Firewall Wizards mailing list archives

Re: Hardware vs. Software firewall reliability

From: "Bill Pennington" <bpennington () lucidnetworks com>
Date: Wed, 8 Sep 1999 08:15:45 -0700

I have always preferred hardware firewalls to software firewalls. Most of my
clients do not have in house security staff or even knowledgeable sys admin
types. Since my company becomes the security team and sometimes the sys
admin team I want a firewall I don't have to worry about. We generally
deploy a Cisco Pix box and don't worry about it going down.

Having said that I have deployed several FW-1 on NT solutions that have
proven just as robust, but the effort I had to go through to make them that
robust was far more the I went through with the Pix. I am a relative newbie
when it comes to firewalls (about 2 years) and I have not had a chance to
work with a lot of different firewall software/hardware. From speaking with
a few ISPs around the Bay Area it seems that most use either Cisco Pix or
FW-1 on Unix. I think this speaks more towards the ability of the ISP staff
than it does towards the "best" firewall.

Just my .2.

Bill Pennington
Consultant
Lucid Networks


----- Original Message -----
From: Bill Stout <Bill.Stout () AristaSoft com>
To: <firewall-wizards () nfr net>
Sent: Tuesday, September 07, 1999 4:01 PM
Subject: Hardware vs. Software firewall reliability


I notice that more firewalls are of the hardware type.  It seems that over
time the hardware firewalls have become more robust, and with the minimal
configuration involved, lack of mechanical devices (disks) and underlying

OS

to fiddle with, seem to have higher MTBF ratings than software firewalls.
Seems that many on the list have predicted the rise of the hardware

firewall

and 'death' of the software firewall.

What is the current feel of hardware vs. software firewalls?

My specific interest is in protecting Internet service bureaus, with a
limited set of published applications.  Therefore outbound proxies are not
as critical.

BTW - Are there failover hardware firewalls available?

Bill Stout

Unresolved industry-wide date bugs:
-- Incompatible Julian date formats and translation logic remain in 'Y2K
ready' systems (enter 1/1/29 and 1/1/30 in Excel) MS=YYDDD, JDE=CYYDDD,
Oracle=YYYYDDD, etc
-- Think of the impact of dynamically changing OS date (Don't do this on a
server).  Open DOS window in 'Windows', type 'date /t', double-click clock
on taskbar, browse date (don't apply), type 'date /t' in DOS window,

cancel

'date/time properties' to restore.

Current thread:

Hardware vs. Software firewall reliability Bill Stout (Sep 07)
- Re: Hardware vs. Software firewall reliability Franck Veysset (Sep 08)
  - RE: Hardware vs. Software firewall reliability Joe Ippolito (Sep 10)
    - RE: Hardware vs. Software firewall reliability Jules Veloria (Sep 11)
    - RE: Hardware vs. Software firewall reliability Aaron D. Turner (Sep 11)
- Re: Hardware vs. Software firewall reliability Bill Pennington (Sep 08)
  - Re: Hardware vs. Software firewall reliability Christopher C. Petro (Sep 18)
- Re: Hardware vs. Software firewall reliability David Klann (Sep 08)
- Re: Hardware vs. Software firewall reliability Josh Robb (Sep 08)
- <Possible follow-ups>
- Re: Hardware vs. Software firewall reliability Ryan Russell (Sep 08)
- Re: Hardware vs. Software firewall reliability Marcus J. Ranum (Sep 08)
  - RE: Hardware vs. Software firewall reliability Lart (Sep 09)
    - RE: Hardware vs. Software firewall reliability Lart (Sep 11)
- Re: Hardware vs. Software firewall reliability Vin McLellan (Sep 09)
- RE: Hardware vs. Software firewall reliability Bill Stout (Sep 09)
- RE: Hardware vs. Software firewall reliability Ryan Russell (Sep 12)

(Thread continues...)