Software Firewalls





Software firewalls, also known as host-based firewalls, provide a layer of software on one host that controls network traffic in and out of that single machine. Most operating systems now include firewall software, but many available software firewalls include central distribution, antivirus systems and disaster recovery.

Share tech news, updates, or what's on your mind.

Sign up to Post

Dear Experts,

I have a set of fortigate firewall policies which I need to duplicate on a cisco router.

I have done most of the point A to point B.

The issue I have now is the NAT and there is an IP Pool, is there a guide on how I can translate the rules from firewall to cisco router?

Any help is appreciated.
Webinar: Miercom Evaluates Wi-Fi Security
Webinar: Miercom Evaluates Wi-Fi Security

It's not just about Wi-Fi connectivity anymore. A wireless security breach can cost your business large amounts of time, trouble, and expense. Plus, hear first-hand from Miercom how WatchGuard's Wi-Fi security stacks up against the competition in our upcoming webinar!

I am deploying pfSense firewall following the topology bellow:
My Network Topology : Router + pfSense + FW1 (Router connected to Internet) + Internet Service Provider + Internet WebsiteWhere FW1 is a router connected to Internet using a leased line connection, and pfSense firewall is located in a BACKBONE network, different as users networks.
I add too, that this is a new setup of this firewall, and connectivity in both sides is verified, i mean:
  • Connection to internet : i was able to download new package SQUID/SQUIDGard from Package Manager
  • Connection to the LAN : i can access firewall from  my pc, and i can see SQUID error message, when i try to open a website
The problem now, I want to grant PC IP address authorization to access Internet. I created a RULES for both HTTP and HTTPS protocols, but i still cannot access Internet.
And the firewall, says that i have not the right to do so.
I'd appreciate any help from you Experts.

TrendMicro IWSVA latest version.

Catergory filtering with HTTP works fine but not with HTTPS websites.

Any idea?

I have been using an Excel 2016 VBA program that uses XMLPRC to upload some documents to a website.
This program has been in use for a number of years now, but it has just started to fail on my Windows 10 machines.

I see some messages in the Security Event log saying that the The Windows Filtering Platform has blocked a packet. Event ID 5152
I have added Excel to the Firewall, but doesn't seem to change.
The Windows Filtering Platform has blocked a packet.

Application Information:
	Process ID:		0
	Application Name:	-

Network Information:
	Direction:		Inbound
	Source Address:
	Source Port:		443
	Destination Address:
	Destination Port:		54377
	Protocol:		6

Filter Information:
	Filter Run-Time ID:	103400
	Layer Name:		Transport
	Layer Run-Time ID:	13

Open in new window

Is there somewhere else I can find details, or how can I allow these through?
Hi Experts

I am looking for a router capable of delivering a DHCP range of  /19 or above, with DSL and ethernet WAN ports |(VDSL) for large applications.  On-board wifi is not required.  L7 firewall an advantage
Can you advise?  Many thanks in advance
i have a Cisco ASA 5520 and 500MB internet/bandwidth line, the problem is the throughput on the FW is low and it throttles the bandwidth. Execs don't want me to upgrade now so i was wondering is there some kind of add on i can use  

ASA 5520
1: ASA5520, 512 MB RAM, CPU Pentium 4 Celeron 2000 MHz
2: Up to 2048MB RAM
3: Intel Celeron M Processor 450 2.0GHz
4: Cavium Nitrox Lite CN1010
Hi All,

I need some assistance setting up the below. I've got 3 "subnets" to set up internally. All must be able to reach the internet through the suppliers router.

The networks are 2x /26 and 1x /27. VLANS 601 & 603 are desktop pc's. VLAN 602 will be Cisco phones. 601 and 603 do not need any seperation, they're just to cover the seperate DHCP ranges. DHCP will be provided by an external source (hopefully) through a VPN setup on the ASA Firewall. I'm looking to setup outside interface, inside interface and access for all vlans.

Is anyone able to provide a sample config on how I could get this working?

Network Overview

is there any free open source gui for modsec managment and monitoring?
I looking for any free firewall software appliance. (Like the old version of sophos. The new version of Sophos provide only 30 days software appliance)
I don't know if there is any firewall which provide a software appliance free and without time restriction.
I want to change pfsense logo in the web gui
but I cant find the image file.
I am using the last version of it.
Simple Misconfiguration =Network Vulnerability
Simple Misconfiguration =Network Vulnerability

In this technical webinar, AlgoSec will present several examples of common misconfigurations; including a basic device change, business application connectivity changes, and data center migrations. Learn best practices to protect your business from attack.

Problem with customers sending/receiving documents from server, running SolarwindServer har returned after Windows Update
After Windows Update port 22 i closed
If I stop the windows firewall, I still have the issue and according to traceng, port 22 is close even if firewall has been stopped
I only have a firewall setting for inbound port 22 (see attached files)

My hosting company solve the issue - they ask if there is an update avaiable for Solarwind SCP Server ver.
We have Migrated all the servers to a new domain.TMG  SERVER 2010 stop responding after joining to a new the event log following errors are logged

old domain was

new domain is

1-the kerberos client received s krb_ap_err_modified error from the server dm-tmg01$.the target server name used was ldap/ indicate that the target server failed to decrypt the ticket provided by the client.

2-Windows Could not start the microsoft Forefront TMG Managed control Service On local Computer Error:1068

3-Windows Could not start the microsoft Forefront TMG job schedular Service On local Computer Error:1068

4-Windows Could not start the microsoft Forefront TMG Firewall Service On local Computer Error:1068
Dear Experts
We have hosted SugarCRM application on premise and for external users we have configured firewall that is hardware appliance fortigate 60C to function as SSL Web VPN where the users login to the firewall appliance portal and from here they access CRM application, they are able to login to the CRM through the  web VPN portal but the dashboard reports are not showing up, it shows blank dashboard but when we access directly to the CRM application we are able to see the dash board reports, please help me understand to where things are going wrong and how to fix it please.
VAPT Test from fortinet.  I tested using this
Now I want to test from outside by typing public IP.
IS there anyone who can guide me?
I have run ubuntu 18.4 lts
I install suricata by flowing these step:
everything is fine but I didn't understand where I have to put this server
I have main getaway --- > lan

so it will be just for listening or can drop packets?
what is the best opensource firewall that can work with mikrotik for ips,ids,brute force, attack ?
also is there any free open source waf server ?
I am trying to take backup of my ASA through tftp.

Command: ASA01/Hyb(config)# write net

Response: Building configuration...

                      INFO: Default tftp-server not set, using highest security interface Cryptochecksum: ******************************** !

%Error writing tftp:// //Test-561.tmp;int=inside (Timed out attempting to connect) [FAILED]

 Also after executing this command,  Test-561.tmp is created in TFTP directory but with size 0

TFTP server is installed in Linux, tftp is working fine as I am able to take backup of other ASA which is in the same network.

Your help will be appreciated.

Dilraj Kumar Paswan
We have cisco wireless controller 2500, there it will not support webfiltering. i just want to do web filtering for my office wifi.

so can i use any tool in dns server to block websites??

please suggest me some simple and open source tool

My goal is to be able to connect to private network located behind OpenVPN client ( via OpenVPN server WAN interface.
For example I want this forwarding: http://{Ubuntu WAN IP}:443 -->  http://{Private LAN IP behind OpenVPN client }:443
Please take a look at the attached screenshot.
-  Ubuntu VPS knows the route to private LAN subnet that is behind OpenVPN client ( and MikroTik router knows the route to OpenVPN subnet (
- I can connect to Ubuntu VPS via SSH and successfully ping MicroTik OpenVPN interface ( and also I can ping any host from MicroTik private LAN subnet that is behind OpenVPN client ( , needless to say the private LAN hosts that are behind OpenVPN client (from subnet) can easily ping Ubuntu OpenVPN interface ( too.
- Also any host from OpenVPN subnet ( if connected to OpenVPN server via OpenVPN client allows communication like http://{Ubuntu WAN IP}:443 --> http://{Private IP of OpenVPN client}:443 using UFW NAT rule.
When I’m trying http://{Ubuntu WAN IP}:443 --> http://{Private LAN IP behind OpenVPN client}:443 I have following behavior:
1)      Packets successfully arrive to host behind OpenVPN client (to any host from )
2)      But the host of this subnet can't route back this received public IP packet via OpenVPN tunnel, it replies using ISP WAN address.

I would very happy if someone is able to help me solve this …
CompTIA Cloud+
LVL 12
CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

Hello, Could you help with this issue ? i can't push a policy in checkpoint i have this error
eror database checkpoint
COuld you help me ?
Cannot access FTP Server (Win2016Std) from Internal.  (or from outside, when used with WordPress as a client)

FTP Server ( and IIS on same server behind firewall (TMG 2010). Configured publishing rule to forward External IP (X.X,X,X) to Internal (

All firewall rules are configured. Can connect from outside by FTP client (PASV) - no problems! Do not really need to connect from LAN, but


WORPRESS SITE requires FTP Server setup on WEB Server to upload Updates from WEB Site.

When I try to ftp from WordPress it sends internal IP of the WEB Site as a client IP ( not the Client IP of the Browser machine.
So, TMG does not allow internal to external loopback...

Any solution?
blocking webmail on Cisco Umbrella but allowing gmail, office365 links

the problem is i am allowing and but when i block the webmail category it also blocks gmail. can idea what other url i need to allow?
Website can't be reach internal network!

I have weird issue came up. we have company website that hosted on and working. I can access from outside of my network and without our router/firewall. I used my laptop directly plug into ISP modem and can access the website fine.  I can ping by ip address of the site and name of the address.  I can ping or just fine.
I can nslookup from internal computer and came up with correct ip address. I cleared the cache on internal DNS server.  I tried turn off firewall (Cisco RV345P).
None of these working. Help!!!
Apache Tomcat 8 with IIS and Apache Connectors getting null request.getRemoteUser() when trying to get to a secure application.  I have multiple applications and one in particular keeps throwing this error.  I am logged in already but when I go to this application I get this error.  I have tried the old suggestion of tomcatAuthentication="false" and that is making no difference.  This particular application is old and the newer ones built in Grails are not having issues.  A team mate thinks something in IIS is stripping something out causing this however other applications are working so it would be hard to say it is stripping things out.  This is all running on Windows server 2016.  Https is in use and there is a firewall involved.  Ports have been allowed.  Old applicaiton with the issue is running an old version of Struts.
Hi All,

We have an issue with our remote devices not talking to the SCCM cloud management gateway. A device that is on the internet will not connect to the gateway. The LocationServices.LOG will return entries like WINHTTP_SECURE_FAILURE. When the device starts up a VPN connection with the company network, it connects properly to the on premise SCCM MP. Oddly enough, when deconnecting the VPN, the device switches over to the cloud gateway without any problem and stays connected. After a reboot, for instance, the same story starts all over again.
Could there be an issue with the SSL certificate on the cloud gateway? I believe it has been configured correctly. Below is included an excerpt of the locationservices.log. Any help would be very much appreciated!!

]LOG]!><time="08:26:06.909-60" date="02-14-2018" component="LocationServices" context="" type="1" thread="10500" file="event.cpp:840">
<![LOG[Failed to send request to /CCM_Proxy_MutualAuth/72057594037927939/SMS_MP/.sms_aut?SITESIGNCERT at host ABCDEFG.CLOUDAPP.NET, error 0x2f8f]LOG]!><time="08:26:06.910-60" date="02-14-2018" component="LocationServices" context="" type="2" thread="10500" file="ccmhttpget.cpp:1599">
<![LOG[[CCMHTTP] ERROR: URL=https://ABCDEFG.CLOUDAPP.NET/CCM_Proxy_MutualAuth/72057594037927939/SMS_MP/.sms_aut?SITESIGNCERT, Port=443, Options=480, Code=12175, Text=ERROR_WINHTTP_SECURE_FAILURE]LOG]!><time="08:26:06.910-60" date="02-14-2018" component="LocationServices" context="" type="1" …

Software Firewalls





Software firewalls, also known as host-based firewalls, provide a layer of software on one host that controls network traffic in and out of that single machine. Most operating systems now include firewall software, but many available software firewalls include central distribution, antivirus systems and disaster recovery.