I've searched around and seems there are varying opinions about this. I've been bouncing around the configuration of our next server. We'll be running Redhat Enterprise 3.0 with Cpanel on the system...Additionally, we'll be ordering the Floodguard protection.
With that said, what would be the recommended firewall solution for this. Is it worth it to spend the $50.00/mo. on the hardware firewall...or will APF be sufficient. Its even come up to run both of them.
If I don't get the hardware, that $50 would go into the server management plan.
So, what would you folks recommend. Hardware only, Software Only (and spend savings on management) or both Hardware/Software?
Full Version: Software vs Hardware Firewall
Generally speaking a hardware firewall would allow the firewall tasks to be off-loaded to a dedicated hardware and you will feel the difference when you have either a lot of rulesets or when you are expecting a lot of traffic as each of the external access would be evaluated.
So if you have tons of traffic, you will feel a slowdown with a software firewall as compared to a hardware version. Being software, there is a probably that the firewall software can be compromised.
Thus in my opinion if you can afford it, the hardware firewall would be a better choice but failing which, the software version would give you some level of protection.
So if you have tons of traffic, you will feel a slowdown with a software firewall as compared to a hardware version. Being software, there is a probably that the firewall software can be compromised.
Thus in my opinion if you can afford it, the hardware firewall would be a better choice but failing which, the software version would give you some level of protection.
Eddy....Thanks for the reply. I had been debating it. Wasn't sure if that $50 was better spend towards management. I will probably end up with the hardware firewall as it does give a little more peace of mind.
If u have the hardware firewall... theres no need for apf right?
QUOTE (damainman)
If u have the hardware firewall... theres no need for apf right?
Well, that would usually be the case.
If you have both doing the same thing, you probably be negate the purpose of a hardware firewall in the first place.
The purpose is to off-load functions to the hardware firewall and not to duplicate it. I believe that the Snapgear firewall which SM is offering does what APF does and way more.
If you colo, I would say buy a firewall card (one with remote capibilities) for your box. If you rent a box, get a software bugger. For some odd reason SM only provide hardware firewalls with NO remote capibilities..... means slow response time when something is really needing to be done 
In the firewall forum they say that your not only paying for the use of the card, but for the admin support to.... I bet you anything if they start offering firewall cards w/ remote administration, the price woud go down....
In the firewall forum they say that your not only paying for the use of the card, but for the admin support to.... I bet you anything if they start offering firewall cards w/ remote administration, the price woud go down....
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.