Categories
Welcome Center
Education & Development
Discussions
Certification Preparation
Recent Posts
Groups
Free Resources
Ebooks
Free Workshops
Trending Certifications Infographic
Infosec Training
IT & Security Training
Live Boot Camps
Security Awareness Training
About Infosec Institute
Home
Discussions
Off Topic
General Discussion Regarding difference between Firewall and Router
vishaw1986
Friends what according to you is the differences between router and firewalls . Except one i.e WIC card which we can only use in router not firewall.
Excepting Good replies.
Find more posts tagged with
Save $250 on 2025 certification boot camps from Infosec!
Book now with code EOY2025
Button
Comments
jamesp1983
Firewalls are stateful by default...
al3kt.R***
1. How about different S/W intelligence and complexity?
Firewalls' S/W is scoped at securing communications between network objects at same or different trust levels, while routers' S/W main concern is routing/forwarding data between network objects.
You will surely see router functionality in modern firewalls and firewall functionality in modern routers, but the code running on them will be inevitably biased towards the primary function it's required to carry out.
2. How about different H/W implementations (systemboard, number and type (media-type, LAN/WAN) of interfaces, memory etc) for the exact above reasons?
These differences affect prices too
One can nowadays easily acknowledge the convergence/combination/exchange of functions and even hardware especially between secure gateway routers and NAT firewalls.
it_consultant
Generally I say a thing is a firewall when it can (and does) NAT. All firewalls are routers by definition, but not every router can be a firewall. Not every router can NAT or do packet inspection. However, its getting harder and harder to find routers that only route. Hell, Avaya phone switches have a firewall/router built in to them.
DevilWAH
A router by definition is a device that switches packets based on the destination IP (layer 3) to pas them between seperate networks, this is routing
A Switch is a device that switch frames based on there MAC address or other Layer 2 protocol (this is Switching)
A fire wall inspects data travailing through it and compares it to defined rules against which it allows or drops the traffic.
As people have said there are few devices that only do a single task these days. Layer three switches combine the function of a switch and router, and again firewall generally have routing enabled (but this ides not have to be so as in the case of a transparent firewall)
Now most devices are designed for one of the task and optomised to carry this out. For example Switches use ASIC's to enable very fast switching in hardware, at the expense being able to carry out complex routing. as you move up though routing and in to fire wall the traffic manipulation become more complex and configurable, moves more in to hardware and requires more powerful hardware to move the same amount of data.
But is its the case that a basic home firewall, is a less powerful firewall than that built in to a mid range CISCO router with the right IOS installed. But there is not clear line, starting from a hub right through routers, and firewalls to a full data center domain network there are devices designed to deal with every network traffic flow possible.
As has been said before, what a device is called is in many cases down to what its main function is, not what functions it is able to carry out.
Zartanasaurus
I like Greg Ferro's
definition
.
vishaw1986
Thanks for giving good replies .....
But as per me Router itself is a firewall . As per firewall definition only permit or deny an unauthorized access to and from a network . Router is well capable of doing this . But as the security threats increases day by day , then comes the idea of dedicated firewalls with stateful inspection of the packets .
But now a days we have very good replacement of the Dedicated hardware firewall for the small network - IOS firewall and Zone based policy firewall . With these we can do what a dedicated firewall will do like Statefull inspection and fail-over (active/active , active/standby) , IPS is there with full functionality of upgrading the signatures , authentication proxy is there , port maping is there and lot more . With zone based policy firewall we can create multiple zone and apply the policy per zone basis . Inspection policy for single zone pai is independent of the policy applied for the second zone pair . with this we have the capability of the Stateful fail-over of the multiple session with minimum downtime .
DevilWAH
By default a router permits traffic. If two interfaces are reconfigured it will route the traffic. With out any policing.
A fire wall works the other way around. Deny all by default and you have to chose to allow.
Yes an ACL.on a router is a fire wall. But this is an addition to routing not default behaviour.
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
INFOSEC Boot Camps
$250
OFF
Use code
EOY2025
to receive $250 off your 2025 certification boot camp!
BROWSE BOOT CAMPS
