Firewall Wizards mailing list archives
Re: Hardware vs. Software firewall reliability
From: "Ryan Russell" <Ryan.Russell () sybase com>
Date: Tue, 7 Sep 1999 23:03:24 -0700
I notice that more firewalls are of the hardware type. It seems that over time the hardware firewalls have become more robust, and with the minimal configuration involved, lack of mechanical devices (disks)
Hardware with no disks, flash RAM, redundent hot swapable fans, power supplies, and interface modules make network guys like me happy.
and underlying OS to fiddle with,
They've all got an underlying OS, i.e. Something I Can Misconfigure (tm). The closest to "no OS" are routers and the PIX firewall. I think the bulk of the "hardware" firewalls run a linux or *bsd variant.
seem to have higher MTBF ratings than software firewalls.
The kind of MTBF you're referring to is strictly hardware dependent. Meaning, you can slap together your own hardware set for your "software" firewall and get the same result.
Seems that many on the list have predicted the rise of the hardware firewall and 'death' of the software firewall.
There are lots of advantages to HW firewalls. The are disadvantages, too. I think the advantages match well with what sells firewalls, so yes they will probably increase in marketshare. Don't forget as well that you can probably get your favorite "software" FW all bundled up as a HW package. I just bought several Nokia firewalls (running Firewall-1) to replace my Solaris/Sparc boxes running Firewall-1.
My specific interest is in protecting Internet service bureaus, with a limited set of published applications. Therefore outbound proxies are not as critical.
The software feature set is about the same. It's a packaging thing.
BTW - Are there failover hardware firewalls available?
The Nokias will do that. I'm sure lots of others will, too. Ryan
Current thread:
- Hardware vs. Software firewall reliability Bill Stout (Sep 07)
- Re: Hardware vs. Software firewall reliability Franck Veysset (Sep 08)
- RE: Hardware vs. Software firewall reliability Joe Ippolito (Sep 10)
- RE: Hardware vs. Software firewall reliability Jules Veloria (Sep 11)
- RE: Hardware vs. Software firewall reliability Aaron D. Turner (Sep 11)
- RE: Hardware vs. Software firewall reliability Joe Ippolito (Sep 10)
- Re: Hardware vs. Software firewall reliability Bill Pennington (Sep 08)
- Re: Hardware vs. Software firewall reliability Christopher C. Petro (Sep 18)
- Re: Hardware vs. Software firewall reliability David Klann (Sep 08)
- Re: Hardware vs. Software firewall reliability Josh Robb (Sep 08)
- <Possible follow-ups>
- Re: Hardware vs. Software firewall reliability Ryan Russell (Sep 08)
- Re: Hardware vs. Software firewall reliability Marcus J. Ranum (Sep 08)
- RE: Hardware vs. Software firewall reliability Lart (Sep 09)
- RE: Hardware vs. Software firewall reliability Lart (Sep 11)
- RE: Hardware vs. Software firewall reliability Lart (Sep 09)
- Re: Hardware vs. Software firewall reliability Vin McLellan (Sep 09)
- RE: Hardware vs. Software firewall reliability Bill Stout (Sep 09)
- RE: Hardware vs. Software firewall reliability Ryan Russell (Sep 12)
- Tripwire like perl program Siglite (Sep 14)
- RE: Hardware vs. Software firewall reliability dwelch (Sep 14)
- RE: Hardware vs. Software firewall reliability Joe Ippolito (Sep 14)
- RE: Hardware vs. Software firewall reliability Bill Stout (Sep 14)
(Thread continues...)
- Re: Hardware vs. Software firewall reliability Franck Veysset (Sep 08)