In my earlier Software based Security article, I mentioned that "firewalls" are intended to guard access to your computer in the same way that “cities of old” or ‘castles’ put up walls for protection. In simplest terms we are attempting to keep out unwanted intruders and all their little 'creepy' malware including viruses, worms, Trojans, and who knows what. We would also like to guard ourselves against all kinds of other 'junk' (like spam and phishing emails), perhaps regulate the websites we permit our employees to access, and maintain records of all the traffic we allow, or disallow.
While all of that sounds perhaps a little too good to be true for your personal computer or home network, it may well be essential to accomplish all of these tasks, and provide optimized security for your small, medium or even big business. Accordingly, many such businesses that view this level of 'security' essential turn away from network based software firewalls and rely on hardware firewalls to safeguard their systems. Most hardware based firewalls also rely on a 'software component', and some in fact now also make use of 'cloud connectivity' in order to 'check' and 'itemize' threats.
In a lot of ways you might compare a hardware firewall to a brick wall/fence as contrasted to a picket-fence representative of a software based firewall. That is not to say that software-based firewalls are not good, most are, it is just to say that a hardware firewall is 'more secure'. Like those cities or castles of old, the walls they built were solid stone (masonary) construction in order to withstand even the most rigorous of threats, so too is your hardware firewall.
So why doesn't everyone use a 'hardware firewall'? The answer is easy, "they aren't cheap!" Many of these systems meeting the needs of even moderate sized business networks can be in the hundreds if not thousands of dollars. It's hard enough to convince some small businesses to buy a $79 security software suite over the $49 antivirus software, how are you going to convince them to buy a $799 hardware firewall.
So here are five of the most common and consistently best ranked hardware based firewalls (in alphabetical order, without regard to any ranking). Be aware that 'model numbers' and 'product identifies' seem to change on many of these products every few months as they are steamlined, beefed-up with new features, simplified in terms of administrative requirements, or expand software connectivity/compliance.
Barracuda Firewall – The Barracuda X100 Firewall provides next-generation application control and identify functions in an easy-to-use solution just right for small to medium size businesses. It is optimized for bandwidth-sensitive tasks like packet forwarding and routing, it provide Layer 7 application control, Intrusion Prevention (IPS), DNS/DHCP services, and VPN connectivity. Additional feature modules can be integrated with the X100 to maximize this highly scalable architecture.
Dell SonicWall - The SonicWALL TZ 105 provides a secure Unified Threat Management (UTM) firewall for small offices and small business deployments. Unlike consumer-grade products, the TZ 105 delivers the proven, most effective intrusion prevention, anti-malware and content/URL filtering, along with the broad mobile platform support for laptops, smartphones and tablets. It provides full deep packet inspection (DPI) at very high performance levels, eliminating the network bottleneck that other products introduce, and enabling organizations to realize increased productivity gains.
Netgear ProSafe - The ProSafe FVS336G is an easy to install, easy to configure, and easy to manage network firewall for small to midsized businesses. It supports 25 VPN IPSec tunnels as well as 10 SSL VPN connections. The stateful packet inspection firewall provides admin pages about as simple as a firewall can be, with separate pages for LAN-WAN, DMZ-WAN and LAN_DMZ rules, and a single button to enable the application layer gateway (ALG) for internet phone traffic using SIP.
Palo Alto Networks – The PA-7050 firewall appliance is designed to provide network protection with throughputs of up to 120 Gbps for core firewall functionality and 100 Gbps with full threat prevention turned on. The firewall appliance is designed for businesses where 100 Gbps speeds are required due to the amount of data being processed. The PA-7050’s full application enablement includes Intrusion Prevention System (IPS), Anti-Virus (AV) and WildFire (virtual malware analysis) active on all traffic.
Sophos TotalProtect – The Sophos SG 105 TotalProtect is an excellent price-to-performance ratio for small businesses or branch offices. With Intel multi-core technology designed for best performance and efficiency in a small form factor equipped with 4 GbE copper ports built-in. FullGuard security features for the full set of intrusion prevention, anti-malware and content/URL filtering features.
Again, I am writing this article because I had questions about these, or similar products, as a result of my last articles on 'Computer Security'. I am not specifically recommending any of these products, nor am I even recommending a 'hardware firewall' for every business. I would say that if you frequently experience 'security violations' either from external or internal sources, and you have a large shop to protect and manage, you need to really consider if a hardware-based firewall might afford the best overall protection for your needs.