FAQ 

What does a firewall do? 

 

A firewall inspects network traffic entering and or leaving your network.  It can compare the data against a policy that you have created to allow or deny network access to resources.  

 

Why is there a vast difference in price from one firewall to another? 

 

Some firewalls offer more services than others, meaning they can do more than just filtering, and some firewalls are faster than others.  When you are pricing up your firewall you need to consider a few factors: 

  1. 1) How much bandwidth do you have and how many connections are going to be passing through the firewall.  The firewall will have a finite amount of resources to process packets.  More expensive usually means more resources or faster processing of network traffic.  Expensive firewalls have special processor chips that handle very specific packet inspection – these firewalls will be much faster than firewalls that process packets in software.
  2. 2) Do you want the firewall to do more than just filter packets?  You may pay a lot more for a firewall with Universal Threat Management (UTM) software that will be more proactive, not just filtering, but identifying threats.  This software will almost always include an ongoing subscription fee to keep the threat database current.  Some firewalls are capable of providing other services such as the following: 
    1. Application identification
    2. Quality of Service
    3. Anti-virus
    4. Network Leak Prevention
    5. Anti-spam or Spam filtering
    6. Anti-Spyware or Spyware detection
    7. Intrusion detection or Intrusion prevention services

What about VPN?

 

Most firewalls can be used as Virtual Private Network endpoints allowing you to connect into your network from a remote site on the Internet, from home or from remote offices.  When you use a VPN your computer (client) encrypts the data before sending over the network.  When the data stream arrives at the VPN endpoint (firewall) the firewall needs to decrypt the data; this is process intensive and may require a more expensive / faster firewall if you are going to have more than a couple of VPN users at once.

 

A note about VPN and bandwidth: If you have a 1 Mb (1024 bits per second) Internet connection into your office and someone using VPN from home has an upstream bandwidth of 512 bits per second… they could hog half of the Internet connection for your whole office!  If you are planning a VPN think about how you can control the allocation of bandwidth so that everyone has a workable solution.  Perhaps split the connectivity into two physical ‘pipes’ from your bandwidth supplier.

What is an SSL VPN?

 

First the benefit; they allow you to use your normal browser as a VPN client instead of needing an extra client side application.  This is pretty useful if you have multiple desktop operating systems (Linux, Mac OSX, Windows) because they all have browsers already installed.  No need to install any extra software. 

Secure Socket Layer (SSL) VPN uses encryption to ‘tunnel’ the connection through your browser via an Internet connection back to your SSL VPN endpoint.  This will allow you to access files and other network resources from your office, over the Internet, via a secure connection.  Some firewalls can act as SSL VPN endpoints.  Be aware that this is somewhat new technology and that there may be some limitations with the SSL VPN compared to the IPSEC (normal) VPN.

 
 
 
© Copyright 9IRONS 2008 - All rights reserved.
Designed by Firefly Graphic Studio