Results 1 to 4 of 4

Thread: a quick thought

  1. #1
    Junior Member
    Join Date
    Aug 2002
    Posts
    22

    a quick thought

    whats the diffrence between hardware firewalls (the box) and softwhare firewalls (say zonealarm) just wounderin

  2. #2
    Senior Member
    Join Date
    Jan 2002
    Posts
    371
    Hardware firewalls can perform stateful inspection, proxying etc...

    When Stateful inspection firewalls receive a SYN packet, the packet is compared against the rulebase, and allowed/denied according to the ruleset you have defined. Once a a TCP connection has been established, the connection details are placed in a connection table. All non-SYN packets are compared against the connection table, and not the rulebase. This has numerous benefits, and I could spend all day explaining. Maybe better to do a google search, or look at phoneboys website.

    Proxying firewalls do exactly that, proxy your TCP connections on your behalf.

    You can also cluster 2 hardware firewalls together for failover purposes, and keep the connection tables synced to allow seamless connections when one goes down, or a ruleset is being updated.

    Havent really reasearched that much into personal/software firewalls. Some may have the ability to do some of the above. Someone with more expertise may be able to further elaborate.

    Hope that it helps somewhat.
    SoggyBottom.

    [glowpurple]There were so many fewer questions when the stars where still just the holes to heaven - JJ[/glowpurple] [gloworange]I sure could use a vacation from this bull$hit, three ringed circus side show of freaks. - Tool. [/gloworange]

  3. #3
    Senior Member
    Join Date
    Jun 2002
    Posts
    165
    there's alot of ambiguity with the term hardware firewall.

    a) some insist that a true hardware firewall doesn't exist....yet. (ie. everything (sometimes even including rulesets) is burned into the chip)

    b) other's will refer to a box that was built to do one thing and thats firewall as a hardware firewall. (ie. nokia IP series, cisco pix, netscreen, etc.).

    c) other's refer to any standalone host that runs a firewall as a hardware firewall (ie. a linux box running ip tables).

    d) and others, such as soggybottom will refer to a stateful inspection as a constitution for a hardware firewall.

    for myself, i generally stick with definition b.
    -droby10

  4. #4
    Junior Member
    Join Date
    Aug 2002
    Posts
    21
    good question... i always wanted to know more about fire walls but havent got aroung to thinking of any good questions...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •