Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Software vs Hardware Firewalls
New Posts  All Forums:Forum Nav:

Software vs Hardware Firewalls

post #1 of 12
6/18/12 at 4:53am
Thread Starter 
I've read a few people here on OCN saying they wouldn't trust a software firewall in a production environment, and that hardware firewalls are better. Why is this, considering the fact that the hardware firewalls run software anyway?

What exactly is wrong with the likes of Untangle, pfSense, SmoothWall, m0noWall, Vyatta etc? Where does that sentiment leave products like the Vyatta 600 or the Untangle NG-100? Where does that sentiment leave the likes of Cisco, who are looking to virtualise their IOS products?

Trying to get a handle on things here. smile.gif

EDIT:

What do you guys think of SonicWall products?
Mythica
(14 items)
  		  
CPUMotherboardGraphicsRAM
Intel i3 530 Gigabyte GA-H55M-D2H Palit nVidia GT430 Corsair Dominator 4GB TW3X4G1333C9A 
Hard DriveHard DriveOSMonitor
Hitachi Deskstar 7K500 Samsung HD204UI Linux Mint 13 HP L1800 
KeyboardPowerCaseMouse
Trust EasyScroll Silverline Corsair HX520 Lian-Li PC-A04B Logitech Trackman Wheel 
View all
  hide details  
Reply
Mythica
(14 items)
  		  
CPUMotherboardGraphicsRAM
Intel i3 530 Gigabyte GA-H55M-D2H Palit nVidia GT430 Corsair Dominator 4GB TW3X4G1333C9A 
Hard DriveHard DriveOSMonitor
Hitachi Deskstar 7K500 Samsung HD204UI Linux Mint 13 HP L1800 
KeyboardPowerCaseMouse
Trust EasyScroll Silverline Corsair HX520 Lian-Li PC-A04B Logitech Trackman Wheel 
View all
  hide details  
Reply
post #2 of 12
6/18/12 at 5:03am
From a firewall point of view there is NO difference, most firewalls will run something like IP tables anywhos, so software is just as good as hardware, your right on the point when you say hardware firewalls run software wink.gif

However hardware based firewalls are genneraly based at the gateway of your network so all traffic goes though them, making some problems easy to troubleshoot

One thing to keep in mind is that if the software firewall is on you machine you use then you may still get some nasty mallware that trys to mess with the firewall rules and nullify it making it good to have a "hardware" firewall at your gateway

As for the virtual firewall its a topic we debate alot at work, personally i think why not? more security cant hurt!,

Random nibbit i didi a study of virtual firewall performance a few weeks ago, there performance was quite good, but vmware failed me miserably xD
Supercomputer ^_^
(13 items)
  		  
CPUMotherboardGraphicsRAM
1055T M4A88T-D EVO USB3 ATI 6850 4 GB 
Optical DriveOSMonitorKeyboard
DVD RW Windows 8 Pro lp1900 + 2 X 15 inch dell Microsoft Comfort Curve 
PowerCase
600watt thermaltake antec 200 
View all
  hide details  
Reply
Supercomputer ^_^
(13 items)
  		  
CPUMotherboardGraphicsRAM
1055T M4A88T-D EVO USB3 ATI 6850 4 GB 
Optical DriveOSMonitorKeyboard
DVD RW Windows 8 Pro lp1900 + 2 X 15 inch dell Microsoft Comfort Curve 
PowerCase
600watt thermaltake antec 200 
View all
  hide details  
Reply
post #3 of 12
6/18/12 at 8:39am
Thread Starter 
Thanks for the reply. Yeah, by "software firewall" I meant a distribution running on a dedicated but generic device (perhaps an x86 rack server) as opposed to a firewall running on a multipurpose workstation. smile.gif

What do you run at work?
Mythica
(14 items)
  		  
CPUMotherboardGraphicsRAM
Intel i3 530 Gigabyte GA-H55M-D2H Palit nVidia GT430 Corsair Dominator 4GB TW3X4G1333C9A 
Hard DriveHard DriveOSMonitor
Hitachi Deskstar 7K500 Samsung HD204UI Linux Mint 13 HP L1800 
KeyboardPowerCaseMouse
Trust EasyScroll Silverline Corsair HX520 Lian-Li PC-A04B Logitech Trackman Wheel 
View all
  hide details  
Reply
Mythica
(14 items)
  		  
CPUMotherboardGraphicsRAM
Intel i3 530 Gigabyte GA-H55M-D2H Palit nVidia GT430 Corsair Dominator 4GB TW3X4G1333C9A 
Hard DriveHard DriveOSMonitor
Hitachi Deskstar 7K500 Samsung HD204UI Linux Mint 13 HP L1800 
KeyboardPowerCaseMouse
Trust EasyScroll Silverline Corsair HX520 Lian-Li PC-A04B Logitech Trackman Wheel 
View all
  hide details  
Reply
post #4 of 12
6/18/12 at 9:58am
we have a custom build based on centos, runs fierwall proxy email everything though im not sure im allowed to say by the company or the TOS as we sell firewall services heh xD so i dont want to iccure the wrath of mods / emplyer ^_^ thumb.gif

A firewall you build yourself is just as secure as long as its configured correctly long as you have poicy as default deny and only allow in and out the good stuff
Supercomputer ^_^
(13 items)
  		  
CPUMotherboardGraphicsRAM
1055T M4A88T-D EVO USB3 ATI 6850 4 GB 
Optical DriveOSMonitorKeyboard
DVD RW Windows 8 Pro lp1900 + 2 X 15 inch dell Microsoft Comfort Curve 
PowerCase
600watt thermaltake antec 200 
View all
  hide details  
Reply
Supercomputer ^_^
(13 items)
  		  
CPUMotherboardGraphicsRAM
1055T M4A88T-D EVO USB3 ATI 6850 4 GB 
Optical DriveOSMonitorKeyboard
DVD RW Windows 8 Pro lp1900 + 2 X 15 inch dell Microsoft Comfort Curve 
PowerCase
600watt thermaltake antec 200 
View all
  hide details  
Reply
post #5 of 12
6/18/12 at 12:13pm
The issue isn't the software itself. The issue is if they're in your network, you've already lost. Software installed on your PC isn't going to do much if they're already behind your NAT.
Digital Venturis 466
(13 items)
  		  
CPUMotherboardGraphicsRAM
Intel Overdrive 486DX4 100Mhz Digital Venturis 466 S3 Trio 32 1MB 68MB 72 Pin SIMMs 
Hard DriveOptical DriveOSMonitor
1.2Gb & 270Mb 32X CD-ROM Windows 98 SE LG 23" Flatron 
KeyboardPowerCaseMouse
Microsoft PS/2 Lite-On Digital Venturis 466 Logitech PS/2 
View all
  hide details  
Reply
Digital Venturis 466
(13 items)
  		  
CPUMotherboardGraphicsRAM
Intel Overdrive 486DX4 100Mhz Digital Venturis 466 S3 Trio 32 1MB 68MB 72 Pin SIMMs 
Hard DriveOptical DriveOSMonitor
1.2Gb & 270Mb 32X CD-ROM Windows 98 SE LG 23" Flatron 
KeyboardPowerCaseMouse
Microsoft PS/2 Lite-On Digital Venturis 466 Logitech PS/2 
View all
  hide details  
Reply
post #6 of 12
6/18/12 at 5:00pm
Thread Starter 
@killabytes

I get that. :-) I thought that the reference to the apparent superiority of hardware firewalls was something inherent in them, as opposed to their location on the network.

I assume typical installations have multiple layers of security where individual servers also run firewall software, as opposed to being fully open - I assume this practice is used when there are multiple routers on the network too?

@Ulquiorra

How do you mean VMware failed you?
Mythica
(14 items)
  		  
CPUMotherboardGraphicsRAM
Intel i3 530 Gigabyte GA-H55M-D2H Palit nVidia GT430 Corsair Dominator 4GB TW3X4G1333C9A 
Hard DriveHard DriveOSMonitor
Hitachi Deskstar 7K500 Samsung HD204UI Linux Mint 13 HP L1800 
KeyboardPowerCaseMouse
Trust EasyScroll Silverline Corsair HX520 Lian-Li PC-A04B Logitech Trackman Wheel 
View all
  hide details  
Reply
Mythica
(14 items)
  		  
CPUMotherboardGraphicsRAM
Intel i3 530 Gigabyte GA-H55M-D2H Palit nVidia GT430 Corsair Dominator 4GB TW3X4G1333C9A 
Hard DriveHard DriveOSMonitor
Hitachi Deskstar 7K500 Samsung HD204UI Linux Mint 13 HP L1800 
KeyboardPowerCaseMouse
Trust EasyScroll Silverline Corsair HX520 Lian-Li PC-A04B Logitech Trackman Wheel 
View all
  hide details  
Reply
post #7 of 12
6/19/12 at 12:42am
I did tests for throughput, at 100meg it was fine, when i tried gigabit it hung around 110meg where KVM and XEN had thoughput in the 800-900meg range.
Supercomputer ^_^
(13 items)
  		  
CPUMotherboardGraphicsRAM
1055T M4A88T-D EVO USB3 ATI 6850 4 GB 
Optical DriveOSMonitorKeyboard
DVD RW Windows 8 Pro lp1900 + 2 X 15 inch dell Microsoft Comfort Curve 
PowerCase
600watt thermaltake antec 200 
View all
  hide details  
Reply
Supercomputer ^_^
(13 items)
  		  
CPUMotherboardGraphicsRAM
1055T M4A88T-D EVO USB3 ATI 6850 4 GB 
Optical DriveOSMonitorKeyboard
DVD RW Windows 8 Pro lp1900 + 2 X 15 inch dell Microsoft Comfort Curve 
PowerCase
600watt thermaltake antec 200 
View all
  hide details  
Reply
post #8 of 12
6/19/12 at 5:15am
Thread Starter 
@Ulquiorra

Wow, that is a miserable failure, and surprising considering what VMware costs. Might be a driver issue...having said that though, I suppose high throughput networking isn't really their thing, so it looks like VMware virtualised file servers and edge routers are out of the question - was that ESXi or the fully-loaded vSphere? Still shocking that Xen and KVM kick their ass though. tongue.gif

@thread

Apart from Cisco, can anyone recommend a good edge device? I was thinking of SonicWall (since they are owned and therefore supported by Dell), but what others are out there? This is for an SME environment.
Mythica
(14 items)
  		  
CPUMotherboardGraphicsRAM
Intel i3 530 Gigabyte GA-H55M-D2H Palit nVidia GT430 Corsair Dominator 4GB TW3X4G1333C9A 
Hard DriveHard DriveOSMonitor
Hitachi Deskstar 7K500 Samsung HD204UI Linux Mint 13 HP L1800 
KeyboardPowerCaseMouse
Trust EasyScroll Silverline Corsair HX520 Lian-Li PC-A04B Logitech Trackman Wheel 
View all
  hide details  
Reply
Mythica
(14 items)
  		  
CPUMotherboardGraphicsRAM
Intel i3 530 Gigabyte GA-H55M-D2H Palit nVidia GT430 Corsair Dominator 4GB TW3X4G1333C9A 
Hard DriveHard DriveOSMonitor
Hitachi Deskstar 7K500 Samsung HD204UI Linux Mint 13 HP L1800 
KeyboardPowerCaseMouse
Trust EasyScroll Silverline Corsair HX520 Lian-Li PC-A04B Logitech Trackman Wheel 
View all
  hide details  
Reply
post #9 of 12
6/19/12 at 6:26am
As you said i have a feeling it was down to the driver i dont dout that it can do better but i was just tetsing stock smile.gif so it could have been that! also it was esxI as im a poor student $_$ haha, so that may also make a difference smile.gif

there is also people like juniper, or a linux box, but my advise is go with what you know / what you compaies experiance is smile.gif if a box has got a million wistles but you only know how to use one whats the point and you may hurtyourself by missing something ^_^
Supercomputer ^_^
(13 items)
  		  
CPUMotherboardGraphicsRAM
1055T M4A88T-D EVO USB3 ATI 6850 4 GB 
Optical DriveOSMonitorKeyboard
DVD RW Windows 8 Pro lp1900 + 2 X 15 inch dell Microsoft Comfort Curve 
PowerCase
600watt thermaltake antec 200 
View all
  hide details  
Reply
Supercomputer ^_^
(13 items)
  		  
CPUMotherboardGraphicsRAM
1055T M4A88T-D EVO USB3 ATI 6850 4 GB 
Optical DriveOSMonitorKeyboard
DVD RW Windows 8 Pro lp1900 + 2 X 15 inch dell Microsoft Comfort Curve 
PowerCase
600watt thermaltake antec 200 
View all
  hide details  
Reply
post #10 of 12
6/20/12 at 7:18am
SonicWall devices are pretty good, and affordable for consumers who want more than the generic WRT-54G wireless router, at their gateway. Cisco ASA are nice, but not cheap.

I personally LOVE Untangle. I have a production retired HP Workstation that I took home from a previous employer. I don't remember the model, but it's a pedestal workstation with a quad core Xeon and 4GB of RAM. 3 Gigabit NICs, and a pair of 80GB 7200RPM Spindle drives in Raid 1. Untangle is sitting at my gateway, and is great. All the virtual application, such as Anti-Virus, Ad-Blocker, Spyware Blocker, Spam Blocker (yes I run an email server), Phish Blocker, Intrusion Prevention, reporting, and OpenVPN. I have a 50x5 WAN connection, and I get every bit of it through this firewall. Uses less than 1GB of the available 4GB RAM, and is usually online for months at a time. Great web based management, easy to configure, and easy to set up a DMZ network. Can also do DNS and DHCP if you don't have one internally (which I do).
Main PC
(17 items)
 
VMHOST01
(9 items)
  		 
CPUMotherboardGraphicsGraphics
AMD Phenom II X4 945 ASUS Sabertooth 990FX ASUS EAH9650 DCII/2DI4S/2GD5 ASUS EAH9650 DCII/2DI4S/2GD5 
RAMHard DriveOptical DriveCooling
Mushkin Enhanced Redline DDR3-1866 16GB (4X4GB) Mushkin Enhanced Chronos Deluxe SATA III 60GB Generic DVD-RW Corsair Hydro H60 
OSMonitorMonitorMonitor
Windows Server 2008R2 (setup a workstation) Dell E2011H 20-inch Widescreen Dell E2011H 20-inch Widescreen Dell E2011H 20-inch Widescreen 
KeyboardPowerCaseMouse
PS/2 Logitech Something.  Rosewill Bronze Series RBR1000-M Rosewill RSV-L4000 4U Server Chassis Cyborg R.A.T. 7 
Mouse Pad
Generic Black Mouse Pad from The Wal-Mart 
View all
CPUMotherboardGraphicsRAM
AMD FX-8120 GIGABYTE GA-990XA-UD3 PowerColor Go! Green AX5450 512MK3-SHV6 Radeon ... Crucial Ballistix Sport DDR3-1600 32GB (4 x 8GB) 
Hard DriveCoolingOSPower
Mushkin Enhanced Chronos 60GB Crucial Ballistix Active Cooling Fan Windows Server 2008R2 Rosewill Green Series RG530-S12 530W 
Case
Rosewill RSV-L4000 
View all
  hide details  
Reply
Main PC
(17 items)
 
VMHOST01
(9 items)
  		 
CPUMotherboardGraphicsGraphics
AMD Phenom II X4 945 ASUS Sabertooth 990FX ASUS EAH9650 DCII/2DI4S/2GD5 ASUS EAH9650 DCII/2DI4S/2GD5 
RAMHard DriveOptical DriveCooling
Mushkin Enhanced Redline DDR3-1866 16GB (4X4GB) Mushkin Enhanced Chronos Deluxe SATA III 60GB Generic DVD-RW Corsair Hydro H60 
OSMonitorMonitorMonitor
Windows Server 2008R2 (setup a workstation) Dell E2011H 20-inch Widescreen Dell E2011H 20-inch Widescreen Dell E2011H 20-inch Widescreen 
KeyboardPowerCaseMouse
PS/2 Logitech Something.  Rosewill Bronze Series RBR1000-M Rosewill RSV-L4000 4U Server Chassis Cyborg R.A.T. 7 
Mouse Pad
Generic Black Mouse Pad from The Wal-Mart 
View all
CPUMotherboardGraphicsRAM
AMD FX-8120 GIGABYTE GA-990XA-UD3 PowerColor Go! Green AX5450 512MK3-SHV6 Radeon ... Crucial Ballistix Sport DDR3-1600 32GB (4 x 8GB) 
Hard DriveCoolingOSPower
Mushkin Enhanced Chronos 60GB Crucial Ballistix Active Cooling Fan Windows Server 2008R2 Rosewill Green Series RG530-S12 530W 
Case
Rosewill RSV-L4000 
View all
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Software vs Hardware Firewalls