Can we have Router + Firewall on the same device?

October 19, 2012 at 11:21:17
Specs: N/A
Dear Members of the community,

Can anybody advice if there is a Network product which does "Routering" and "Firewalling" functionality at the same time?

If there is then what are the advantages and dissadvantages against using a Router only device connected to a Hardware Firewall only device.


See More: Can we have Router + Firewall on the same device?

Report •

#1
October 19, 2012 at 11:26:59
A firewall is a router. It is decision making making router, whether to allow or drop specific types of data packets, but it is still a router.
I expand a little bit more. A router will forward traffic to an interface providing it knows he interface to forward it to. A firewall will only forward it to an interface if 1) it knows the inteface to forward it to and 2) the rule allows the packet to be forwarded to this interface or it will drop the packet. so a firewall is a router but can make decisions to forward traffic according to rules. If you allow all traffic from one interface to another and it knows which inteface to send the traffic then it is acting like a router instrwad of a firewall.

Report •

#2
October 19, 2012 at 12:11:56
A firewall is a router.

I'm not sure I'd agree entirely with the above statement. While there may be some similarity in how they do things, a firewall and a router are not exactly the same.

Also, take into consideration the fact that there are many firewall devices out that that cannot do routing and conversely, may routers that don't do firewalling.

Your typical SOHO Router does both by design. Most enterprise level equipment does one or the other.

If there is then what are the advantages and dissadvantages against using a Router only device connected to a Hardware Firewall only device.

You don't use a router when you require a firewall and you don't use a firewall when you require a router. Just like you don't reach for a hammer when you really need a box end wrench or vice versa. Both are tools with a very specific use. I recommend you go lookup what a firewall is and what a router is, what they're used for and that would easily answer any questions you have on the subject of what to use, when, and where.

It matters not how straight the gate,
How charged with punishments the scroll,
I am the master of my fate;
I am the captain of my soul.

***William Henley***


Report •

#3
October 19, 2012 at 18:42:39
Dear all
Thank you for your reply.

Here is the thing:

1.) You have 30 Private Neworks which are segrated into 3 Network Domains each one of them having 10 of those Private Networks.

2.) Each Domain has a router which interconnect all the 10 networks belonging to that Domain.

3.) Now you want to securely connect these three domains so there is a Firewall to which the uplink of each domain router is connected to.

So under this scenario we have one Firewall connecting 3 routers and each router connecting 10 networks together.

I was thinking to get rid of the "Routers" and just connect all 30 Networks Directly to the Firewall but I do have the following concerns:

1) Can a Firewall work properly as a router between private network domains?

2) Nowadays what's the maximum number of ports (Network Interfaces) a firewall can support?. The number of networks on each domain will growth so at some point I may run out of spare ports on the Firewall.

3) While using the firewall in combination with the routers I think loading will get more balanced since the firewall only needs to deal with trafic across Domains while the Routers will handle all the trafic internal to the domains + the inbound/outbout trafic associated with that domain only.
So Firewall resource loading is another issue I would need to address if I remove the routers don't you think?.

If you have any comments or feedback on the above 3 concerns I will much appreciate it. (or perhaps a new design concept)

Thank you.


Report •

Related Solutions

#4
October 20, 2012 at 16:08:11
Your question #3 has already posted here:
http://www.computing.net/answers/ne...

Double posting is against forum rules so one or other will probably get pulled.


Report •

#5
October 20, 2012 at 20:13:33
I didn't respond a second time because this appears to be yet another poorly written homework question with an unrealistic scenario and no clear purpose.

Just for the record, we don't do other peoples homework.

It matters not how straight the gate,
How charged with punishments the scroll,
I am the master of my fate;
I am the captain of my soul.

***William Henley***


Report •

#6
October 21, 2012 at 07:27:10
Yep, we can assist with points of technical detail to assist you on the way to producing an answer. You can also use Google in the same way.

Just posting the homework question then expecting it done for you means you learn next to nothing. That's not what you would be expected to do.

Always pop back and let us know the outcome - thanks


Report •

Ask Question