Firewall Wizards mailing list archives
Re: Hardware vs. Software firewall reliability
From: David Klann <dklann () berbee com>
Date: Wed, 08 Sep 1999 14:53:43 -0500
Hi Bill, I've been working with firewalls for a couple years now. Although I don't consider myself an expert, I do have a bit of experience -- primarily with the Cisco PIX. So my reply is biased in that direction. This is primarily anecdotal... I believe the hardware firewall does indeed incur a higher MTBF because of the lack of complexity. The integrated/embedded OS are getting more robust, the packet filtering is getting better, etc., etc. I prefer the hardware solution because there's nothing other than the firewall to configure. Specifically to answer your question about failover: the Cisco PIX includes failover capability. Stateful connections are not preserved when the backup assumes responsibility, but the next release of the OS claims to correct this. Failover is attained using a serial cable between the two devices (yes, it's limited to a single backup unit). The backup unit "pings" the primary and assumes the active state when it gets no response. Stateful connection preservation will be accomplished with a network connection between the primary and the backup. The backup maintains the state of connections by continually polling the primary via the network connection. My $.02 and a perspective on a future feature ... -David Klann
Current thread:
- Hardware vs. Software firewall reliability Bill Stout (Sep 07)
- Re: Hardware vs. Software firewall reliability Franck Veysset (Sep 08)
- RE: Hardware vs. Software firewall reliability Joe Ippolito (Sep 10)
- RE: Hardware vs. Software firewall reliability Jules Veloria (Sep 11)
- RE: Hardware vs. Software firewall reliability Aaron D. Turner (Sep 11)
- RE: Hardware vs. Software firewall reliability Joe Ippolito (Sep 10)
- Re: Hardware vs. Software firewall reliability Bill Pennington (Sep 08)
- Re: Hardware vs. Software firewall reliability Christopher C. Petro (Sep 18)
- Re: Hardware vs. Software firewall reliability David Klann (Sep 08)
- Re: Hardware vs. Software firewall reliability Josh Robb (Sep 08)
- <Possible follow-ups>
- Re: Hardware vs. Software firewall reliability Ryan Russell (Sep 08)
- Re: Hardware vs. Software firewall reliability Marcus J. Ranum (Sep 08)
- RE: Hardware vs. Software firewall reliability Lart (Sep 09)
- RE: Hardware vs. Software firewall reliability Lart (Sep 11)
- RE: Hardware vs. Software firewall reliability Lart (Sep 09)
- Re: Hardware vs. Software firewall reliability Vin McLellan (Sep 09)
- RE: Hardware vs. Software firewall reliability Bill Stout (Sep 09)
- RE: Hardware vs. Software firewall reliability Ryan Russell (Sep 12)
- Tripwire like perl program Siglite (Sep 14)
- RE: Hardware vs. Software firewall reliability dwelch (Sep 14)
(Thread continues...)
- Re: Hardware vs. Software firewall reliability Franck Veysset (Sep 08)