Solved

IPtables vs commerical firewall

Posted on 2012-12-28
3
1,121 Views
Last Modified: 2013-01-04
Can anyone tell me the advantage of a commercial Firewall to IPtables?

I understand some of the commercial Firewalls have the ability to block at the application level (facebook, etc).  Besides this, I am clueless.  Thanks.
0
Comment
Question by:NYGiantsFan
3 Comments
 
LVL 10

Accepted Solution

by:
Purple_Tidder earned 250 total points
ID: 38728108
Commercial firewalls typically come with tons of extra stuff that are actually useful.  Off the top of my head, uPnP is a nice one, built in VPN servers, logging, DHCP serving, DNS serving or proxying, etc etc etc.  Don't forget a lot of them come with fantastically simple WebGUIs for configuration.  Most of the higher end commercial routers come with diagnostic tools built-in as well.

IPtables is really just a basic no-frills firewall.  Of course most all the options above could be added to a linux machine running iptables but I would not trust myself to not leave huge security holes when trying to configure it all myself.  I believe this is what Untangled OS (based on Debian iirc) is focused around.

If your concern is cost, look up pfSense.  It's everything you'd probably ever want in a commercial firewall, but free and open source, based on FreeBSD.

Oh, and the big one.  Some commercial firewalls have the ability to subscribe to updates for things like AV scanning or content filtering.  I believe Sonicwall and WatchGuard products can do this.
0
 
LVL 8

Expert Comment

by:amatson78
ID: 38729302
For an opensource solution i also highly recommend iPFire. It is a very good nix based firewall and more Including proxy, content filter, etc.
0
 
LVL 12

Assisted Solution

by:DarinTCH
DarinTCH earned 250 total points
ID: 38733919
so you could learn and perfect many avenues of security- AV - IDP- Filters and then update them on a daily basis

or you but something like a Juniper SRX Firewall that does Routing and Switching and FW
and it updates the AV
and runs filters for older attacks
and can run IDP/IDS system
and simplifies the config, mgt and maint with either a 'Slow' gui
or a solid command line

and you can cluster them

can you physically achieve a similiar level - maybe - but I do not have the time or the $ to afford to stay on the VERY top of these issues - when someone else does it for me - very well and costs less in the long run

and yes some of the newest gen controls up to layer 7 and monitor the application and the traffice designated for that application...
like Palo Alto FW
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A few customers have recently asked my thoughts on Password Managers.  As Security is a big part of our industry I was initially very hesitant and sceptical about giving a program all of my secret passwords.  But as I was getting asked about them mo…
Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
Need to grow your business through quality cloud solutions? With everything required to build a cloud platform and solution, you may feel like the distance between you and the cloud is quite long. Help is here. Spend some time learning about the Con…
A company’s greatest vulnerability is their email. CEO fraud, ransomware and spear phishing attacks are the no1 threat to a company’s security. Cybercrime is responsible for the largest loss of money to companies today with losses projected to r…

929 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now