Firewall Wizards mailing list archives
Re: Hardware vs. Software firewall reliability
From: Franck Veysset <franck.veysset () cnet francetelecom fr>
Date: Wed, 08 Sep 1999 11:15:47 +0200
It depends what you mean by "Hardware Firewall"... Even products like Cisco Pix or "Lucent Managed Firewall" wich are supposed to be hardware, works on an Intel Pentium processor... So it is more or less a dedicated PC, wich runs a specific OS made for security and firewalling. (without the need of hard drive) Perhaps we can classified firewalls into 2 different categories those wich run on a normal OS (Solaris, NT...) and those running on a dedicated OS (like Inferno for LMF). When they use a specific OS, written specifically for a FW, they usually don't need hard drive, but they are mostly running on Intel or similar processors. About failover cable, they become less usefull : there are no moving pieces inside the fw, so the MTBF is much better. I know that it is possible to use a failover cable between 2 cisco Pix: when the first pix die, the second pix start working. I think there are similar failover systems for other "hardware" firewall. hope this help -Franck Bill Stout wrote:
I notice that more firewalls are of the hardware type. It seems that over time the hardware firewalls have become more robust, and with the minimal configuration involved, lack of mechanical devices (disks) and underlying OS to fiddle with, seem to have higher MTBF ratings than software firewalls. Seems that many on the list have predicted the rise of the hardware firewall and 'death' of the software firewall. What is the current feel of hardware vs. software firewalls? My specific interest is in protecting Internet service bureaus, with a limited set of published applications. Therefore outbound proxies are not as critical. BTW - Are there failover hardware firewalls available? Bill Stout Unresolved industry-wide date bugs: -- Incompatible Julian date formats and translation logic remain in 'Y2K ready' systems (enter 1/1/29 and 1/1/30 in Excel) MS=YYDDD, JDE=CYYDDD, Oracle=YYYYDDD, etc -- Think of the impact of dynamically changing OS date (Don't do this on a server). Open DOS window in 'Windows', type 'date /t', double-click clock on taskbar, browse date (don't apply), type 'date /t' in DOS window, cancel 'date/time properties' to restore.
-- _/_/_/_/ _/_/_/_/ CNET -- France Telecom _/_/_/_/ Franck Veysset, Internet/Intranet Security E-Mail : franck.veysset () francetelecom fr Phone +33 (0)1 45 29 55 08 , Fax +33 (0)1 45 29 65 19
Current thread:
- Hardware vs. Software firewall reliability Bill Stout (Sep 07)
- Re: Hardware vs. Software firewall reliability Franck Veysset (Sep 08)
- RE: Hardware vs. Software firewall reliability Joe Ippolito (Sep 10)
- RE: Hardware vs. Software firewall reliability Jules Veloria (Sep 11)
- RE: Hardware vs. Software firewall reliability Aaron D. Turner (Sep 11)
- RE: Hardware vs. Software firewall reliability Joe Ippolito (Sep 10)
- Re: Hardware vs. Software firewall reliability Bill Pennington (Sep 08)
- Re: Hardware vs. Software firewall reliability Christopher C. Petro (Sep 18)
- Re: Hardware vs. Software firewall reliability David Klann (Sep 08)
- Re: Hardware vs. Software firewall reliability Josh Robb (Sep 08)
- <Possible follow-ups>
- Re: Hardware vs. Software firewall reliability Ryan Russell (Sep 08)
- Re: Hardware vs. Software firewall reliability Marcus J. Ranum (Sep 08)
- RE: Hardware vs. Software firewall reliability Lart (Sep 09)
(Thread continues...)
- Re: Hardware vs. Software firewall reliability Franck Veysset (Sep 08)