Correctly Defining Firewalls Types

I was reading a thread on a well known Windows mailing list and found that people were having a hard time communicating about firewalls, since some of the people participating in the conversation were using incorrect firewall terminology.

The problem was that one of newbs was asking about a “software” firewall and wanted to know what was the best “software” firewall. The problem with this question is that all firewalls are software firewalls. Without software, the hardware doesn’t know what to do and thus doesn’t work. So, in reality, all firewalls are software firewalls.

Some people refer to firewalls that have no hard disk as “hardware” firewalls, but even that definition is starting to wear thin. Many firewalls that were formerly considered to be “hardware” firewalls now have hard disks or solid state memory to hold their software. The term hardware firewall seems to be migrating toward something that is closer to “appliance” firewall, where the firewall appliance is actually a single purpose device, with an operating system that is dedicated to support that firewall server that runs on the core operating system.

A more accurate way to categorize firewalls is classify them as Network Firewalls or Host Firewalls.

Network Firewalls are designed to control network traffic for multiple hosts. Network Firewalls are inline devices that allow, deny, log and report on the traffic moving through them. Some Network Firewalls have their major strengths are sophisticated routers with some security built in (such as the Cisco PIX or ASA) and some Network Firewalls focus more on security than on sophisticated routing capabilities (such as the Microsoft ISA Firewall).

Host based firewalls are firewalls that are installed on the host operating system and are designed to protect the host that the host based firewall is installed on. The Windows XP and Windows Vista firewalls are examples of host based firewalls. Some popular radio hosts make the mistake of calling host based firewalls “software” firewalls, and this has caused a lot of network newbies problems if or when they enter the world of corporate IT.



Thomas W Shinder, M.D.

Email: [email protected]
MVP – Microsoft Firewalls (ISA)

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top