jetsonx
asked on
When does a hardware firewall become justified?
In a small business setup one server, lets say Server 2008 and anywhere from 4-12 client computers.
When does a hardware firewall (like Sonicwall) become justified?
At what point do you say, "yes, a hardware firewall is needed here"?
I'd agree with rowansmith.
To confirm: I assume that you are talking about the pros and cons of using a hardware or software dedicated firewall, rather than asking if a dedicated firewall is justified if you have a host-based firewall?
To confirm: I assume that you are talking about the pros and cons of using a hardware or software dedicated firewall, rather than asking if a dedicated firewall is justified if you have a host-based firewall?
ASKER
Basically, want to know why do so many small businesses (with sometimes only as few as 6 computers) have a dedicated firewall like Sonicwall or Fortinet?
Define "hardware firewall" and "software firewall".
All software firewalls runs on some kind of hardware, and all "hardware firewalls" runs some kind of firewalling software.
You should always protect yourself against internet and other external parties. What kind of firewall you run is a matter of taste and which functions you need, nothing else.
/Kvistofta
All software firewalls runs on some kind of hardware, and all "hardware firewalls" runs some kind of firewalling software.
You should always protect yourself against internet and other external parties. What kind of firewall you run is a matter of taste and which functions you need, nothing else.
/Kvistofta
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Is a Checkpoint appliance a "hardware firewall"?
Is an iptables-box a "software firewall"?
Both runs as an application on top of linux on a standard PC.
/Kvistofta
Is an iptables-box a "software firewall"?
Both runs as an application on top of linux on a standard PC.
/Kvistofta
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
<pre>
Is a Checkpoint appliance a "hardware firewall"?
Is an iptables-box a "software firewall"?
now your getting into semantics; you ask anyone in the IT field, and most will agree that a checkpoint is a hardware firewall (Dedicated hardware external of a host) and a software firewall is iptables (Mcafee, Symantec) running a host that you want to protect, also called personal firewalls.
Yes, you can argue that a checkpoint is running a firewall application as does a host, but, the hardware tag comes from firewalls that have specialized ASICs specific to DPI.
That is like saying BGP is also a Layer 7 application though it provides layer 3 services; most will argue that BGP is not at layer 7 and is only layer 3, but it is an application on a router (A PC) that listens on a port and sends and receives TCP messages, no different than HTTP and http is at Layer 7. That is also try for a router, does a router only operate at layer 3, no, it is a PC and operates at all layers of the OSI model.
Billy
Is a Checkpoint appliance a "hardware firewall"?
Is an iptables-box a "software firewall"?
now your getting into semantics; you ask anyone in the IT field, and most will agree that a checkpoint is a hardware firewall (Dedicated hardware external of a host) and a software firewall is iptables (Mcafee, Symantec) running a host that you want to protect, also called personal firewalls.
Yes, you can argue that a checkpoint is running a firewall application as does a host, but, the hardware tag comes from firewalls that have specialized ASICs specific to DPI.
That is like saying BGP is also a Layer 7 application though it provides layer 3 services; most will argue that BGP is not at layer 7 and is only layer 3, but it is an application on a router (A PC) that listens on a port and sends and receives TCP messages, no different than HTTP and http is at Layer 7. That is also try for a router, does a router only operate at layer 3, no, it is a PC and operates at all layers of the OSI model.
Billy
Billy: Yes, I am going into semantics, and the reason is simple; my point is that the definition of firewalls (hardware vs software) is outdated and irrellevant. My message to the author is that he/should have a decent firewall with a sufficient level of protection and required features, no matter if it is classified as a "hardware" or a "software" firewall.
And yes, BGP is absolutely L7. And a router operates at all levels while the routing-functionality happens at L3. :-)
/Kvistofta
And yes, BGP is absolutely L7. And a router operates at all levels while the routing-functionality happens at L3. :-)
/Kvistofta
>my point is that the definition of firewalls (hardware vs software) is outdated and irrellevant.
Agreed and well stated!
Agreed and well stated!
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hi jetsonx,
Has your question been answered? Is their any further information myself or the other Experts can assist you with?
Thanks.
-Rowan
Has your question been answered? Is their any further information myself or the other Experts can assist you with?
Thanks.
-Rowan
ASKER
Guys, thank you for all that excellent information.
Yes, I have been a victim of "exceptionally good marketing" by firewall vendors and was always under the assumption that just because its a hardware device it must be better in some way...
>>>Many hardware firewalls are just running a hardened version of Linux.
- excellent comment, lamalaney
>>> dependent on your expertise and budget.(Sysexpert)
- very important point - the best firewall in the wall in the wrong hands will be useless!
>>> while an appliance is usually fairly easy to set up.(Sysexpert)
- I thought software would be easier to setup?
>>> while an appliance is usually fairly easy to set up.(Sysexpert)
>- I thought software would be easier to setup?
This depends on the firewall software - some are easier than others, and the dedicated firewalls or applicaes may be easier than an add on.
Also your own expertise comes into play, If you are already a linux Guru, then many firewalls may seem easier to set up ..
>- I thought software would be easier to setup?
This depends on the firewall software - some are easier than others, and the dedicated firewalls or applicaes may be easier than an add on.
Also your own expertise comes into play, If you are already a linux Guru, then many firewalls may seem easier to set up ..
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
I manage software Firewalls for organisations with 1000's of users.
I manage hardware Firewalls for organisations with 1000's of users.
Unless you are talking about Gigabits of throughput, 100Mbits of VPN then the Hardware vs Software debate comes down to: ease of use, return on investment, features and $$$$
For the number of users you are talking a software Firewall would perform equally with a hardware Firewall.
-Rowan