Home > Ask the Networking Experts > Network security Questions & Answers > Which is better - a firewall appliance or a dedicated machine running firewall software?
Ask The Networking Expert: Questions & Answers
EMAIL THIS

Which is better - a firewall appliance or a dedicated machine running firewall software?

Puneet Mehta EXPERT RESPONSE FROM: Puneet Mehta

Pose a Question
Other Networking Categories
Meet all Networking Experts
Become an Expert for this site


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


>
QUESTION POSED ON: 15 October 2003

This is a question in regards to creating a firewall for my business; we have roughly 350 computers with six servers. Budget is not an issue, security is.

I've been reading up on firewalls and am having difficulty seeing through to the facts of which is actually better, a firewall appliance, or a dedicated machine running firewall software. Each of the companies that make them say that their product is better, and I can't seem to find out which one actually is.

Have you got any advice as to which one might be more suitable?


>
It's a fact that firewalls are moving to appliances and the reason behind it is to make them as secure as possible. It's not the appliance itself, which makes a difference, but the OS (firmware), memory, processing power, architecture and the kernel, which drives it.

The major problem seen with the software-based firewalls is the performance basically with network traffic control, since it relies totally on the underlying hardware for its stability and performance. Moreover, any missed security patches on the underlying OS can have the firewall system compromised even while the Firewall is running. A firewall is not isolated in a design, but rather integrated with corporate VPNs and IDS as well.

When it comes to a firewall, downtime is a big NO. It requires a high processing and memory power to perform all these transactions. In fact Nokia last year announced that all of its enterprise range firewalls will be appliance based. Why have firewall software from one and install it on another vendor's hardware, when you can have a single vendor providing all the services in just one box. Appliance takes away the headache of maintaining security patches for each – the hardware, OS and the firewall software.


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   



RELATED CONTENT
Network Security Monitoring and Analysis
Application-specific network intrusion detection systems emerge
Anomaly-based intrusion protection configuration and installation
How can I calculate perimeter firewall throughput?
How do I find the application on my network that's dropping packets?
Integrating NAC with network security tools
Where can I find a sample security audit report? How can I run my own?
The firewall remains the network traffic cop, but its role is changing
Troubleshooting VLANs: How to monitor 802.1q tagged traffic
Poor data-loss prevention practices almost cost Intel a billion
How can I block my competitor's IP address range from my website?

Network security
Where can I find Puneet Mehta's most recent network security advice?
How do VPN concentrators and network access servers (NAS) differ?
What keeps unauthorized users from accessing my IP address/Internet?
Controlling network access by MAC address restriction on wired networks
Retrieve network resources and email after installing ISA Server 2004
What does a QM FSM error signify on a VPN Concentrator?
How to block porn with ISA-server firewalls
Who is responsible for updating network firewalls?
How to locate the lost IP address of an access point (AP)
What HIPPA-compliant software would you recommend for online medicine?

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
deep packet inspection (DPI)  (SearchNetworking.com)
FCAPS  (SearchNetworking.com)
Nessus  (SearchNetworking.com)
netstat  (SearchNetworking.com)
port mirroring  (SearchNetworking.com)

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary



Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
Browse our Expert Advice



Expert networking advice and tips for IT professionals
About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2000 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts