The Word Firewall Is Doing a Lot of Work
Every SASE platform now advertises a cloud firewall. The label is on every data sheet. But Firewall as a Service ranges from a genuine next-generation firewall delivered from the cloud all the way down to a lightweight access-control list wearing an NGFW badge.
The difference is not academic. If you are retiring on-prem firewalls, the cloud replacement has to match the policy granularity, threat inspection, and protocol coverage your security team already relies on. A gap here is not a missing feature, it is traffic your old firewall inspected and your new one does not.
So we ran 8 SASE vendors through 5 specific FWaaS checks: full L3-L7 application control, real-time IPS/IDS, DNS security and tunneling prevention, roaming policy enforcement, and custom rule criteria. The headline: the basics are solved everywhere, and the real separation comes down to just two checks.
