What are the Advantages of a Hardware Firewall

[quad master]

Hi All

Can any one tell me exactly what are the real advantages of a
hardware based firewall over a software one.

Except its a seperate box and doesn't interfere or load the CPU.

Waiting for your replies

[digen]

Well I will sum up with
Pros
1.Resources-All the resources are handled by the hardware firewall.Inbound attacks are all carried out at its expense.

2.Extra features & functions-SPI(Stateful Packet Inspection),Packet Filtering,Port Forwarding...These give a tad bit more security as against software firewalls.

3.Customisation-Placing a service for the public[internet] in the DMZ(Demilitarised Zone) becomes much more easier with added security.
Rules can be setup for blocking/allowing a range of ports.

4.They will protect the entire network which is not the case in software firewalls.You will have to install & configure a software firewall on each machine on the network + the rules.

Cons
1.But one thing that doesnt quite work well with hardware firewalls is outbound traffic.It considers everything leaving you internal network as legit.

Software firewalls work well in this regard of inspecting inbound services that are trying to access the internet.

This is what I could think of right now,anyways all in all a hardware firewall works good for a large network.For a home based network you are better off with a software firewall plus a NAT router with maybe SPI if you can afford.

[quad master]

Hey Thanks m8

[digen]

Hope it helped.

[indro]

Hi Digent Verma , what if i use a computer with 2-3 Lan cards , install Win2k3 Server , install Routing and Remote Access and use it as a Router ?

[AlienTech]

It would be much more complex to set up your own. Not only do you have to figure out how to get windows server to work, fix all the crash bugs, you also need a much faster system. A router is designed to check the packets going by in real time and hence designed that way. Using windows, it has to move the data to memory, check it, run its rules and then move it back to the LAN card and send it. PCI is fast but when you have multiple nics and a lot of rules it will slow down quite a bit.

Also prices are much cheaper than equivalent PC hardware.. At least in the US. You can get fairly good routers for a few hundred bucks. The cost of just the windows software. Also the new routers also have options to scan for virus a and email stuff. Which makes it basically a pc anyway. But reliability wise a stand alone router is the way to go. None of that boot up or crash problems.

[digen]

Quote:

Hi Digent Verma , what if i use a computer with 2-3 Lan cards , install Win2k3 Server , install Routing and Remote Access and use it as a Router ?

Sorry but I seem to have lost you there.And oh you cant install "routing".Basically a router is a hardware device which acts as a gateway also may have features such as Packet filtering,SPI...
Do you want to use a single machine as entirely for routing purposes?
Then why install win2k server dude.If you have a old machine lying around ,even a 486 will do then may I suggest you freeware solutions based on linux.These distros are built-in with features such as firewall,port blocking....Exactly what you need if you dont want to invest in a hardware router.

1.Clarkconnect-This one is very good considering the features it offers.Highly recommended by MVP's.

2.IPcop-Another good distro which is feature rich.

3.Smoothwall-Cool with lotsa options.

Configuring them is not hard if you go through the forums & documents posted at their respective sites.Get a few lan cards & a hub/switch whichever suits your pocket & you are on your way.

Quote:

Also the new routers also have options to scan for virus a and email stuff. Which makes it basically a pc anyway.

Are you kidding me?Can you atleast give me the company url which sells routers which scan for virus to backup whatever you posted?