Software Firewalls





Software firewalls, also known as host-based firewalls, provide a layer of software on one host that controls network traffic in and out of that single machine. Most operating systems now include firewall software, but many available software firewalls include central distribution, antivirus systems and disaster recovery.

Share tech news, updates, or what's on your mind.

Sign up to Post

Hello - we upgraded from a 5510 ASA to a 5516 recently.  On our old 5510, the home page of the ASA would present the ASDM tool.  the 5516 does not do this.  After spending an hour reading the Getting Started guide and online, I find lots of information about how the ASDM works - but hardly any help on how to actually launch the tool.  Need some help from the experts.  thanks
Get 15 Days FREE Full-Featured Trial
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

We are looking to confirm some settings on ClearOS 6.9.0 Professional installed on a HP ML310 with multi NIC card installed.

It is currently working fine but the customer site is moving location at the weekend and also changing WAN provider. We currently have the following setup on the ClearOS login from the console (Example IP used)

eth0 external - static - (Link Yes)
eth1 lan - static - (Link Yes)
eth2 external - Static - (Link Yes)
eth3 external - Static (Link No)
eth4 external - Static - (Link Yes)

On eth4 which is physically connected x2 to the router - we can see the following config

Role - External
Connection Type - Static
IP Address -
Netmask -
Gateway -

We would like to confirm that
1. The new WAN provider will supply new gateway address (router)
2. We will supply IP address on same LAN as GW address as above
3. SNM will stay the same or as advised by WAN provider

Do we need to change any other networks for the internet route to work? Everything is staying as is, we can see that Eth3 is not connected but do any of the other networks need to know about the changes to the WAN/External change.

We do not have any previous experience with ClearOS, we have used SonicWALL before and presuming that the concept is the same. The CLearOS login on the console does not show an awful lot, neither does the CLI.

Any suggestions from ClearOS…
Hi Experts,

I am currently looking for a managed, software or hardware firewall option for a business grade internet connection and WAN. I don't know much about firewalls beyond what is available on your average home computer and I am a little unsure where to start.

Please can you tell me your thoughts on what is best for a business.

If I were to purchase a unit, is this something that can easily be learned, administered and managed in house or is this something that requires a real specialist?
Should I use a software, hardware firewall, or a managed offering?
What sort of costs can I expect for a reasonable solution?
What should I look out for?

Any expert advise would be most appreciated.

Thank you

Abstract Network traffic is volume of data moving across the system at any given time. The traffic encapsulates in packets to provide load, it effect organization network resources by assisting to ensure good quality in service. Data is important resources of any business organization; its security
I plan to move somewhere where Google FIber is offered and host a website using a server I bought.

I'm reading three books on Ubuntu Server, and I'm assuming I should buy a business firewall.

Can someone explain how they work compared to software firewall, if you should run both, and link to some possible products that would be good for a web server.


Expert Comment

by:Pierre Ammoun
Where can I find basic guidelines to "educate the users" on being careful about malware ransomware ?

Author Comment

by:Alix Postan
Hi Pierre! That's a great question! Here are some links to some articles that I think would help educate users about being careful about malware:

1) 7 Things About Information Security Your Boss Wants to Know:

2) 7 Tips for Dealing with Internet Security Threats:

3) 5 Best Security Blogs You Should be Reading:

Hope that helps! Let me know if you need more articles!
Is there a way to block an entire folder including the .exe everything inside a folder from connecting to the internet? If Windows 10's Firewall can't is there another Firewall that can?
I have a group of PCs in a domain environment that we want to lock down except for a few applications.  I am using Group Policy to configure firewall exceptions to allow these applications to work.

One of the allowed applications is Outlook.  We have a CASARRAY, and currently when I try to access Outlook it says that Exchange is offline and won't let me configure a new account.

In the GPO, I have rules configured for DNS & AD Domain Services.  For Outlook I created a rules that allow access to the CASARRAY with the following:

3268/TCP (LDAP GC)
88/TCP/UDP (Kerberos)
135/TCP (RPC netlogon)
443/TCP (SSL)"

"TCP End Point Mapper (TCP/135)
Dynamic RPC port range (6005-59530)"

I am still unable to configure Outlook.  What am I missing?  Is there a different approach I should be taking?
I have a Windows 7 PC that we are trying to lockdown.  I have a group policy that puts a firewall rule in place to only allow 2 IP addresses to initiate RDP connections.  We have tested this successfully from the 2 IPs while all others are denied.  When the PC reboots, they 2 IPs can no longer RDP to it.

So far, the only thing I've found that will reestablish the ability to RDP from the 2 IPs is to remove the PC from the domain and re-add it back in.

Any suggestions on the cause and possible resolution?

I had this question after viewing Wifi issue with asa 5506.

How to you return from AP>. Prompt to the asa prompt (cisco asa> )?

I sessioned into the cisco 702 AP but can't get out it
Free Tool: Port Scanner
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

hello , i need allow skype on sonicwal and block all proxy and signature id 5 or 7 . Is it possible.
Recently we added a new TPG IPVPN Connection (MPLS Network with Hosted Firewall) to eth2 on our watchguard but cant get it to work properly (see attached picture)

For some reason i cannot ping any Sydney LAN IP Addresses (on network) from QLD Office to Sydney Office.

What do i need to enable / configure on the wathguard so i can ping internal lan addresses from qld office ?

QLD Office LAN is on network.
Sydney office LAN is on network

From QLD office I can ping,,, OK, but if I try to ping the Watchguard LAN IP Address or another device in the same Sydney network from QLD Office it times out. Any ideas ???

Sydney Office Watchguard Configuration is as follows:

I have 3 interfaces setup on my Watchguard x750e firewall with following parameters:

Eth0: IP: (External) - This is connected to a ISP Managed Cisco 1900 Series Router. This is a routed subnet services TPG NBN Conneciton.

Eth1: IP: (Trusted)

Eth2: IP: (External) - This is connected to a TPG NTU and is a IPVPN Connection. This also requires RIPv2 and has dynamic routing setup.
Dynamic Routing Configuration:
1. Enabled Dynamic Routing is enabled.
2. Enable RIP is enabled
Rip Configuration :
router rip
network …
I have been seeing quite a bit of traffic attempts from a specific ip address to access the above described firewall
how can I block this specific ip address without just blocking all?
Hi, we are preparing the rules for Zone-based Policy Firewall on Router c3925, however we need to confirm which traffic usually pass through a router, so that the rule will not block/allow any useful/bad traffic. So can we have a method to see it?

Is there a way other than: "show ip cache flow", "sh ip traffic" ?  

Many thanks in advance,
Hi, we are having Router Cisco 3925 between LAN and WAN, however it seems like the money is required for AnyConnect VPN on Cisco 3925. We found that pfSense (Free) can be deployed to serve VPN connections however we need to understand its pros and cons.
-So can anyone explain please?
-Should we deploy it or purchase license for AnyConnect?
-Do you know any free Cisco VPN solution that we can configure inside our C3925?

Our priority is:
- Compatible with current environment with minimum impacts to about 400 users
- Easy to configure and troubleshoot
- Price  

Many thanks in advance,
I have a new customer the VPN going straight to the customer was working fine with Comcast crappy router, I install a pfsense and created a rule under nat for VPN, setup server with a static IP etc. somehow this does not work. any help greatly appreciated
Hello experts-exchange, can the ASA 5520 be configured for SMTP Gateway relay use?
Thank you,
hi I need some assistance setting up the wan on a new pfsense appliance, I followed the instructions somehow I still can't browse.
how do I setup the wan on this, most tutorials show an older version of pfsense and honestly I'm a total noob on pfsense.
ASUS Router RT AC3200

Typically, when you bridge a modem it loses any wifi broadcasting abilities & you can no longer directly hardwire your PCs ethernet cable to it - you now must plug in directly into the router. In addition you lose the ability to use to see your modem's GUI anymore. It's still there, I just need some kind of router permission, tweak, programming, firewall allowance, setting enabled, call it what you want, to be able to use again. I know there's a way through the router just need help.

Any ideas?
Ready to trade in that old firewall?
Ready to trade in that old firewall?

Whether you need to trade-up to a shiny new Firebox or just ready to upgrade from whatever appliance you're using now, WatchGuard has the right appliance for you! Find your perfect Firebox today with appliance sizing tool!


I have added few folders(say abc, def) as favorite tool bar in Internet explorer 11.

when i try to save a link to one of favorite tool bar folder called abc it is not allowing me.

there is no save option there.

please advise
HI I am kind of new to this of sense firewall, I have the latest release, my question is about the subnetting for I have to use /30 if I'm not mistaking. also if I'm setting up a VPN server inside the network were do I open ports for this. I look into the nat and configure some things there but I can't be sure.
what is the best to have the selection criteria for Firewall and Endpoint security  in the TC level . most  of the  firewall and the end point security has the similar common features . so that very difficult to select the over another  . some are saying we are in the top 3 in the that report , some are saying  we have the gateway level syn .  with the end point , like wise

please give me the best approach on this . we don't want to have the most expensive product

We have a Windows Server 2008 R2 configured as a NAT Server. Currently we have limited bandwidth, so I would like to monitor usage per user. Is it possible to monitor usage via Windows somehow? If not can anyone advise a freeware solution?

Best Regards,

I've just installed a pfSense 2.1.5 on a VM for a migration purpose. This psSense vm will be on a Private vswitch talking to another vm (a testing pc) on the same private vswitch. While I tried to start pfSense up for the first time I found I can't get passed WAN setup --it asks for WAN interface name, which I don't know. (I actually need to set up LAN, but I now cannot even get over WAN setup.) Can you help please?

Here is error I am getting:
VLAN Capable interfaces:
No interfaces found!
No VLAN capable interfaces detected.
*NOTE* pfSense requires *AT LEAST* 1 assigned in....
..*WILL NOT* function correctly.

If you do not know the names of your interfaces, you may choose to use auto-detection. In that case, disconnect all interfaces now before hitting 'a' to initiate auto detection.

Enter the WAN interface name or 'a' for auto-detection:

If I hit 'a',
Connect the WAN interface now and make sure that the link is up.
Then press ENTER to continue.

I get:
Warning: Invalid argument supplied for foreach() in /etc/inc/ on line 447
No link-up detected.

Enter the WAN in....
Hello Experts,


The system includes

OS: Win2012R2

3G router (VPN SIM Card)
Interface ppp0 IP:
Interface usb0 IP:
OS: ARM Linux

Client PC


3 of them connect by

Server <---> 3G router <----> PC Client


The 3G Router is basic linux with nothing but iptables command. I tried several command option but did not work so far.

Such as,  
/mnt/nand1-1/ap/iptables -t nat -A PREROUTING -p tcp -i ppp0 --dport 21 -j DNAT --to-destination

PS. PC client can Ping 3g Router IP: but cannot Ping
Will you have any ideas?
Thank you.

Software Firewalls





Software firewalls, also known as host-based firewalls, provide a layer of software on one host that controls network traffic in and out of that single machine. Most operating systems now include firewall software, but many available software firewalls include central distribution, antivirus systems and disaster recovery.