lee wrote:
> Is there anyone who could give me a comparison between the hardware firewall and
>software
> Firewall(such as Checkpoint)?
<rant mode on>
Hmm let's see now.
- Purchase "Firewall-1" and you get a "software" firewall
that you get to install on your own hardware.
- Purchase a unit in the Nokia IP series and you get
a "hardware" firewall that you "plug and play".
But, SURPRISE! It's running Firewall-1!
The only real difference is that the software is
pre-installed in the unit!
That should pretty much tell you the difference between
"hardware" and "software" firewalls. Nearly ALL "hardware"
firewalls are pre-packaged "software" firewalls.
Apparently there are one or two "real" hardware firewalls
out there, one comes to mind that claims to run on custom
designed ASICs.
I don't really see the benefit of running on ASICs other
than speed however, since upgrading, by definition, would
mean that you have to send the box away to be replaced, neh?
If someone claims to sell a "hardware" firewall, but lets
you upgrade it "at home", it's just a pre-packaged "software"
firewall.
Anyway, generally speaking:
"software" firewall benefits:
- You get to pick your own hardware based on what you need
- You can easily upgrade your own hardware if you need
more RAM, faster CPU, more NICs, etc etc.
"software" firewall drawbacks:
- Usually take a while to install, if based on a large clunky OS
rather than being self-contained. (In the latter case, they're
usually really fast to install, next to no difference from
a "hardware" firewall)
"hardware" firewall benefits:
- Faster to install since the software is pre-installed
(unless you're buying a firewall for real security as opposed
to "the feeling of security", in which case the time of
redesigning your network and implementing a real policy would
far outweigh the time the actual installation takes)
- You can mostly count on the hardware to be compatible
with the software. Usually. :-)
"hardware" firewall drawbacks:
- If the hardware breaks, you can't replace it yourself
with your own spare computers. Call for a repairman or
send the box in to be replaced. Support contracts may
help here, i.e. "new box within 24 hrs guaranteed".
- Usually, you can't upgrade the hardware yourself.
A few vendors let you plug in your own NICs however.
<rant mode off>
I hope this serves to clear up a few misconceptions :-)
/Mike
--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 �RNSK�LDSVIK
Phone: +46 (0)660 29 92 00 Direct: +46 (0)660 29 92 05
Mobile: +46 (0)70 66 77 636 Fax: +46 (0)660 122 50
WWW: http://www.enternet.se/ E-mail: [EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
