Without getting into too much detail.. In general, and I'm not saying this is the case for ALL, hardware firewalls are not much more than glorified packet filters whereas many software firewalls include application level stateful inspection. The big difference is that packet filters operate at the transport level (ie- the tcp level) whereas application inspection happens at the application level (ie- http, ftp, smtp, etc). Then you have to consider the multitude of definitions that are out there for "firewall". Someones ACL router to them could be defined as their firewall.... I don't agree but that's just me. ----- Robert Bosch Corporation Technical Systems Analyst (RBNA/CSA1) Corporate Sales Reporting Systems 38000 Hills Tech Drive - Farmington Hills, MI 48331 - USA phone: 1 (248) 876-1164 fax: 1 (248) 876-6969 shawn.quillman@xxxxxxxxxxxx http://www.bosch.us <http://www.bosch.us/> _____ From: Alexandre Gauthier [mailto:gauthiera@xxxxxxxxxxxxxxxxx] Sent: Friday, September 30, 2005 3:56 PM To: [ISAserver.org Discussion List] Subject: [isalist] OT: Hardware vs. Software? http://www.ISAserver.org Hello. In an attempt to get a point of view from the "other" side, I would like to ask what is up with the constant loathing of Hardware firewalls over here? So I'd like you guys (especially Dr.Shinder, who is claiming high and loud to whoever wants to hear it that Software firewalls such as ISA are better than say, my Cisco PIX) to explain your point of view, so I can gather all sides, and make an opinion for myself, and then recommend the right thing to my clients. I would like to point out that I am using ISA as a back firewall at home, for thrills. (My home network classified as a small business one). I now just hope this will not turn into a heated debate and resort to childish name calling, but we are all adults able to debate a point here, are we not? ;) So what are the advantages and disadvantages of a hardware firewall vs. software firewall? Oh and now before someone points out that they're now more or less the same thing, I know - Cisco PIXes are running on AMD and Intel processors, x86 ones. They're plain PCs with a hardened OS on an embedded platform. I am saying "hardware" for the sake of knowing we are comparing something that runs on a box with network cards and something that runs on a 1U atop the H rack in the server room with no moving parts. Or that small metal box with cables plugged in. So no need to be anal/pedantic about these things. Now, do convince me. :-) ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: shawn.quillman@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx