Re: [fw-wiz] Comparisons between Router ACLs and Firewalls

• Previous message: Paul Robertson: "RE: [fw-wiz] Comparisons between Router ACLs and Firewalls"
• In reply to: sd2mcleo_at_engmail.uwaterloo.ca: "[fw-wiz] Comparisons between Router ACLs and Firewalls"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: sd2mcleo@engmail.uwaterloo.ca
Date: Sat, 03 Jan 2004 17:44:30 -0600

On Dec 17, 2003, at 6:30 PM, sd2mcleo@engmail.uwaterloo.ca wrote:
> I'm looking to compare the use of router ACLs versus firewalls in
> enforcing
> network security. If you could provide me with the pros and cons of
> using each...
>
> - Performance: what are the performance capabilities of each method
> and how does
> the throughput compare?

Some routers and switches have firewall features, and some firewalls
can route and switch. Then to define what is an ACL or a firewall rule
gets even harder.

Furthermore, you also need to differentiate between network equipment
that makes packet forwarding decisions in the software realm (like PIX
or Linux) versus ASIC implementation (like Cisco's 6500, 7600 series or
NetScreen stuff), and what that particular hardware and software
combination can handle. It's not a firewall vs. ACL question anymore.
  For some platforms, there is little correlation between CPU usage,
traffic throughput, and concurrent sessions/states. For some platforms
there is severely painful correlation.

The lines differentiating firewalls, routers, and switches will
probably continue to only get more blurred as these features'
implementations blend hardware and software solutions. I guess my
point is that for now you at least need to compare individual firewall
products against those of the same architecture (software or ASIC
based).

Dale

------------------------------------------------------------------------

----
Dale W. Carder			dwcarder@doit.wisc.edu
Network Engineer	University of Wisconsin at Madison
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Previous message: Paul Robertson: "RE: [fw-wiz] Comparisons between Router ACLs and Firewalls"
• In reply to: sd2mcleo_at_engmail.uwaterloo.ca: "[fw-wiz] Comparisons between Router ACLs and Firewalls"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages RE: Windows media player freeze ... antivirus program on it yet and I get streaming video just fine there. ... since the firewall and antivirus alter the processes of windows ... > compare the performance. ... >>> media player screen, i get a complete system hang. ... (microsoft.public.windowsmedia.player) Re: Windows media player freeze ... Go to the File menu and choose "Work Offline". ... Antivirus is scanning the files as you try to use ... >> most likely that or your firewall, ... >> compare the performance. ... (microsoft.public.windowsmedia.player) Re: SonicWALL vs. NetGear vs. LinkSys (Pricing/Functionality) ... and feature set as compared to SonicWALL is ... I am wondering if I spent too much ... >A SOHO Firewall from Sonic, NetScreen, WatchGuard, PIX, is not cheap, ... >> me understand how their units compare ... (comp.security.firewalls) Re: Hardare based firewall reviews ... Well for right now we don' really need the VPN but possibly upgrading to ... asking however is the names of the major companies so I can compare them ... >> the software firewall we have now. ... > your needs are concerned before you can narrow down which vendors offer ... (comp.security.firewalls) Re: Laptop (XP) cannot browse Internet ... >The info from ipconfig /all helped me to match the laptop settings to ... >the desktops. ... It was much easier to compare ... >I installed and then removed McAfee antivirus and firewall stuff a ... (microsoft.public.windowsxp.network_web)