Firewalls: Hardware and Software.

I had some time to myself so I started strolling through the “Firewall & Honeypot Discussions”. Not too surprised, I noted that there were 513 threads and 4371 posts. Obviously I wasn’t so bored that I wanted to go through all 4371, so I chose to limit myself to 375 threads and narrow my focus down to the ever (not so) popular; “I’m not gonna do any research, search the archives, or google, before I ask: “which firewall is the best?” question.” (After making my eyes bleed from reading all of those, if I see that question again in the near future, I think I’ll get a 5th of Jack Daniels and go sit in a corner somewhere.)

So what was I going to do with this? What the heck, why not tally up the favorites for almost two years? I thought I’d keep it simple and write the name of the firewall down, count how many times it was recommended, and then categorize it into either; hardware or software firewalls. It wasn’t really that boring though! You folks kept me laughing the whole time with your liberal use of descriptions, adjectives, and according to some of our members, Firewalls can even “blow chunks”!

Unfortunately, I did notice a trend among the newer members. One of the most determining factors governing their choice was whether the firewall was “free” and not it’s functionality. The remaining preferences were based on the creature features and ease of operation of the respective firewalls.

No accuracy is promised here and I wouldn’t go buy some stock either. I only looked at the threads that addressed the question and of course a recommendation could have shown up in another thread as well. But it shouldn’t surprise anyone as to the results. Time frame used: 17 Jul 2002 thru 15 May 2004.

So directly from the AO Members:

Pix: dominated (had to put it by itself)

Linksys router (nat) – 4 times
Sonicwall – 4 times
Dlink – 2 times
Netgear (nat) – 2 times
Watchguard – 2 times
Fortigate – 1 time
Netscreen – 1 time
Raptor – 1 time
Sidewinder – 1 time


IPTables - dominated (had to put it by itself) {duh}

Smoothwall – 11 times
Coyote – 4 times
OBSD (default Install) - 4 times
Astaro – 3 times
IPCop - 2 times
Securepoint – 2 times
Devil Linux – 1 time
Mandrake – 1 time
Sentry – 1 time

Windows Compatibles:
Zone Alarm (Free & Pro combined) – 44 times *Popularity stayed steady throughout (especially for ZA Pro), however many members tossed ZA for Outpost and/or Sygate.
Outpost – 40 times *Really favored 2002-2003
Sygate – 36 times *More recently favored 2003-2004
Tiny – 25 times *Really popular 2002
Kerio - 20 times *More popular 2003-2004
BlackIce - 9 times
Norton – 8 times
Checkpoint – 7 times
McAfee - 5 times
VisNetic – 4 times
Bordermanager – 2 times
ICF (XP) – 2 times
Look’n’Stop – 2 times
Symantic – 2 times
BitGuard – 1 time
Gnatbox – 1 time
Kaspersky – 1 time
OmniQuad –1 time

For those that may not know: The original team that developed Tiny left the company and started the Kerio Firewall. It was based on the Tiny’s engine but with many improvements. That may help explain the popularity of Tiny in 2002 and then the Kerio popularity in 2003-2004.

Summary: For Hardware Firewalls – PIX most recommended. For *nix Software Firewalls – IP Tables was most recommended. And for Windows Compatible Software Firewalls – Kerio, Outpost, Sygate, Tiny, and ZA were the most recommended, however Kerio and Sygate were the most popular 2003-2004.