Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!
Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!
Act now. This offer ends July 14, 2017.
Course Of The Month
2 days, 7 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
IPtables vs commerical firewall
Posted on 2012-12-28
Can anyone tell me the advantage of a commercial Firewall to IPtables?
I understand some of the commercial Firewalls have the ability to block at the application level (facebook, etc). Besides this, I am clueless. Thanks.
I understand some of the commercial Firewalls have the ability to block at the application level (facebook, etc). Besides this, I am clueless. Thanks.
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
3 Comments
Commercial firewalls typically come with tons of extra stuff that are actually useful. Off the top of my head, uPnP is a nice one, built in VPN servers, logging, DHCP serving, DNS serving or proxying, etc etc etc. Don't forget a lot of them come with fantastically simple WebGUIs for configuration. Most of the higher end commercial routers come with diagnostic tools built-in as well.
IPtables is really just a basic no-frills firewall. Of course most all the options above could be added to a linux machine running iptables but I would not trust myself to not leave huge security holes when trying to configure it all myself. I believe this is what Untangled OS (based on Debian iirc) is focused around.
If your concern is cost, look up pfSense. It's everything you'd probably ever want in a commercial firewall, but free and open source, based on FreeBSD.
Oh, and the big one. Some commercial firewalls have the ability to subscribe to updates for things like AV scanning or content filtering. I believe Sonicwall and WatchGuard products can do this.
IPtables is really just a basic no-frills firewall. Of course most all the options above could be added to a linux machine running iptables but I would not trust myself to not leave huge security holes when trying to configure it all myself. I believe this is what Untangled OS (based on Debian iirc) is focused around.
If your concern is cost, look up pfSense. It's everything you'd probably ever want in a commercial firewall, but free and open source, based on FreeBSD.
Oh, and the big one. Some commercial firewalls have the ability to subscribe to updates for things like AV scanning or content filtering. I believe Sonicwall and WatchGuard products can do this.
For an opensource solution i also highly recommend iPFire. It is a very good nix based firewall and more Including proxy, content filter, etc.
so you could learn and perfect many avenues of security- AV - IDP- Filters and then update them on a daily basis
or you but something like a Juniper SRX Firewall that does Routing and Switching and FW
and it updates the AV
and runs filters for older attacks
and can run IDP/IDS system
and simplifies the config, mgt and maint with either a 'Slow' gui
or a solid command line
and you can cluster them
can you physically achieve a similiar level - maybe - but I do not have the time or the $ to afford to stay on the VERY top of these issues - when someone else does it for me - very well and costs less in the long run
and yes some of the newest gen controls up to layer 7 and monitor the application and the traffice designated for that application...
like Palo Alto FW
or you but something like a Juniper SRX Firewall that does Routing and Switching and FW
and it updates the AV
and runs filters for older attacks
and can run IDP/IDS system
and simplifies the config, mgt and maint with either a 'Slow' gui
or a solid command line
and you can cluster them
can you physically achieve a similiar level - maybe - but I do not have the time or the $ to afford to stay on the VERY top of these issues - when someone else does it for me - very well and costs less in the long run
and yes some of the newest gen controls up to layer 7 and monitor the application and the traffice designated for that application...
like Palo Alto FW
Featured Post
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Cybersecurity has become the buzzword of recent years and years to come. The inventions of cloud infrastructure and the Internet of Things has made us question our online safety. Let us explore how cloud- enabled cybersecurity can help us with our b…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash"
After Shake : http://www.videocopilot.net/presets/after_shake/
All lightning effects with instructions : http://www.mediaf…
Suggested Courses
Course of the Month2 days, 7 hours left to enroll
718 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.