Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Hardware firewall Recommedations

Status
Not open for further replies.
mattKnight

mattKnight

Programmer
May 10, 2002
6,225
GB
I am looking for a HW fw to protect Terminal svs network (up to 100 clients). There is no requirement for VPN or any inbound traffic.

Watchguard is a possibilty, but I haven't heard any good things about them

Any other suggestion - I'd even consider arguments for a software based firewall (smoothwall or similar)

thanks for the thoughts

Take Care

Matt
If at first you don't succeed, skydiving is not for you.
 
Sort by date Sort by votes
This thread is somewhat old, but do people really consider smoothwall to be a software firewall? I mean, sure it's not proprietary as it runs on just about all equipment but it is hardened just as much as most hardware firewalls. I guess the difference is, one is open source and the others are completely locked down. With open source, you don't have to worry about subscriptions and whatnot, plus frequent updates from the community. But, you do pay for what you get and you end up with some pretty nice features from places like Watchguard. I'm running an IPcop box and I would consider it to be just behind some major firewall vendors. I'm interested to find out what other people see as the true definition between hardware and software though.
 
Upvote 0 Downvote


I didn't know you could play solitaire on Smoothwall... I'll give that a try! ;-)



A smile is worth a thousand kind words. So smile, it's easy! :)
 
Upvote 0 Downvote
mmmmmm........

...so you have to actually add some software to smoothwall to make it play solitaire..?

I wonder if you could add software (by flashing the bios etc) for a 'hardware' firewall to do the same...

I bet you it can be done... ;-) Makes you wonder what the difference is, doesn't it ?

mmmmmm........

Excuse my sarcasm in my initial post and above... I'm very familiar with linux and it's capabilities as an OS, I was simply pointing out the fact that hardware with an inbuilt 'OS' such as Cisco's IOS or any other bit of hardware that processes 'machine code' in any manner is really hardware running software. So I think the differences between a 'software' firewall implementation (or appliance) like smoothwall/m0n0wall and a 'hardware' firewall running its own OS software become a little grey and blurred.. to the point that at the level of abstraction the terminology is being used they are identical.

However, not to be confused with a 'software application' firewall such as Mcaffe, Symantec/Norton, etc etc. These 'applications' are not dedicated machine/software combo's, they are in fact 'part' of another system that has many other objectives too. Like playing solitaire... And these apps usually work on higher levels of the OSI model in comparison to a stateful packet inspection firewall (e.g. a 'hardware' firewall).

The point is that you shouldn't assume that 'software' is only the stuff that runs on the desktop for the user...


Thus a hardware firewall is in fact using software and hardware... and has it's own 'bespoke'/'proprietary' OS (e.g. Cisco IOS).. how different is that to a piece of hardware running a bespoke OS (based on Linux, but isn't the OS you would find on a Debian, Fedora Core or Ubuntu distro) with additional system software, that together form the firewall ..?

Both are dedicated hardware and software to perform the role of a firewall. But both are significantly different from the desktop firewall that is so readily assumed as the meaning of a 'software' firewall.

Having said that it is worth noting that enterprise class 'hardware' firewalls are usually a better choice for enterprise usage, I'm not convinced that £/$ for £/$ a h/w firewall offers better performance than a system software firewall appliance like smoothwall/m0n0wall etc (never tested to that degree so cannot confirm), however, being a single unit with usually better support from the vendor, it is a 'safer' choice, for maintenance, support, DR and the like. If you don't mind building your own, and maintaining the hw separately from the sw then don't disregard '(system) software' firewalls. (Forget about desktop firewalls as a reasonable first line defence for a network!).

But for sure the system software firewall can make use of plenty of old hardware and be a pretty powerful standalone firewall unit at a very low cost for initial implementation, just be careful of the TCO if this is for business use, as support/maintenace fees & risk management costs will probably increase.

Nokia have some pretty good, heavyweight enterprise class firewalls, and Cisco obviously offer some good options too.

But just a thought..

A smile is worth a thousand kind words. So smile, it's easy! :)
 
Upvote 0 Downvote


I think you missed my point, but nevermind.



A smile is worth a thousand kind words. So smile, it's easy! :)
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

sara1995
  • Locked
  • Question
IDS vs Firewall vs WAF for protect website against dos attacks
Replies
1
Views
351
mattKnight
mattKnight
brokenhalo
  • Locked
  • Question
Open Source reverse-proxy/firewall
Replies
0
Views
73
brokenhalo
brokenhalo
iolair
  • Locked
  • Question
Firewalls
Replies
8
Views
126
iolair
iolair
GKChesterton
  • Locked
  • Question
LAN, Internet filtering, 'walk-away' firewall solution
Replies
1
Views
58
pansophic
pansophic
VmanDev
  • Locked
  • Question
Windows Server 2008 Firewall with multiple NIC interfaces
Replies
3
Views
113
North323
North323

Part and Inventory Search

Sponsor

Back
Top