Options
General Discussion Regarding difference between Firewall and Router
vishaw1986
Member Posts: 40 ■■□□□□□□□□
in Off-Topic
Friends what according to you is the differences between router and firewalls . Except one i.e WIC card which we can only use in router not firewall.
Excepting Good replies.
Excepting Good replies.
Comments
-
Options
jamesp1983
Member Posts: 2,475 ■■■■□□□□□□
Firewalls are stateful by default..."Check both the destination and return path when a route fails." "Switches create a network. Routers connect networks." -
Options
al3kt.R***
Member Posts: 118
1. How about different S/W intelligence and complexity?
Firewalls' S/W is scoped at securing communications between network objects at same or different trust levels, while routers' S/W main concern is routing/forwarding data between network objects.
You will surely see router functionality in modern firewalls and firewall functionality in modern routers, but the code running on them will be inevitably biased towards the primary function it's required to carry out.
2. How about different H/W implementations (systemboard, number and type (media-type, LAN/WAN) of interfaces, memory etc) for the exact above reasons?
These differences affect prices too
One can nowadays easily acknowledge the convergence/combination/exchange of functions and even hardware especially between secure gateway routers and NAT firewalls."Tigranes: Good heavens! Mardonius, what kind of men have brought us to fight against? Men who do not compete for possessions, but for honour."--- Herodotus, The Histories
"Nipson anomemata me monan opsin"--- Gregory of Nazianzus
"Bruce Schneier's secure handshake is so strong, you won't be able to exchange keys with anyone else for days."--- Bruce Schneier Facts -
Optionsit_consultant
Member Posts: 1,903
Generally I say a thing is a firewall when it can (and does) NAT. All firewalls are routers by definition, but not every router can be a firewall. Not every router can NAT or do packet inspection. However, its getting harder and harder to find routers that only route. Hell, Avaya phone switches have a firewall/router built in to them.
-
Options
DevilWAH
Member Posts: 2,997 ■■■■■■■■□□
A router by definition is a device that switches packets based on the destination IP (layer 3) to pas them between seperate networks, this is routing
A Switch is a device that switch frames based on there MAC address or other Layer 2 protocol (this is Switching)
A fire wall inspects data travailing through it and compares it to defined rules against which it allows or drops the traffic.
As people have said there are few devices that only do a single task these days. Layer three switches combine the function of a switch and router, and again firewall generally have routing enabled (but this ides not have to be so as in the case of a transparent firewall)
Now most devices are designed for one of the task and optomised to carry this out. For example Switches use ASIC's to enable very fast switching in hardware, at the expense being able to carry out complex routing. as you move up though routing and in to fire wall the traffic manipulation become more complex and configurable, moves more in to hardware and requires more powerful hardware to move the same amount of data.
But is its the case that a basic home firewall, is a less powerful firewall than that built in to a mid range CISCO router with the right IOS installed. But there is not clear line, starting from a hub right through routers, and firewalls to a full data center domain network there are devices designed to deal with every network traffic flow possible.
As has been said before, what a device is called is in many cases down to what its main function is, not what functions it is able to carry out.- If you can't explain it simply, you don't understand it well enough. Albert Einstein
- An arrow can only be shot by pulling it backward. So when life is dragging you back with difficulties. It means that its going to launch you into something great. So just focus and keep aiming.
Linkin Profile - Blog: http://Devilwah.com -
Options
Zartanasaurus
Member Posts: 2,008 ■■■■■■■■■□
I like Greg Ferro's definition.
Currently reading:
IPSec VPN Design 44%
Mastering VMWare vSphere 5 42.8% -
Optionsvishaw1986
Member Posts: 40 ■■□□□□□□□□
Thanks for giving good replies .....
But as per me Router itself is a firewall . As per firewall definition only permit or deny an unauthorized access to and from a network . Router is well capable of doing this . But as the security threats increases day by day , then comes the idea of dedicated firewalls with stateful inspection of the packets .
But now a days we have very good replacement of the Dedicated hardware firewall for the small network - IOS firewall and Zone based policy firewall . With these we can do what a dedicated firewall will do like Statefull inspection and fail-over (active/active , active/standby) , IPS is there with full functionality of upgrading the signatures , authentication proxy is there , port maping is there and lot more . With zone based policy firewall we can create multiple zone and apply the policy per zone basis . Inspection policy for single zone pai is independent of the policy applied for the second zone pair . with this we have the capability of the Stateful fail-over of the multiple session with minimum downtime . -
OptionsDevilWAH
Member Posts: 2,997 ■■■■■■■■□□
By default a router permits traffic. If two interfaces are reconfigured it will route the traffic. With out any policing.
A fire wall works the other way around. Deny all by default and you have to chose to allow.
Yes an ACL.on a router is a fire wall. But this is an addition to routing not default behaviour.- If you can't explain it simply, you don't understand it well enough. Albert Einstein
- An arrow can only be shot by pulling it backward. So when life is dragging you back with difficulties. It means that its going to launch you into something great. So just focus and keep aiming.
Linkin Profile - Blog: http://Devilwah.com
