Do I really need a hardware firewall?

What is the best firewall hardware for home?

There are lots of firewalls out there and the market is huge, but which one is the best?

With lots of options to choose from you may be wondering what the best one for your home network is. This article will go into all the options available and hopefully will help you decide what's best for you. It's written with the non-tech type in mind, so you're reading this with your eyes not your CPU-like brain. We'll assume you have a basic knowledge of networking and router functions and how a firewall works.

Most firewalls will work fine as standard routers if that's all they need to do. The most likely scenario is that you also need an access point too, if you do you'll most likely also need two different routers, one for the Internet and one for the LAN. We won't go through the ins and outs of every single piece of hardware here, but will look at the main features to decide on the best option for you.

A good firewall has multiple reasons to exist: You need to protect your Internet connection (ISPs) against hackers. You want to stop traffic from the internet (web browsing, viruses, etc) passing through your LAN (your house, perhaps even your smartphone or iPad). You want to allow certain activities into your LAN. You want to make certain ports on your LAN useful for a particular service that's useful for your network. You want some form of "autonomous security" so you don't have to sit there watching traffic constantly. That would drive most of us crazy after a while! If you want only a little more you could go a bit cheaper with one of the lower tier firewalls. At the end of the day you're going to have to buy hardware first and then install the software and configure it. Let's talk about the most popular hardware now. In the past a lot of companies have sold products from a variety of manufacturers under a range of brand names at all price points. In the end the features don't change that much though so it all ends up the same.

Do I really need a hardware firewall?

Should I be using something else than the built in firewall on my NAS as my server is already behind a NATed router, and my desktop can access my NAS with its internet IP.

If so what is a good firewall for a NAS, preferably one that allows P2P? Generally speaking: NO. You should not install a firewall on your NAS unless you need to block an outbound port on your NAS or you need to control the firewall.

If you need an outbound firewall on your NAS you probably need to use PFsense which is open-source software. Your NAS might still be vulnerable to attacks from the internet but for a NAS you're talking about a really tiny attack surface. And if you need to control the firewall from the outside you could just use the existing firewall on your router for the job. You could also use a NAS with PFsense installed on it but that's an entire other can of worms. Your desktop is already running a firewall. The built in firewall on my NAS is pretty crappy though it does block incoming UDP, TCP, and ICMP traffic on ports 80 (http), 443 (https), 53 (DNS) and 23 (ssh). But in most cases it doesn't actually do anything.

I've setup a couple of things where the built in firewall of the NAS was sufficient. It can also depend on the NAS. For example the Cisco 6500 has both a built in firewall AND a physical button you can push to set it to firewall on/off. While the ASUS C200P has a single "firewall" icon that changes settings related to the built in firewall. I guess it depends on the model.

What is a hardware firewall?

An application firewall is a tool that tries to protect a system from malware.

It works by comparing incoming and outgoing network traffic against a database of signatures or rules. The firewall makes a decision whether to allow or block a packet. Typically the firewall is not aware of the content of the packet, but only whether it matches a rule.

A hardware firewall works on the same principle. It looks at incoming traffic on an interface and compares it to a list of rules. But it's not software that can be changed easily: you have to replace the entire hardware device.

How does a hardware firewall work? The hardware firewall is a network appliance. It runs on a piece of networking equipment like a router or switch. This piece of networking equipment is in front of the application layer of your network and protects it from the rest of the network.

The hardware firewall uses specific hardware features like a network interface (called physical network interface) and a set of physical ports (called forwarding ports) to examine incoming packets. A network interface is a hardware component that connects a computer with a network. Each network interface can be considered as a physical port of a network appliance. For example, Intel NUC is a computer equipped with one network interface that can be considered as a physical network port for the appliance.

Ports. The forwarding ports in a network appliance are used for sending traffic to the outside of the network. The ports should be connected to other devices that send or receive traffic. Ports can be either blocking or forwarding.

A forwarding port forwards traffic to an external destination. A blocking port lets traffic go through only if the traffic matches a rule.

Figure 1. Port Types Protection Layer. The protection layer is where the hardware firewall decides whether to allow or block the traffic. Figure 2. The Protection Layer - General. At the hardware level, the filtering process takes place in two stages. The first stage of processing is the network interface and the second stage is the forwarding port.

Figure 3. Network Interface and Forwarding Port The network interface examines the packets that pass through it. A network interface is a hardware component that is typically attached to the LAN port of a computer.