We’ve already talked about the features and relative advantages of software vs hardware firewalls here. Now, let’s talk about what to look for in a small firewall. Let’s assume you’re a small organization, maybe even a single family that just wants an extra measure of protection for you home network.
Of course, there are three major kinds of firewalls; software, hardware, and cloud firewalls.
Software firewalls (Sophos, Check Point)
First, software firewalls are most often installed on personal computers or computers with light network use. They will block known malware, trojans, viruses, and other dangerous activity.
Unfortunately, data packets are allowed to pass through your network switch and router before the software can scan it. By that time, malicious software could already be on your hard drive. As a result, software firewalls are not ideal for a company with a lot of sensitive data.
Hardware firewalls live behind your router. So, they are in a position to scan every single data packet coming from the Internet. They use intelligent functions to detect unknown viruses and malware by analyzing huge datasets and identifying irregular activity.
Hardware firewalls are “turn-key” solutions with pre-installed software. Once set up, can provide 24/7 protection. For an SMB on a budget, a high-performance network firewall can meet your demands.
A drawback with hardware firewalls are that they need to be repeatedly updated. And if you want higher bandwidth, you’ll have to pay for new systems and installation.
Cloud firewalls are sort of a hybrid between software and hardware with the added benefit of low-cost maintenance.
Hardware is installed on your network, but the firewall itself is managed remotely by the cyber security pros of your vendor. All of your updates are taken care of automatically. And, you can scale your systems to suit your needs easily enough.
If you can’t afford on-site maintenance and mostly work with remote employees, a cloud firewall should provide all the protection you’ll need.
What features should I look for?
Most firewall devices feature VPN functionality. There are many protocols and types, but Remote access and Site-To-site VPNs are essential.
Remote Access VPN
As it names implies, it can be accessed remotely, and helps establish secure connections with the remote network. In other words, it’s a VPN server which lets you access your home network from anywhere.
This is different from remote access. When two LANs are connected by an encrypted tunnel over the internet, that’s Site-to-Site VPN. There are two types of Site-to-Site VPNs – Intranet based and Extranet based.
Advanced Web Filtering
This feature lets you filter content such as offensive websites, emails, keywords, various types of files, IP addresses, and so on. A web filter also blocks and excludes certain content like aggressive advertising, pornographic content and viruses like malware, spyware, and trojans.
Stateful Packet Inspection is also called “dynamic packet filtering.” Unlike static packet filtering, it tracks and checks the data of the packets, not just the header. It also monitors the connection’s state.
If you’ve ever forced yourself to read a typical firewall manufacturer datasheet, you may have noticed there’s about 89 different kinds of ‘throughput.’ Okay, that’s an exaggeration. The different kinds of throughput relate to how fast the firewall operates with various other features running wide open. With things like antimalware turned on, your firewalls ‘pipe’ can become bottlenecked with too much to do, slowing things down. It just depends on how many different security bells and whistles you want to have running at once.
As a general rule of thumb, you want legitimate 1 gigabit throughput per port.
And, while this list is not exhaustive, hopefully it will at least get you started understanding the basic terminologies and features to keep an eye out for in a good, smb firewall. There are so many excellent manufacturers, like Fortinet, Sophos, Check Point, and so on, that it’s tough to go wrong when you do just a little research. Of course, Corporate Armor is always ready to help out in whatever way we can, so just email us or call 877-449-0458. Thanks for reading!
Features of a good small firewall
Remote Access VPN
1 GB Throughput per port
Advanced Web Filtering