A firewall monitors and filters incoming and outgoing network traffic based on security policy, allowing approved traffic in and denying all other traffic. Firewalls protect any network-connected device and can be deployed as a software firewall on hosts, as a hardware firewall on a separate network device, and as a virtual firewall in the private or public cloud.
Let’s take a look at how firewall software works, the benefits and differences between software and hardware firewalls, and which firewall is right for you.
The two main ways to deploy a firewall are as firewall software running as an application on a host or as a hardware firewall running on a dedicated network device. Firewall software is widely used on personal and company laptops running Windows, macOS, and other Unix-like operating systems.
Firewall software is also available in firewall distributions that can be deployed on dedicated hardware, but for this discussion, we differentiate a software firewall from a hardware firewall in terms of how the firewall is deployed, i.e. on-host vs as a dedicated network device.
In addition to Windows, macOS, and Linux software firewalls, firewalls can also be found embedded on IoT (Internet of Things) devices, especially those that are Linux based and use the iptables utility.
When firewall software is installed on a host, such as Windows, it can make granular network access decisions down to the application level. For instance, a web server application may be allowed to receive inbound connections on the standard TCP ports for HTTP traffic: ports 80 (HTTP) and 443 (HTTPS).
Only select services needed for normal network operations will be allowed through the firewall, and policy can be set based on profiles. For example, a domain profile may be for connections to an organization domain controller, a private profile for when connected at home, and a public profile for when connected to a public and unprotected network like Wi-Fi at the local coffee shop.
Security policy rules are typically pre-defined for each profile and can be customized if needed. By default, all outbound connections are allowed. Because of the number of devices, managing firewall software policy centrally will be difficult if this functionality isn’t included in the design of the product.
Software-based firewalls should have some common features, including:
Different deployment locations mean that the feature set is slightly different between software firewalls and hardware firewalls. Both have the same core firewall capabilities, but what they control differs slightly.
Hardware firewalls are deployed on the network, enabling them to provide network-level functionality, such as:
Software firewalls typically run on the host, providing them with certain capabilities, such as:
In comparison to hardware firewalls, software firewalls provide the following key benefits:
The choice between a software and hardware firewall should depend on what the firewall is intended to secure. If you have mobile or users who work from home, then firewall software is probably the right choice over a hardware firewall. On the other hand, if you have a remote site, then a hardware firewall that can be used as a perimeter gateway is a logical choice.
If you need to secure both remote users and remote sites but don’t need granular device-level access or granular site-level access control, then consider a third option: a firewall-as-a-service (FWaaS) deployed in a SASE (Secure Access Service Edge) model. If you need to secure private or public cloud infrastructure, then consider a cloud firewall.
Today’s modern Next-Generation Firewalls (NGFWs) provide you with a solution that fits any deployment choice. To learn more about how to select a firewall, check out this NGFW Buyer’s Guide. You’re also welcome to request a free demo to see the capabilities of Check Point NGFWs for yourself.