whats the diffrence between hardware firewalls (the box) and softwhare firewalls (say zonealarm) just wounderin :)
Printable View
whats the diffrence between hardware firewalls (the box) and softwhare firewalls (say zonealarm) just wounderin :)
Hardware firewalls can perform stateful inspection, proxying etc...
When Stateful inspection firewalls receive a SYN packet, the packet is compared against the rulebase, and allowed/denied according to the ruleset you have defined. Once a a TCP connection has been established, the connection details are placed in a connection table. All non-SYN packets are compared against the connection table, and not the rulebase. This has numerous benefits, and I could spend all day explaining. Maybe better to do a google search, or look at phoneboys website.
Proxying firewalls do exactly that, proxy your TCP connections on your behalf.
You can also cluster 2 hardware firewalls together for failover purposes, and keep the connection tables synced to allow seamless connections when one goes down, or a ruleset is being updated.
Havent really reasearched that much into personal/software firewalls. Some may have the ability to do some of the above. Someone with more expertise may be able to further elaborate.
Hope that it helps somewhat.
there's alot of ambiguity with the term hardware firewall.
a) some insist that a true hardware firewall doesn't exist....yet. (ie. everything (sometimes even including rulesets) is burned into the chip)
b) other's will refer to a box that was built to do one thing and thats firewall as a hardware firewall. (ie. nokia IP series, cisco pix, netscreen, etc.).
c) other's refer to any standalone host that runs a firewall as a hardware firewall (ie. a linux box running ip tables).
d) and others, such as soggybottom will refer to a stateful inspection as a constitution for a hardware firewall.
for myself, i generally stick with definition b.
good question... i always wanted to know more about fire walls but havent got aroung to thinking of any good questions...