” firewall, you want something that is “application aware”. Ports mean very little these days. (in terms of security). The Leaders in this I would say are Palo Alto, SonicWALL, Checkpoint and Fortinet. Cisco, is non-existent.
You said you have a SonicWALL? What Model? 3 years old is not that old, unless you’re running the previous generation equipment. The brand new generation (NSA line) are quite good. Upgrading them from the legacy generation (PRO line) is a huge upgrade. SonicWALL is often a leader in the latest features, if you’re comfortable with them and have a legacy device, I’d recommend continuing to use them.
If I was starting from scratch, I’d go with Palo Alto, however, I find that their platform is less mature at this point (although amongst the bleeding edge).
Keep in mind, besides hardware, you have to pay all the licensing fees, none of these devices do all the cool Application/UTM services for free on base hardware.
Checkpoint is great stuff nice easy to use & very flexible your can use your own tin or get an appliance, also basic training is cheap
in my experience, Checkpoint and ASAs are the most prevalent in larger businesses
I have Meraki banging down my door trying to get me to switch all of my clients off of Watchguard and Sonicwall. It also comes down greatly to price. Watchguard has pretty much everyone beat.
Ok. Short list. PFSense, M0n0wall, untangle, PF. All useful 
Someone is downvoting all the Checkpoint recommendations… perhaps Palo Alto reps?
I love Stonesoft Stonegate, maybe more of an enterprise solution though. They’ve easily the best management server for managing many firewall nodes, policies etc.
If you are going to deploy multiple firewalls, and have multiple “firewall administrators” running the show, I’d go with Stonegate.
This based on working with Checkpoint for 10+ years. Working with Juniper SRX (all CLI there though, can’t comment on their NSM, as last time I used that pile of garbage, was just when Juniper had rebranded the Netscreen firewalls, things might have changed a lot? ). Though, I am still not too fond of the Juniper SRX firewalls. Don´t really buy the “zone” thinking, then again, that might be a pebkac issue, and they do some things a bit backwards when it comes to policy, NAT and “routing” from my experience.
ASA isn’t terrible, it’s just fairly limited. OP really needs to give us the use scenario before anything can realistically be suggested. Skill set of the engineers and size and type of deployment are key.
Office firewall with UTM? Palo Alto or Checkpoint.
High-Speed Datacenter where UTM is not an issue? Fortigate, Checkpoint or ASA.
Running a lot of routing or VPN termination? Juniper
Every one of these products have their faults and graces.
Another vote for Juniper. Never tried Fortigate. Tried Cisco way too much.
That just means you bought a Sonicwall that was not powerful enough for your bandwidth needs. Don’t see how that is an issue with the SonicWALL platform itself.
Running full Deep-Packet-Inspection is an intensive task for every single vendor out there. Happy to hear that banks are turning off network security services though so they can download things faster…
Yes! Mikrotik kicks ass… so few people know about them. They’re a great bargain with amazing functionality.