Comparison of firewalls
Encyclopedia
The following tables compare different aspects of a number of firewalls, starting from simple home firewalls up to the most sophisticated Enterprise firewalls.
)
NOTE: Features will be marked as "yes", even if it's separate module that comes with the platform, on which firewall sits.
IDS: real-time firewall that logs/sniffs/blocks suspicious connections, that are not part of rule-set.
VPN (Virtual Private Network) Types are: PPTP, L2TP, MPLS, IPsec, SSL/SSH.
Profile selection: The user is enable to switch fast between firewall settings for at work, home or in public places.
Firewall software
Generally, all firewalls are software-based, and there is no such thing as a purely hardware-only firewall. Embedded firewalls are simply very limited-capability programs running on a low-power CPU, and this software can be upgraded or replaced if someone has sufficient skill and resources to do so. (See OpenWrtOpenWrt
OpenWrt is a Linux distribution primarily targeted at routing on embedded devices. It comprises a set of about 2000 software packages, installed and uninstalled via the opkg package management system. OpenWrt can be configured using the command-line interface of BusyBox ash, or the web interface...
)
| Firewall | License | Cost / usage limits | OS Operating system An operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system... |
|---|---|---|---|
| Cisco IOS Cisco IOS Cisco IOS is the software used on the vast majority of Cisco Systems routers and current Cisco network switches... |
Proprietary Proprietary software Proprietary software is computer software licensed under exclusive legal right of the copyright holder. The licensee is given the right to use the software under certain conditions, while restricted from other uses, such as modification, further distribution, or reverse engineering.Complementary... |
Included on all Cisco switches and routers |
Proprietary, runs only on Cisco hardware |
| Comodo Internet Security Comodo Internet Security Comodo Internet Security , developed by Comodo Group, is an Internet security suite available for Microsoft Windows. It offers anti-malware protection, a personal firewall, a sandbox and a Host-based Intrusion Prevention System called Defense+.-Editions:Comodo Internet Security is available in... |
Freeware Freeware Freeware is computer software that is available for use at no cost or for an optional fee, but usually with one or more restricted usage rights. Freeware is in contrast to commercial software, which is typically sold for profit, but might be distributed for a business or commercial purpose in the... |
? | Windows Microsoft Windows Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal... |
| Core Force | Apache License Apache License The Apache License is a copyfree free software license authored by the Apache Software Foundation . The Apache License requires preservation of the copyright notice and disclaimer.... Open Source Open source The term open source describes practices in production and development that promote access to the end product's source materials. Some consider open source a philosophy, others consider it a pragmatic methodology... |
Free | Windows Microsoft Windows Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal... |
| Endian Firewall Endian Firewall The Endian Firewall is an open source GNU/Linux distribution that specializes on Routing/Firewalling and Unified Threat Management. It is being developed by the Italian Endian Srl and the community.... |
GPL Open Source Open source The term open source describes practices in production and development that promote access to the end product's source materials. Some consider open source a philosophy, others consider it a pragmatic methodology... |
Free | Linux Linux Linux is a Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of any Linux system is the Linux kernel, an operating system kernel first released October 5, 1991 by Linus Torvalds... -based appliance |
| GhostWall | Freeware Freeware Freeware is computer software that is available for use at no cost or for an optional fee, but usually with one or more restricted usage rights. Freeware is in contrast to commercial software, which is typically sold for profit, but might be distributed for a business or commercial purpose in the... |
Free | Windows Microsoft Windows Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal... |
| Intego VirusBarrier Intego Intego is a software company founded in 1997. They create backup, antivirus, anti-spam, firewall and data protection software for Mac OS X. The company's slogan is "we protect your world." In September 2007, Intego launched The Mac Security Blog, which provides articles about Mac security issues,... |
Proprietary Proprietary software Proprietary software is computer software licensed under exclusive legal right of the copyright holder. The licensee is given the right to use the software under certain conditions, while restricted from other uses, such as modification, further distribution, or reverse engineering.Complementary... |
? | Mac OS X Mac OS X Mac OS X is a series of Unix-based operating systems and graphical user interfaces developed, marketed, and sold by Apple Inc. Since 2002, has been included with all new Macintosh computer systems... 10.5 or later; on an Xserve Xserve Xserve was a line of rack unit computers designed by Apple Inc. for use as servers. When the Xserve was introduced in 2002, it was Apple's first designated server hardware design since the Apple Network Server in 1996... |
| IPFilter IPFilter IPFilter is an open source software package that provides firewall services and network address translation for many UNIX-like operating systems. The author and software maintainer is Darren Reed. IPFilter supports both IPv4 and IPv6 protocols, and is a stateful firewall.IPFilter is delivered... |
restrictive BSD license Open Source Open source The term open source describes practices in production and development that promote access to the end product's source materials. Some consider open source a philosophy, others consider it a pragmatic methodology... |
Free | *BSD Berkeley Software Distribution Berkeley Software Distribution is a Unix operating system derivative developed and distributed by the Computer Systems Research Group of the University of California, Berkeley, from 1977 to 1995... , Solaris kernel module |
| ipfirewall Ipfirewall ipfirewall or ipfw is a FreeBSD IP packet filter and traffic accounting facility. Its ruleset logic is similar to many other packet filters except IPFilter. ipfw is authored and maintained by FreeBSD volunteer staff members. Its syntax enables use of sophisticated filtering capabilities and thus... |
BSD license Open Source Open source The term open source describes practices in production and development that promote access to the end product's source materials. Some consider open source a philosophy, others consider it a pragmatic methodology... |
Free | *BSD Berkeley Software Distribution Berkeley Software Distribution is a Unix operating system derivative developed and distributed by the Computer Systems Research Group of the University of California, Berkeley, from 1977 to 1995... package |
| Kaspersky Internet Security Kaspersky Internet Security Kaspersky Internet Security or KIS is an Internet security suite developed by Kaspersky Lab compatible with Microsoft Windows. KIS supports the detection and remidition of malware, as well as e-mail spam, phishing attempts, and data leaks.... |
Proprietary Proprietary software Proprietary software is computer software licensed under exclusive legal right of the copyright holder. The licensee is given the right to use the software under certain conditions, while restricted from other uses, such as modification, further distribution, or reverse engineering.Complementary... |
? | Windows Microsoft Windows Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal... x32/x64 |
| Lavasoft Personal Firewall |
Proprietary Proprietary software Proprietary software is computer software licensed under exclusive legal right of the copyright holder. The licensee is given the right to use the software under certain conditions, while restricted from other uses, such as modification, further distribution, or reverse engineering.Complementary... |
? | Windows Microsoft Windows Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal... x32/x64 |
| Microsoft Forefront Threat Management Gateway |
Proprietary Proprietary software Proprietary software is computer software licensed under exclusive legal right of the copyright holder. The licensee is given the right to use the software under certain conditions, while restricted from other uses, such as modification, further distribution, or reverse engineering.Complementary... |
? | Windows Microsoft Windows Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal... x64 |
| Monowall | BSD license Open Source Open source The term open source describes practices in production and development that promote access to the end product's source materials. Some consider open source a philosophy, others consider it a pragmatic methodology... |
Free | FreeBSD-based appliance |
| Netfilter/iptables Netfilter/iptables Netfilter is a framework that provides hook handling within the Linux kernel for intercepting and manipulating network packets. Put more concretely, Netfilter is invoked, for example, by the packet reception and send routines from/to network interfaces... |
GPL Open Source Open source The term open source describes practices in production and development that promote access to the end product's source materials. Some consider open source a philosophy, others consider it a pragmatic methodology... |
Free | Linux Linux Linux is a Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of any Linux system is the Linux kernel, an operating system kernel first released October 5, 1991 by Linus Torvalds... kernel module |
| Norton 360 Norton 360 Norton 360, developed by Symantec, is marketed as an "all-in-one" computer security suite. The package includes an antivirus, a personal firewall, a phishing protection program and a backup program... |
Proprietary Proprietary software Proprietary software is computer software licensed under exclusive legal right of the copyright holder. The licensee is given the right to use the software under certain conditions, while restricted from other uses, such as modification, further distribution, or reverse engineering.Complementary... |
? | Windows Microsoft Windows Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal... x32/x64 |
| Online Armor Personal Firewall Online Armor Personal Firewall Online Armor Personal Firewall is a firewall developed by Tall Emu Pty Ltd that provides protection on a Microsoft Windows operating system from both inbound and outbound attacks... |
Freeware Freeware Freeware is computer software that is available for use at no cost or for an optional fee, but usually with one or more restricted usage rights. Freeware is in contrast to commercial software, which is typically sold for profit, but might be distributed for a business or commercial purpose in the... /Proprietary Proprietary software Proprietary software is computer software licensed under exclusive legal right of the copyright holder. The licensee is given the right to use the software under certain conditions, while restricted from other uses, such as modification, further distribution, or reverse engineering.Complementary... |
? | Windows Microsoft Windows Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal... x32/x64 |
| Outpost Firewall Pro |
Proprietary Proprietary software Proprietary software is computer software licensed under exclusive legal right of the copyright holder. The licensee is given the right to use the software under certain conditions, while restricted from other uses, such as modification, further distribution, or reverse engineering.Complementary... |
? | Windows Microsoft Windows Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal... x32/x64 |
| PC Tools Firewall Plus PC Tools Firewall Plus PC Tools Firewall Plus is a personal firewall created by PC Tools. It is a freeware designed for Windows 7 , Windows Vista and Windows XP . The current version is available as a standalone product and with Spyware Doctor as a bundle.The program is a two-way firewall, monitoring incoming and... |
Freeware Freeware Freeware is computer software that is available for use at no cost or for an optional fee, but usually with one or more restricted usage rights. Freeware is in contrast to commercial software, which is typically sold for profit, but might be distributed for a business or commercial purpose in the... |
? | Windows Microsoft Windows Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal... x32/x64 |
| PF PF (firewall) PF is a BSD licensed stateful packet filter, a central piece of software for firewalling. It is comparable to iptables, ipfw and ipfilter... |
BSD license Open Source Open source The term open source describes practices in production and development that promote access to the end product's source materials. Some consider open source a philosophy, others consider it a pragmatic methodology... |
Free | *BSD Berkeley Software Distribution Berkeley Software Distribution is a Unix operating system derivative developed and distributed by the Computer Systems Research Group of the University of California, Berkeley, from 1977 to 1995... kernel module |
| pfsense PfSense pfSense is an open source firewall/router distribution based on FreeBSD. pfSense is meant to be installed on a personal computer and is noted for its reliability and offering features often only found in expensive commercial firewalls. It can be configured and upgraded through a web-based... |
BSD license Open Source Open source The term open source describes practices in production and development that promote access to the end product's source materials. Some consider open source a philosophy, others consider it a pragmatic methodology... |
Free | FreeBSD/NanoBSD-based appliance |
| PrivateFirewall | Freeware Freeware Freeware is computer software that is available for use at no cost or for an optional fee, but usually with one or more restricted usage rights. Freeware is in contrast to commercial software, which is typically sold for profit, but might be distributed for a business or commercial purpose in the... |
? | Windows Microsoft Windows Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal... x32/x64 |
| Smoothwall SmoothWall Smoothwall is a Linux distribution designed to be used as an open source firewall. Designed for ease of use, Smoothwall is configured via a web-based GUI, and requires little or no knowledge of Linux to install or use.... |
GPL Open Source Open source The term open source describes practices in production and development that promote access to the end product's source materials. Some consider open source a philosophy, others consider it a pragmatic methodology... |
Free | Linux-based appliance |
| Sunbelt Personal Firewall |
Proprietary Proprietary software Proprietary software is computer software licensed under exclusive legal right of the copyright holder. The licensee is given the right to use the software under certain conditions, while restricted from other uses, such as modification, further distribution, or reverse engineering.Complementary... |
? | Windows Microsoft Windows Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal... x32 |
| Sygate Personal Firewall |
Freeware Freeware Freeware is computer software that is available for use at no cost or for an optional fee, but usually with one or more restricted usage rights. Freeware is in contrast to commercial software, which is typically sold for profit, but might be distributed for a business or commercial purpose in the... |
? | Windows Microsoft Windows Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal... x32 |
| Vista Firewall Control |
Freeware Freeware Freeware is computer software that is available for use at no cost or for an optional fee, but usually with one or more restricted usage rights. Freeware is in contrast to commercial software, which is typically sold for profit, but might be distributed for a business or commercial purpose in the... /Proprietary Proprietary software Proprietary software is computer software licensed under exclusive legal right of the copyright holder. The licensee is given the right to use the software under certain conditions, while restricted from other uses, such as modification, further distribution, or reverse engineering.Complementary... |
? | Windows Microsoft Windows Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal... x32/x64 |
| Vyatta Vyatta Vyatta manufactures an open source router/firewall/VPN product for Internet Protocol networks . A free download of Vyatta has been available since March 2006. The system is a specialized Debian-based Linux distribution with networking applications such as Quagga, OpenVPN, and many others... |
GPL Open Source Open source The term open source describes practices in production and development that promote access to the end product's source materials. Some consider open source a philosophy, others consider it a pragmatic methodology... |
? | Linux Linux Linux is a Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of any Linux system is the Linux kernel, an operating system kernel first released October 5, 1991 by Linus Torvalds... -based appliance |
| Windows Firewall Windows Firewall Windows Firewall is a software component of Microsoft Windows that provides firewalling and packet filtering functions. It was first included in Windows XP and Windows Server 2003... |
Proprietary Proprietary software Proprietary software is computer software licensed under exclusive legal right of the copyright holder. The licensee is given the right to use the software under certain conditions, while restricted from other uses, such as modification, further distribution, or reverse engineering.Complementary... |
Included free as part of operating system |
Windows Microsoft Windows Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal... x32/x64 |
| WinGate Wingate -Places:In New Zealand:* Wingate, New Zealand, A suburb of Lower HuttIn the United Kingdom:* Wingate, County Durham* Old Wingate, County Durham* Wingates, Bolton, Greater ManchesterIn the United States:* Wingate, Indiana... |
Proprietary Proprietary software Proprietary software is computer software licensed under exclusive legal right of the copyright holder. The licensee is given the right to use the software under certain conditions, while restricted from other uses, such as modification, further distribution, or reverse engineering.Complementary... |
? | Windows Microsoft Windows Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal... x32/x64 |
| ZoneAlarm | Freeware Freeware Freeware is computer software that is available for use at no cost or for an optional fee, but usually with one or more restricted usage rights. Freeware is in contrast to commercial software, which is typically sold for profit, but might be distributed for a business or commercial purpose in the... /Proprietary Proprietary software Proprietary software is computer software licensed under exclusive legal right of the copyright holder. The licensee is given the right to use the software under certain conditions, while restricted from other uses, such as modification, further distribution, or reverse engineering.Complementary... |
? | Windows Microsoft Windows Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal... x32/x64 |
Firewall rule-set basic filtering features comparison
| Can Target: | Changing default policy to accept/reject (by issuing a single rule) | IP destination address(es) | IP source address(es) | TCP/UDP destination port(s) | TCP/UDP source port(s) | Ethernet MAC destination address | Ethernet MAC source address | Inbound firewall (ingress) | Outbound firewall (egress) |
|---|---|---|---|---|---|---|---|---|---|
| Check Point VPN-1 | |||||||||
| Cisco Access List | |||||||||
| Clavister | |||||||||
| Endian Firewall Endian Firewall The Endian Firewall is an open source GNU/Linux distribution that specializes on Routing/Firewalling and Unified Threat Management. It is being developed by the Italian Endian Srl and the community.... |
|||||||||
| IPFilter | |||||||||
| Juniper Networks | |||||||||
| Linux iptables Netfilter/iptables Netfilter is a framework that provides hook handling within the Linux kernel for intercepting and manipulating network packets. Put more concretely, Netfilter is invoked, for example, by the packet reception and send routines from/to network interfaces... |
|||||||||
| NAI Gauntlet | |||||||||
| OpenBSD PF PF (firewall) PF is a BSD licensed stateful packet filter, a central piece of software for firewalling. It is comparable to iptables, ipfw and ipfilter... |
|||||||||
| Sidewinder G2 | |||||||||
| Soft in Engines BMF | |||||||||
| SonicWALL | |||||||||
| Trend Micro Internet Security Trend Micro Internet Security Trend Micro Internet Security is an antivirus/Internet security program developed by Trend Micro... |
|||||||||
| Vyatta Vyatta Vyatta manufactures an open source router/firewall/VPN product for Internet Protocol networks . A free download of Vyatta has been available since March 2006. The system is a specialized Debian-based Linux distribution with networking applications such as Quagga, OpenVPN, and many others... |
|||||||||
| Windows XP Firewall | |||||||||
| Windows Vista Firewall | |||||||||
| Windows 7 / Windows 2008 R2 Firewall |
|||||||||
| WinGate Wingate -Places:In New Zealand:* Wingate, New Zealand, A suburb of Lower HuttIn the United Kingdom:* Wingate, County Durham* Old Wingate, County Durham* Wingates, Bolton, Greater ManchesterIn the United States:* Wingate, Indiana... |
|||||||||
| Zentyal | |||||||||
| Zorp Zorp firewall Zorp is a proxy firewall suite developed by Balabit IT Security. Its core framework allows the administrator to fine-tune proxy decisions , and fully analyze embedded protocols .The FTP, HTTP, FINGER, WHOIS, TELNET, and SSL protocols are fully supported with an application-level gateway.Zorp aims for... |
- Windows XP Firewall can target only single destination TCP/UDP port per rule, not port ranges, therefore support is partial.
Firewall rule-set advanced features comparison
| Can: | work at OSI Layer 4 (stateful firewall) | work at OSI Layer 7 (application inspection) | Change TTL? (Transparent to traceroute) | Configure REJECT-with answer | DMZ (de-militarized zone) - allows for single/several hosts not to be firewalled. | Filter according to time of day | Redirect TCP/UDP ports (port forwarding) | Redirect IP addresses (forwarding) | Filter according to User Authorization | Traffic rate-limit / QoS | Tarpit | Log |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Juniper Networks | ||||||||||||
| Check Point VPN-1 | (With Web Intelligence) | |||||||||||
| Cisco Access List | (with CBAC) | (with CBAC) | (with static routes) | (with dynamic ACLs) | (with queueing) | |||||||
| Clavister | {with selected/available ALGs} | |||||||||||
| IPFilter | (selected protocols only) | |||||||||||
| Linux iptables | (with patch) | (with 3rd party tools) | (with NuFW) | (with Patch-o-matic module) | ||||||||
| IPFW2 | (with divert) | (with patch) | ? | |||||||||
| OpenBSD pf | (selected protocols only) | |||||||||||
| Sidewinder Secure Computing Secure Computing Corporation, or SCC, was a public company that developed and sold computer security appliances and hosted services to protect users and data... |
||||||||||||
| Soft in Engines BMF | (selected protocols only) | (with MS Active Directory) | ||||||||||
| Vyatta Vyatta Vyatta manufactures an open source router/firewall/VPN product for Internet Protocol networks . A free download of Vyatta has been available since March 2006. The system is a specialized Debian-based Linux distribution with networking applications such as Quagga, OpenVPN, and many others... |
||||||||||||
| Windows 7 (and Windows 2008 R2) Firewall | **(with 3rd party tools) | **** | ||||||||||
| Windows Vista Firewall | * | **** | ||||||||||
| Windows XP Firewall | * | **** | ||||||||||
| WinGate Wingate -Places:In New Zealand:* Wingate, New Zealand, A suburb of Lower HuttIn the United Kingdom:* Wingate, County Durham* Old Wingate, County Durham* Wingates, Bolton, Greater ManchesterIn the United States:* Wingate, Indiana... |
||||||||||||
| Zentyal |
- NOTE: Because Linux Iptables is text-based firewall, you can "Filter according to time of day" by using additional 3rd party tools, like expect automation tool and cron jobs.
- Windows firewall may be scripted with scheduled tasks.
- Configured by system policy
Firewall Management features comparison
| Features: | Configuration: GUI, text or both modes? | Remote Access: Web (HTTP), Telnet, SSH, RDP, Serial COM RS232, ... | Change rules without requiring restart? | Ability to centrally manage all firewalls together |
|---|---|---|---|---|
| Juniper Networks | both | proprietary GUI, SSH, Web (HTTP/HTTPS),Telnet, nsm, RS232 | ||
| Check Point VPN-1 | both | proprietary GUI, SSH, Web (HTTP/HTTPS) | ||
| Cisco ABC | both | Telnet, SSH, Web(Java App "PDM" or the newer "ASDM"), RS232 | ||
| Clavister | both | proprietary GUI, SSH, Web (HTTP/HTTPS),Telnet, nsm, RS232 | ||
| IPFilter | both | Telnet, SSH, Web (webmin), X/Win32 GUI "fwbuilder", RS232 | ||
| Linux iptables | both | Telnet, SSH, Web (webmin), X/Win32 GUI "fwbuilder", RS232 | ||
| IPFW2 | both | Telnet, SSH, Web (webmin), X GUI "qtfw", Mac GUI "WaterRoof", RS232 | ||
| OpenBSD pf | both | Telnet, SSH, Web (webmin), X/Win32 GUI "fwbuilder", RS232 | ||
| Vyatta Vyatta Vyatta manufactures an open source router/firewall/VPN product for Internet Protocol networks . A free download of Vyatta has been available since March 2006. The system is a specialized Debian-based Linux distribution with networking applications such as Quagga, OpenVPN, and many others... |
both | Telnet, SSH, Web GUI, RS232 | ||
| Windows 7 (and Windows 2008 R2) Firewall | both | RDP, telnet, Group Policy Group Policy Group Policy is a feature of the Microsoft Windows NT family of operating systems. Group Policy is a set of rules that control the working environment of user accounts and computer accounts. Group Policy provides the centralized management and configuration of operating systems, applications, and... , MMC Microsoft Management Console Microsoft Management Console is a component of Windows 2000 and its successors that provides system administrators and advanced users an interface for configuring and monitoring the system.- Snap-ins and consoles :... |
||
| Windows Vista Firewall | both | RDP, telnet, Group Policy Group Policy Group Policy is a feature of the Microsoft Windows NT family of operating systems. Group Policy is a set of rules that control the working environment of user accounts and computer accounts. Group Policy provides the centralized management and configuration of operating systems, applications, and... , MMC Microsoft Management Console Microsoft Management Console is a component of Windows 2000 and its successors that provides system administrators and advanced users an interface for configuring and monitoring the system.- Snap-ins and consoles :... |
||
| Windows XP Firewall | both | RDP, telnet, Group Policy Group Policy Group Policy is a feature of the Microsoft Windows NT family of operating systems. Group Policy is a set of rules that control the working environment of user accounts and computer accounts. Group Policy provides the centralized management and configuration of operating systems, applications, and... |
(with AD and GPO) | |
| WinGate Wingate -Places:In New Zealand:* Wingate, New Zealand, A suburb of Lower HuttIn the United Kingdom:* Wingate, County Durham* Old Wingate, County Durham* Wingates, Bolton, Greater ManchesterIn the United States:* Wingate, Indiana... |
GUI | Proprietary user interface | ||
| Endian Firewall Endian Firewall The Endian Firewall is an open source GNU/Linux distribution that specializes on Routing/Firewalling and Unified Threat Management. It is being developed by the Italian Endian Srl and the community.... |
both | Telnet, SSH, Web GUI, | ||
| ClearOS ClearOS ClearOS is a Linux distribution, based on CentOS and Red Hat Enterprise Linux, designed for use in small and medium enterprises as a network gateway and network server with a web-based administration interface. It is designed to be an alternative to Windows Small Business Server. ClearOS succeeds... |
both | RS232, SSH, WebConfig WebConfig WebConfig is an open sourced server administration and configuration tool licensed under the GPL. It is featured in ClearOS, ClarkConnect and CentralPointe Server. The goal of the tool is to make administration tasks of the Linux server easy to use and focuses on tasks relevant to operating the... , |
with ClearSDN | |
| Zentyal | GUI | SSH, Web (HTTPS) | with Zentyal Cloud |
- NOTE: Because Linux Iptables and Cisco ACL are text-based firewalls, you can centrally manage them all-at-once by using additional tools, like KDE Konsole or expect automation tool.
- NOTE: Due to the distributed nature of the Checkpoint architecture, no single interface is used exclusively. Security, NAT and VPN configuration is always done using the proprietary GUI, however basic IP networking and routing configuration of individual firewalls could be done using SSH or the Web interface.
Firewall's other features comparison
| Features: | Modularity: supports third-party modules to extend functionality? | IPS : Intrusion prevention system | Open-Source License? | supports IPv6 ? | Class: Home / Professional | Operating Systems on which it runs? |
|---|---|---|---|---|---|---|
| Juniper Networks | Professional | Juniper Networks (JunOS) | ||||
| Check Point VPN-1 | Professional | Solaris, Linux (SPLAT or RHEL), Nokia IPSO, Crossbeam Systems Crossbeam Systems Crossbeam Systems is headquartered in Boxborough, Massachusetts and has offices in Europe, Latin America and Asia Pacific. The company makes an open, high-performance hardware and software network security platform that is designed to deploy network security applications from third-party security... ,Windows NT, 2000, 2003 |
||||
| Cisco IOS | Professional | Cisco IOS | ||||
| Clavister | Professional | CorePlus | ||||
| IPFilter | , with Snort Inline, Ossec | Both | Solaris, IRIX, HP-UX, NetBSD and FreeBSD. Available but deprecated on Linux. | |||
| Linux iptables | , with Snort Inline, Ossec | Both | Linux 2.4+ | |||
| OpenBSD pf | , with Snort Inline, Ossec | Both | OpenBSD OpenBSD OpenBSD is a Unix-like computer operating system descended from Berkeley Software Distribution , a Unix derivative developed at the University of California, Berkeley. It was forked from NetBSD by project leader Theo de Raadt in late 1995... , FreeBSD FreeBSD FreeBSD is a free Unix-like operating system descended from AT&T UNIX via BSD UNIX. Although for legal reasons FreeBSD cannot be called “UNIX”, as the direct descendant of BSD UNIX , FreeBSD’s internals and system APIs are UNIX-compliant... 6.0+, NetBSD NetBSD NetBSD is a freely available open source version of the Berkeley Software Distribution Unix operating system. It was the second open source BSD descendant to be formally released, after 386BSD, and continues to be actively developed. The NetBSD project is primarily focused on high quality design,... 3.0+ |
|||
| Outpost Firewall Pro | Professional | Windows | ||||
| Vyatta Vyatta Vyatta manufactures an open source router/firewall/VPN product for Internet Protocol networks . A free download of Vyatta has been available since March 2006. The system is a specialized Debian-based Linux distribution with networking applications such as Quagga, OpenVPN, and many others... |
Professional | Vyatta OS (built on Debian) | ||||
| Windows 7 (and Windows 2008 R2) Firewall | Both | Windows 7 Windows Server 2008 R2 |
||||
| Windows Vista Firewall | Both | Windows Vista Windows Server 2008 |
||||
| Windows XP Firewall | Home | Windows XP Windows Server 2003 |
||||
| WinGate Wingate -Places:In New Zealand:* Wingate, New Zealand, A suburb of Lower HuttIn the United Kingdom:* Wingate, County Durham* Old Wingate, County Durham* Wingates, Bolton, Greater ManchesterIn the United States:* Wingate, Indiana... |
Professional | Windows 2000, Windows XP, Windows 2003, Windows Vista, Windows 2008. 32bit and 64bit. | ||||
| Endian Firewall Endian Firewall The Endian Firewall is an open source GNU/Linux distribution that specializes on Routing/Firewalling and Unified Threat Management. It is being developed by the Italian Endian Srl and the community.... |
, with Snort Inline | Both | Endian OS (Based on Red Hat Enterprise Linux) | |||
| Zentyal | Both | Ubuntu Server |
- NOTE: Checkpoint support a limited range of third-party modules from certified partners. Modules are integrated with Checkpoint firewalls through a platform named OPSEC
- NOTE: WinGate 6.x supports 3rd party modules for data scanning only (e.g. antivirus and content filtering).
Non-Firewall extra features comparison
Those features are not strictly firewall features, but are sometimes bundled with firewall software, or exist on the platform.NOTE: Features will be marked as "yes", even if it's separate module that comes with the platform, on which firewall sits.
IDS: real-time firewall that logs/sniffs/blocks suspicious connections, that are not part of rule-set.
VPN (Virtual Private Network) Types are: PPTP, L2TP, MPLS, IPsec, SSL/SSH.
Profile selection: The user is enable to switch fast between firewall settings for at work, home or in public places.
| Can: | NAT (static, dynamic w/o ports, PAT) | IDS (Intrusion Detection System) | VPN (Virtual Private Network) | AV (Anti-Virus) | Sniffer | Profile selection |
|---|---|---|---|---|---|---|
| Juniper Networks IOS | (supports three NAT types) | (supports wireshark, tcpdump, IOS version) | ||||
| Check Point | (supports four NAT types) | (with wireshark, tcpdump or FW-1 kernel inside dump "fw monitor" a powerful tool to determine many aspects of the connection before and after packet enters/leaves OS routing system | ||||
| Cisco IOS | (supports three NAT types) | (some IOS versions) | (some IOS versions) | |||
| Clavister | (supports three NAT types) | (supports Clavister Real-Time Log/Monitor and PCAP/Wireshark) | ||||
| IPFilter | (supports three NAT types) | (with Prelude-IDS or Snort) | (Native on Solaris, HP-UX. With third-party software on IRIX, BSD, Linux.) | (with clamav) | (with wireshark or tcpdump) | |
| Linux OS | (supports three NAT types) | (with Prelude-IDS or Snort) | (with openVPN) | (with clamav) | (with wireshark or tcpdump) | |
| OpenBSD pf | (supports three NAT types) | (with Prelude-IDS or Snort) | (with clamav) | (with wireshark or tcpdump. "log" option logs in pcap format) | ||
| Vyatta Vyatta Vyatta manufactures an open source router/firewall/VPN product for Internet Protocol networks . A free download of Vyatta has been available since March 2006. The system is a specialized Debian-based Linux distribution with networking applications such as Quagga, OpenVPN, and many others... |
(supports three NAT types) | (integrated Snort) | (IPsec and OpenVPN) | (with wireshark or tcpdump) | ||
| Windows 7 (and Windows 2008 R2) | (PAT, with Internet Connection Sharing) | (with SPECTER) | (McAfee, Symantec, etc.) | (with wireshark) | (public, private, home) | |
| Windows Vista | (PAT, with Internet Connection Sharing) | (with SPECTER) | (Limited to 1 client) | (McAfee, Symantec, etc.) | (with wireshark) | (public, private) |
| Windows XP | (PAT, with Internet Connection Sharing) | (with SPECTER) | (Limited to 1 client) | (McAfee, Symantec, etc.) | (with wireshark) | |
| WinGate Wingate -Places:In New Zealand:* Wingate, New Zealand, A suburb of Lower HuttIn the United Kingdom:* Wingate, County Durham* Old Wingate, County Durham* Wingates, Bolton, Greater ManchesterIn the United States:* Wingate, Indiana... |
(with NetPatrol) | (proprietary) | (Kaspersky Labs) | (filtered capturing to pcap format) | ||
| Endian Firewall Endian Firewall The Endian Firewall is an open source GNU/Linux distribution that specializes on Routing/Firewalling and Unified Threat Management. It is being developed by the Italian Endian Srl and the community.... |
(supports three NAT types) | (with integrated Snort) | (IPsec and openVPN) | (with clamav,Sophos Antivirus (optional) ) | (with wireshark or tcpdump) | |
| Zentyal | (static, PAT) | (with wireshark or tcpdump) |