[tech.jk]

Hey everyone!
Just out of curiousity, do you think there would be a visible (or negligible) difference in internet speed if I used a hardware firewall as opposed to the router's inbuilt firewall?

So assuming that all switches/ports were Gigabit Ethernet compatible (including the firewall itself), would it be a better idea to turn off the router/modem's firewall and use the hardware firewall, or would it be best to just stick with the router firewall?

The reasoning behind this is that I'm not a big fan of Netgear... or their firewall system. After recent DDoS attacks (and IP address changes), I've decided to put a computer that was lying around to good use - Use it as a (Linux) firewall. iptables, here we come. - Yes, the Netgear router (CVG824G) has died a few times. Probably going to get upgraded to a NG CG3000, which uses (more or less) the same firewall system, I assume.

Thoughts?

[prunejuice]

A router firewall is essentially a hardware firewall.

[zx10guy]

I don't understand your reference to a DDoS attack. Are you saying your Netgear suffered a DDoS?

I think your issue with Netgear is more of an issue with a particular model as there are other Netgear routers which operate reliably.

As far as what constitutes a hardware firewall, it depends. Some firewalls have firmware specifically designed for firewall duties. Some firewalls add in better processors and ASICs designed for firewall duties.

[Couriant]

I think any software based firewall like you mentioned (other is smoothwall) you might have more control on the data traffic, but speeds should not be hindered unless you use 10Mbps NICs...

[tech.jk]

Quote:

Originally Posted by zx10guy

... Are you saying your Netgear suffered a DDoS?

Sort of. Unless my ISP was messing with me and restarted the router... I saw the thing restart right in front of my eyes...

But yeah - I'm basically wondering (once again, assuming that they're all Gigabit NICs, as I mentioned above) would there be a noticeable speed difference?

My idea was just to forward all the packets to the dedicated firewall, get the PC (essentially) to filter out the dodgy packets, as opposed to the modem/router having to deal with it, potentially slowing it down.

[zx10guy]

Quote:

Originally Posted by tech.jk

Sort of. Unless my ISP was messing with me and restarted the router... I saw the thing restart right in front of my eyes...

This doesn't mean you were a vicitim of a denial of service attack. There have been documented cases of some Netgear routers rebooting due to issues with the firmware or overheating. One such router was the WGT624v1.

Quote:

But yeah - I'm basically wondering (once again, assuming that they're all Gigabit NICs, as I mentioned above) would there be a noticeable speed difference?

My idea was just to forward all the packets to the dedicated firewall, get the PC (essentially) to filter out the dodgy packets, as opposed to the modem/router having to deal with it, potentially slowing it down.

Just because you put Gigabit interfaces onto a box to run as a firewall, does not mean the box will run at line rate. The Cisco ASA5520 does not run at full 1 Gig throughput. It runs more at around 440 Mbps. This firewall is about $5k and is a purpose built firewall appliance.

[tech.jk]

Interesting.
Well, thanks for that, zx10guy!

You know what really depresses me sometimes? The fact that people won't quite read your original post, assume something, then go on about other stuff.

I mean, what's the point of a tech support website when the people who normally respond first are more likely to well, treat you like an idiot regardless of context? You may as well have a generic response for every single question that is posed.