IP address and Port Filtering

What is the best (cost effective & easy to implement) solution to filter IP address & ports in Private WAN (not connected to Internet)

1. L3 switch
2. Router
3. Firewall
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

For software - Firewall

however router has more options and greater security
ArifnorAuthor Commented:
What do you mean "for software - firewall" - you mean application firewall?
Can you explain further on router - more options & greater security.

BTW, I want a comparison & justification (reason) for choosing either one of that.
He means for a software solution, use a firewall.  A router has more options and greater security because of the inherent features of a router.  With most routers you can deny traffic from certain ip's, from certain ports, and etc.  This being because it is the "gateway" between the internal network and its access to the outside world.  Everything the person does when connected to the router that's accessing outside sources needs to go through the router, thus you can apply filters on the device that will check the packets before they leave or enter your network and then apply your filters accordingly.  They offer greater security because it has one public IP address.  So in order for the attacker to get to you they'd have to first take gain control of the router, in your average case, which is only one device you have to lock down instead of worrying about the people connected, in order to communicate with the internal address/computer.
Webinar: Miercom Evaluates Wi-Fi Security

It's not just about Wi-Fi connectivity anymore. A wireless security breach can cost your business large amounts of time, trouble, and expense. Plus, hear first-hand from Miercom how WatchGuard's Wi-Fi security stacks up against the competition in our upcoming webinar!

As for your other wants, cost effective & easy to implement, I would go with a router over the layer 3 switch.  You can usually pick routers up on the cheap and there are a lot of things layer 3 switches just will not communicate with.  So implementation for some things, depending on what you're working with, may get complicated and/or require other hardware.
ArifnorAuthor Commented:
Hi all,

Thanks. You guys recommend router. It filter IP address - I have no doubt, but how about ports?
But I still did not get it when you said  "He means for a software solution, use a firewall".
Oh, a router is a hardware firewall.  I believe he meant if you're looking for a software solution, just your average software firewall.  Anyway, routers have filters that you can set for ports as well as ip addresses.  This feature is called port filtering (different routers, different names, however this is the most vivid description).  Here's a little image of a sample in how it works in your average Linksys router: http://www.dslreports.com/faq/12153.  It's rather simple, yet effective for what you need.  Allow/deny x port/service at y time or z day.  If you need to set more strict policy or just want more to play around with, you'll be looking at a more corporate type of router, which will cost you more and the complexity level for implementation will rise.  Here's a full description of how the feature is set with a Cisco router for port filtering (or in there terms setting an ip access list/ACL): http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00800a5b9a.shtml.  In the end, low cost, low complexity of maintenance and implementation, and need for typical port filtering features, go with Linksys (my opinion as it is my favorite of the in-home routers).

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ArifnorAuthor Commented:
Thanks. With the examples given it does help in the understanding.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.