We help IT Professionals succeed at work.

Hardware & Software Firewall combo - will it work in tandem?

Last Modified: 2010-04-09
Hi All

I have a software firewall and i am now implementing a hardware firewall.

Is it possible to have one working off the other (i.e. Internet connection - Hardware Firewall - Software Firewall - LAN)

All the lan PCs connect through the software firewall (transparent proxy) to connect to the internet.

The idea is that the hardware firewall can host VPN connections and better beef up security - whilst the software firewall contains the port forwarding rules and content filtering.

PLEASE HELP - as i cant seem to get it to work properly!
Watch Question

You can set up two firewalls to work together no problem. The only thing to watch out for is your NAT/PAT settings
Remember that any incomming port forwarding rules (from outside to inside) will need to be setup on the firewall that connects to the internet - content filtering and transparent proxy should work fine on the other firewall - but I would probably make sure there is no NAT on the firewall closest to the clients. Do your NAT (Hide nat) and port forward on the one connected to the internet.
Tell me a bit more about the setup and I will try to help.

i would not recommend running 2 firewalls at he same time.  this will just cause problems and confusion down the line.  it is best that you stick with the hardware fireall and for your workstations you should have a decent antivirus program without a software firewall,  i would also disable the windows firewall.  this one always creates issues.  to properly disable the windows firewall, you need to go into services and manually disable it.   disabling it in the network connections GUI does NOT disable it

I dont think this is a software firewall on each client - it says transparent proxy so im guessing its a linux box or similar with two net cards
Theres no reason that cant work before another firewall - I have seen lots of setups like this and I totally understand not wanting to reconfigure all the content restrictions etc
maybe BAFP can clarify the exact setup (what the transparent proxy is and how it is configured)

true.  i just find have redundant firewalls can cause unwanted issues


Hi All

Thanks for your input.

Richy92 you are right - i have a software firewall - kerio winroute firewall running on windows server 2003. It has all my definitions, traffic rules, port forwarding and content blocking etc..

The transparent proxy works to enable the content blocking and thats all.

The only reason i need a hardware firewall is so that i can get IPSEC vpn tunnels created so that i can get tele-works to connect to the lan and use VOIP (the VOIP needs IPSEC VPN Tunnels).

Ideally i would connect the hardware firewall and the software firewall would go behind that.

I will try out your suggestions and post my results here!

Thanks for all your help!

You can definately set it up like that if you wish - if you get stuck I will try and help

client > software firewall > hardware firewall - make sure any NAT / PAT / EXternal IP's are all on the hardware firewall - leave the software one to do the contant filtering /proxy



Hi Richy

I have tried it out now. The problem i have as both the NICS are on the same network so to speak the firewall doesnt understand or know which request to use where. i.e. send a web request to the LAN or the WAN.

Any ideas?


sorry i click submit before i managed to finish what i wanted to say.

If i kept the firewall IP as
IP address of the NIC (on the software firewall) connecting to the firewall as
IP address of the NIC (on the Software Firewall) connecting to the LAN as

it all works fine.

The question now is - how do i get the VON Clients to see the LAN as i presume when they come in their IP will be 192.168.1.xxx
Unlock this solution and get a sample of our free trial.
(No credit card required)


Hi Richy92

Thanks for all your help - i got it working finally!

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.