a quick thought

[git]

whats the diffrence between hardware firewalls (the box) and softwhare firewalls (say zonealarm) just wounderin

[SoggyBottom]

Hardware firewalls can perform stateful inspection, proxying etc...

When Stateful inspection firewalls receive a SYN packet, the packet is compared against the rulebase, and allowed/denied according to the ruleset you have defined. Once a a TCP connection has been established, the connection details are placed in a connection table. All non-SYN packets are compared against the connection table, and not the rulebase. This has numerous benefits, and I could spend all day explaining. Maybe better to do a google search, or look at phoneboys website.

Proxying firewalls do exactly that, proxy your TCP connections on your behalf.

You can also cluster 2 hardware firewalls together for failover purposes, and keep the connection tables synced to allow seamless connections when one goes down, or a ruleset is being updated.

Havent really reasearched that much into personal/software firewalls. Some may have the ability to do some of the above. Someone with more expertise may be able to further elaborate.

Hope that it helps somewhat.

[droby10]

there's alot of ambiguity with the term hardware firewall.

a) some insist that a true hardware firewall doesn't exist....yet. (ie. everything (sometimes even including rulesets) is burned into the chip)

b) other's will refer to a box that was built to do one thing and thats firewall as a hardware firewall. (ie. nokia IP series, cisco pix, netscreen, etc.).

c) other's refer to any standalone host that runs a firewall as a hardware firewall (ie. a linux box running ip tables).

d) and others, such as soggybottom will refer to a stateful inspection as a constitution for a hardware firewall.

for myself, i generally stick with definition b.

[Later_Gator]

good question... i always wanted to know more about fire walls but havent got aroung to thinking of any good questions...