Comparison of firewalls
Encyclopedia
The following tables compare different aspects of a number of firewalls, starting from simple home firewalls up to the most sophisticated Enterprise firewalls.

Firewall software

Generally, all firewalls are software-based, and there is no such thing as a purely hardware-only firewall. Embedded firewalls are simply very limited-capability programs running on a low-power CPU, and this software can be upgraded or replaced if someone has sufficient skill and resources to do so. (See OpenWrt
OpenWrt
OpenWrt is a Linux distribution primarily targeted at routing on embedded devices. It comprises a set of about 2000 software packages, installed and uninstalled via the opkg package management system. OpenWrt can be configured using the command-line interface of BusyBox ash, or the web interface...

)
Firewall License Cost / usage limits OS
Operating system
An operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system...

Cisco IOS
Cisco IOS
Cisco IOS is the software used on the vast majority of Cisco Systems routers and current Cisco network switches...

Proprietary
Proprietary software
Proprietary software is computer software licensed under exclusive legal right of the copyright holder. The licensee is given the right to use the software under certain conditions, while restricted from other uses, such as modification, further distribution, or reverse engineering.Complementary...

Included on all Cisco
switches and routers
Proprietary, runs only
on Cisco hardware
Comodo Internet
Security
Comodo Internet Security
Comodo Internet Security , developed by Comodo Group, is an Internet security suite available for Microsoft Windows. It offers anti-malware protection, a personal firewall, a sandbox and a Host-based Intrusion Prevention System called Defense+.-Editions:Comodo Internet Security is available in...

Freeware
Freeware
Freeware is computer software that is available for use at no cost or for an optional fee, but usually with one or more restricted usage rights. Freeware is in contrast to commercial software, which is typically sold for profit, but might be distributed for a business or commercial purpose in the...

? Windows
Microsoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...

Core Force Apache License
Apache License
The Apache License is a copyfree free software license authored by the Apache Software Foundation . The Apache License requires preservation of the copyright notice and disclaimer....

 Open Source
Open source
The term open source describes practices in production and development that promote access to the end product's source materials. Some consider open source a philosophy, others consider it a pragmatic methodology...

Free Windows
Microsoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...

Endian Firewall
Endian Firewall
The Endian Firewall is an open source GNU/Linux distribution that specializes on Routing/Firewalling and Unified Threat Management. It is being developed by the Italian Endian Srl and the community....

GPL Open Source
Open source
The term open source describes practices in production and development that promote access to the end product's source materials. Some consider open source a philosophy, others consider it a pragmatic methodology...

Free Linux
Linux
Linux is a Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of any Linux system is the Linux kernel, an operating system kernel first released October 5, 1991 by Linus Torvalds...

-based appliance
GhostWall Freeware
Freeware
Freeware is computer software that is available for use at no cost or for an optional fee, but usually with one or more restricted usage rights. Freeware is in contrast to commercial software, which is typically sold for profit, but might be distributed for a business or commercial purpose in the...

Free Windows
Microsoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...

Intego VirusBarrier
Intego
Intego is a software company founded in 1997. They create backup, antivirus, anti-spam, firewall and data protection software for Mac OS X. The company's slogan is "we protect your world." In September 2007, Intego launched The Mac Security Blog, which provides articles about Mac security issues,...

Proprietary
Proprietary software
Proprietary software is computer software licensed under exclusive legal right of the copyright holder. The licensee is given the right to use the software under certain conditions, while restricted from other uses, such as modification, further distribution, or reverse engineering.Complementary...

? Mac OS X
Mac OS X
Mac OS X is a series of Unix-based operating systems and graphical user interfaces developed, marketed, and sold by Apple Inc. Since 2002, has been included with all new Macintosh computer systems...

 10.5 or later; on an Xserve
Xserve
Xserve was a line of rack unit computers designed by Apple Inc. for use as servers. When the Xserve was introduced in 2002, it was Apple's first designated server hardware design since the Apple Network Server in 1996...

IPFilter
IPFilter
IPFilter is an open source software package that provides firewall services and network address translation for many UNIX-like operating systems. The author and software maintainer is Darren Reed. IPFilter supports both IPv4 and IPv6 protocols, and is a stateful firewall.IPFilter is delivered...

restrictive BSD license Open Source
Open source
The term open source describes practices in production and development that promote access to the end product's source materials. Some consider open source a philosophy, others consider it a pragmatic methodology...

Free *BSD
Berkeley Software Distribution
Berkeley Software Distribution is a Unix operating system derivative developed and distributed by the Computer Systems Research Group of the University of California, Berkeley, from 1977 to 1995...

, Solaris kernel module
ipfirewall
Ipfirewall
ipfirewall or ipfw is a FreeBSD IP packet filter and traffic accounting facility. Its ruleset logic is similar to many other packet filters except IPFilter. ipfw is authored and maintained by FreeBSD volunteer staff members. Its syntax enables use of sophisticated filtering capabilities and thus...

BSD license Open Source
Open source
The term open source describes practices in production and development that promote access to the end product's source materials. Some consider open source a philosophy, others consider it a pragmatic methodology...

Free *BSD
Berkeley Software Distribution
Berkeley Software Distribution is a Unix operating system derivative developed and distributed by the Computer Systems Research Group of the University of California, Berkeley, from 1977 to 1995...

 package
Kaspersky
Internet Security
Kaspersky Internet Security
Kaspersky Internet Security or KIS is an Internet security suite developed by Kaspersky Lab compatible with Microsoft Windows. KIS supports the detection and remidition of malware, as well as e-mail spam, phishing attempts, and data leaks....

Proprietary
Proprietary software
Proprietary software is computer software licensed under exclusive legal right of the copyright holder. The licensee is given the right to use the software under certain conditions, while restricted from other uses, such as modification, further distribution, or reverse engineering.Complementary...

? Windows
Microsoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...

 x32/x64
Lavasoft
Personal Firewall
Proprietary
Proprietary software
Proprietary software is computer software licensed under exclusive legal right of the copyright holder. The licensee is given the right to use the software under certain conditions, while restricted from other uses, such as modification, further distribution, or reverse engineering.Complementary...

? Windows
Microsoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...

 x32/x64
Microsoft
Forefront Threat
Management
Gateway
Proprietary
Proprietary software
Proprietary software is computer software licensed under exclusive legal right of the copyright holder. The licensee is given the right to use the software under certain conditions, while restricted from other uses, such as modification, further distribution, or reverse engineering.Complementary...

? Windows
Microsoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...

 x64
Monowall BSD license Open Source
Open source
The term open source describes practices in production and development that promote access to the end product's source materials. Some consider open source a philosophy, others consider it a pragmatic methodology...

Free FreeBSD-based appliance
Netfilter/iptables
Netfilter/iptables
Netfilter is a framework that provides hook handling within the Linux kernel for intercepting and manipulating network packets. Put more concretely, Netfilter is invoked, for example, by the packet reception and send routines from/to network interfaces...

GPL Open Source
Open source
The term open source describes practices in production and development that promote access to the end product's source materials. Some consider open source a philosophy, others consider it a pragmatic methodology...

Free Linux
Linux
Linux is a Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of any Linux system is the Linux kernel, an operating system kernel first released October 5, 1991 by Linus Torvalds...

 kernel module
Norton 360
Norton 360
Norton 360, developed by Symantec, is marketed as an "all-in-one" computer security suite. The package includes an antivirus, a personal firewall, a phishing protection program and a backup program...

Proprietary
Proprietary software
Proprietary software is computer software licensed under exclusive legal right of the copyright holder. The licensee is given the right to use the software under certain conditions, while restricted from other uses, such as modification, further distribution, or reverse engineering.Complementary...

? Windows
Microsoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...

 x32/x64
Online Armor
Personal Firewall
Online Armor Personal Firewall
Online Armor Personal Firewall is a firewall developed by Tall Emu Pty Ltd that provides protection on a Microsoft Windows operating system from both inbound and outbound attacks...

Freeware
Freeware
Freeware is computer software that is available for use at no cost or for an optional fee, but usually with one or more restricted usage rights. Freeware is in contrast to commercial software, which is typically sold for profit, but might be distributed for a business or commercial purpose in the...

/Proprietary
Proprietary software
Proprietary software is computer software licensed under exclusive legal right of the copyright holder. The licensee is given the right to use the software under certain conditions, while restricted from other uses, such as modification, further distribution, or reverse engineering.Complementary...

? Windows
Microsoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...

 x32/x64
Outpost
Firewall Pro
Proprietary
Proprietary software
Proprietary software is computer software licensed under exclusive legal right of the copyright holder. The licensee is given the right to use the software under certain conditions, while restricted from other uses, such as modification, further distribution, or reverse engineering.Complementary...

? Windows
Microsoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...

 x32/x64
PC Tools
Firewall Plus
PC Tools Firewall Plus
PC Tools Firewall Plus is a personal firewall created by PC Tools. It is a freeware designed for Windows 7 , Windows Vista and Windows XP . The current version is available as a standalone product and with Spyware Doctor as a bundle.The program is a two-way firewall, monitoring incoming and...

Freeware
Freeware
Freeware is computer software that is available for use at no cost or for an optional fee, but usually with one or more restricted usage rights. Freeware is in contrast to commercial software, which is typically sold for profit, but might be distributed for a business or commercial purpose in the...

? Windows
Microsoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...

 x32/x64
PF
PF (firewall)
PF is a BSD licensed stateful packet filter, a central piece of software for firewalling. It is comparable to iptables, ipfw and ipfilter...

BSD license Open Source
Open source
The term open source describes practices in production and development that promote access to the end product's source materials. Some consider open source a philosophy, others consider it a pragmatic methodology...

Free *BSD
Berkeley Software Distribution
Berkeley Software Distribution is a Unix operating system derivative developed and distributed by the Computer Systems Research Group of the University of California, Berkeley, from 1977 to 1995...

 kernel module
pfsense
PfSense
pfSense is an open source firewall/router distribution based on FreeBSD. pfSense is meant to be installed on a personal computer and is noted for its reliability and offering features often only found in expensive commercial firewalls. It can be configured and upgraded through a web-based...

BSD license Open Source
Open source
The term open source describes practices in production and development that promote access to the end product's source materials. Some consider open source a philosophy, others consider it a pragmatic methodology...

Free FreeBSD/NanoBSD-based appliance
PrivateFirewall Freeware
Freeware
Freeware is computer software that is available for use at no cost or for an optional fee, but usually with one or more restricted usage rights. Freeware is in contrast to commercial software, which is typically sold for profit, but might be distributed for a business or commercial purpose in the...

? Windows
Microsoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...

 x32/x64
Smoothwall
SmoothWall
Smoothwall is a Linux distribution designed to be used as an open source firewall. Designed for ease of use, Smoothwall is configured via a web-based GUI, and requires little or no knowledge of Linux to install or use....

GPL Open Source
Open source
The term open source describes practices in production and development that promote access to the end product's source materials. Some consider open source a philosophy, others consider it a pragmatic methodology...

Free Linux-based appliance
Sunbelt
Personal Firewall
Proprietary
Proprietary software
Proprietary software is computer software licensed under exclusive legal right of the copyright holder. The licensee is given the right to use the software under certain conditions, while restricted from other uses, such as modification, further distribution, or reverse engineering.Complementary...

? Windows
Microsoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...

 x32
Sygate
Personal Firewall
Freeware
Freeware
Freeware is computer software that is available for use at no cost or for an optional fee, but usually with one or more restricted usage rights. Freeware is in contrast to commercial software, which is typically sold for profit, but might be distributed for a business or commercial purpose in the...

? Windows
Microsoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...

 x32
Vista Firewall
Control
Freeware
Freeware
Freeware is computer software that is available for use at no cost or for an optional fee, but usually with one or more restricted usage rights. Freeware is in contrast to commercial software, which is typically sold for profit, but might be distributed for a business or commercial purpose in the...

/Proprietary
Proprietary software
Proprietary software is computer software licensed under exclusive legal right of the copyright holder. The licensee is given the right to use the software under certain conditions, while restricted from other uses, such as modification, further distribution, or reverse engineering.Complementary...

? Windows
Microsoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...

 x32/x64
Vyatta
Vyatta
Vyatta manufactures an open source router/firewall/VPN product for Internet Protocol networks . A free download of Vyatta has been available since March 2006. The system is a specialized Debian-based Linux distribution with networking applications such as Quagga, OpenVPN, and many others...

GPL Open Source
Open source
The term open source describes practices in production and development that promote access to the end product's source materials. Some consider open source a philosophy, others consider it a pragmatic methodology...

? Linux
Linux
Linux is a Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of any Linux system is the Linux kernel, an operating system kernel first released October 5, 1991 by Linus Torvalds...

-based appliance
Windows Firewall
Windows Firewall
Windows Firewall is a software component of Microsoft Windows that provides firewalling and packet filtering functions. It was first included in Windows XP and Windows Server 2003...

Proprietary
Proprietary software
Proprietary software is computer software licensed under exclusive legal right of the copyright holder. The licensee is given the right to use the software under certain conditions, while restricted from other uses, such as modification, further distribution, or reverse engineering.Complementary...

Included free as part
of operating system
Windows
Microsoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...

 x32/x64
WinGate
Wingate
-Places:In New Zealand:* Wingate, New Zealand, A suburb of Lower HuttIn the United Kingdom:* Wingate, County Durham* Old Wingate, County Durham* Wingates, Bolton, Greater ManchesterIn the United States:* Wingate, Indiana...

Proprietary
Proprietary software
Proprietary software is computer software licensed under exclusive legal right of the copyright holder. The licensee is given the right to use the software under certain conditions, while restricted from other uses, such as modification, further distribution, or reverse engineering.Complementary...

? Windows
Microsoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...

 x32/x64
ZoneAlarm Freeware
Freeware
Freeware is computer software that is available for use at no cost or for an optional fee, but usually with one or more restricted usage rights. Freeware is in contrast to commercial software, which is typically sold for profit, but might be distributed for a business or commercial purpose in the...

/Proprietary
Proprietary software
Proprietary software is computer software licensed under exclusive legal right of the copyright holder. The licensee is given the right to use the software under certain conditions, while restricted from other uses, such as modification, further distribution, or reverse engineering.Complementary...

? Windows
Microsoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...

 x32/x64

Firewall rule-set basic filtering features comparison

Can Target:Changing default policy to accept/reject (by issuing a single rule) IP destination address(es)IP source address(es) TCP/UDP destination port(s)TCP/UDP source port(s)Ethernet MAC destination addressEthernet MAC source addressInbound firewall (ingress)Outbound firewall (egress)
Check Point VPN-1
Cisco Access List
Clavister
Endian Firewall
Endian Firewall
The Endian Firewall is an open source GNU/Linux distribution that specializes on Routing/Firewalling and Unified Threat Management. It is being developed by the Italian Endian Srl and the community....

IPFilter
Juniper Networks
Linux iptables
Netfilter/iptables
Netfilter is a framework that provides hook handling within the Linux kernel for intercepting and manipulating network packets. Put more concretely, Netfilter is invoked, for example, by the packet reception and send routines from/to network interfaces...

NAI Gauntlet
OpenBSD PF
PF (firewall)
PF is a BSD licensed stateful packet filter, a central piece of software for firewalling. It is comparable to iptables, ipfw and ipfilter...

Sidewinder G2
Soft in Engines BMF
SonicWALL
Trend Micro Internet Security
Trend Micro Internet Security
Trend Micro Internet Security is an antivirus/Internet security program developed by Trend Micro...

Vyatta
Vyatta
Vyatta manufactures an open source router/firewall/VPN product for Internet Protocol networks . A free download of Vyatta has been available since March 2006. The system is a specialized Debian-based Linux distribution with networking applications such as Quagga, OpenVPN, and many others...

Windows XP Firewall
Windows Vista Firewall
Windows 7 /
Windows 2008 R2
Firewall
WinGate
Wingate
-Places:In New Zealand:* Wingate, New Zealand, A suburb of Lower HuttIn the United Kingdom:* Wingate, County Durham* Old Wingate, County Durham* Wingates, Bolton, Greater ManchesterIn the United States:* Wingate, Indiana...

Zentyal
Zorp
Zorp firewall
Zorp is a proxy firewall suite developed by Balabit IT Security. Its core framework allows the administrator to fine-tune proxy decisions , and fully analyze embedded protocols .The FTP, HTTP, FINGER, WHOIS, TELNET, and SSL protocols are fully supported with an application-level gateway.Zorp aims for...


  • Windows XP Firewall can target only single destination TCP/UDP port per rule, not port ranges, therefore support is partial.

Firewall rule-set advanced features comparison

Can: work at OSI Layer 4 (stateful firewall) work at OSI Layer 7 (application inspection) Change TTL? (Transparent to traceroute) Configure REJECT-with answer DMZ (de-militarized zone) - allows for single/several hosts not to be firewalled. Filter according to time of day Redirect TCP/UDP ports (port forwarding) Redirect IP addresses (forwarding) Filter according to User Authorization Traffic rate-limit / QoS Tarpit Log
Juniper Networks
Check Point VPN-1 (With Web Intelligence)
Cisco Access List (with CBAC) (with CBAC) (with static routes) (with dynamic ACLs) (with queueing)
Clavister {with selected/available ALGs}
IPFilter (selected protocols only)
Linux iptables (with patch) (with 3rd party tools) (with NuFW) (with Patch-o-matic module)
IPFW2 (with divert) (with patch) ?
OpenBSD pf (selected protocols only)
Sidewinder
Secure Computing
Secure Computing Corporation, or SCC, was a public company that developed and sold computer security appliances and hosted services to protect users and data...

Soft in Engines BMF (selected protocols only) (with MS Active Directory)
Vyatta
Vyatta
Vyatta manufactures an open source router/firewall/VPN product for Internet Protocol networks . A free download of Vyatta has been available since March 2006. The system is a specialized Debian-based Linux distribution with networking applications such as Quagga, OpenVPN, and many others...

Windows 7 (and Windows 2008 R2) Firewall **(with 3rd party tools) ****
Windows Vista Firewall * ****
Windows XP Firewall * ****
WinGate
Wingate
-Places:In New Zealand:* Wingate, New Zealand, A suburb of Lower HuttIn the United Kingdom:* Wingate, County Durham* Old Wingate, County Durham* Wingates, Bolton, Greater ManchesterIn the United States:* Wingate, Indiana...

Zentyal

  • NOTE: Because Linux Iptables is text-based firewall, you can "Filter according to time of day" by using additional 3rd party tools, like expect automation tool and cron jobs.
  • Windows firewall may be scripted with scheduled tasks.
  • Configured by system policy

Firewall Management features comparison

Features: Configuration: GUI, text or both modes? Remote Access: Web (HTTP), Telnet, SSH, RDP, Serial COM RS232, ... Change rules without requiring restart? Ability to centrally manage all firewalls together
Juniper Networks both proprietary GUI, SSH, Web (HTTP/HTTPS),Telnet, nsm, RS232
Check Point VPN-1 both proprietary GUI, SSH, Web (HTTP/HTTPS)
Cisco ABC both Telnet, SSH, Web(Java App "PDM" or the newer "ASDM"), RS232
Clavister both proprietary GUI, SSH, Web (HTTP/HTTPS),Telnet, nsm, RS232
IPFilter both Telnet, SSH, Web (webmin), X/Win32 GUI "fwbuilder", RS232
Linux iptables both Telnet, SSH, Web (webmin), X/Win32 GUI "fwbuilder", RS232
IPFW2 both Telnet, SSH, Web (webmin), X GUI "qtfw", Mac GUI "WaterRoof", RS232
OpenBSD pf both Telnet, SSH, Web (webmin), X/Win32 GUI "fwbuilder", RS232
Vyatta
Vyatta
Vyatta manufactures an open source router/firewall/VPN product for Internet Protocol networks . A free download of Vyatta has been available since March 2006. The system is a specialized Debian-based Linux distribution with networking applications such as Quagga, OpenVPN, and many others...

both Telnet, SSH, Web GUI, RS232
Windows 7 (and Windows 2008 R2) Firewall both RDP, telnet, Group Policy
Group Policy
Group Policy is a feature of the Microsoft Windows NT family of operating systems. Group Policy is a set of rules that control the working environment of user accounts and computer accounts. Group Policy provides the centralized management and configuration of operating systems, applications, and...

, MMC
Microsoft Management Console
Microsoft Management Console is a component of Windows 2000 and its successors that provides system administrators and advanced users an interface for configuring and monitoring the system.- Snap-ins and consoles :...

Windows Vista Firewall both RDP, telnet, Group Policy
Group Policy
Group Policy is a feature of the Microsoft Windows NT family of operating systems. Group Policy is a set of rules that control the working environment of user accounts and computer accounts. Group Policy provides the centralized management and configuration of operating systems, applications, and...

, MMC
Microsoft Management Console
Microsoft Management Console is a component of Windows 2000 and its successors that provides system administrators and advanced users an interface for configuring and monitoring the system.- Snap-ins and consoles :...

Windows XP Firewall both RDP, telnet, Group Policy
Group Policy
Group Policy is a feature of the Microsoft Windows NT family of operating systems. Group Policy is a set of rules that control the working environment of user accounts and computer accounts. Group Policy provides the centralized management and configuration of operating systems, applications, and...

(with AD and GPO)
WinGate
Wingate
-Places:In New Zealand:* Wingate, New Zealand, A suburb of Lower HuttIn the United Kingdom:* Wingate, County Durham* Old Wingate, County Durham* Wingates, Bolton, Greater ManchesterIn the United States:* Wingate, Indiana...

GUI Proprietary user interface
Endian Firewall
Endian Firewall
The Endian Firewall is an open source GNU/Linux distribution that specializes on Routing/Firewalling and Unified Threat Management. It is being developed by the Italian Endian Srl and the community....

both Telnet, SSH, Web GUI,
ClearOS
ClearOS
ClearOS is a Linux distribution, based on CentOS and Red Hat Enterprise Linux, designed for use in small and medium enterprises as a network gateway and network server with a web-based administration interface. It is designed to be an alternative to Windows Small Business Server. ClearOS succeeds...

both RS232, SSH, WebConfig
WebConfig
WebConfig is an open sourced server administration and configuration tool licensed under the GPL. It is featured in ClearOS, ClarkConnect and CentralPointe Server. The goal of the tool is to make administration tasks of the Linux server easy to use and focuses on tasks relevant to operating the...

,
with ClearSDN
Zentyal GUI SSH, Web (HTTPS) with Zentyal Cloud

  • NOTE: Because Linux Iptables and Cisco ACL are text-based firewalls, you can centrally manage them all-at-once by using additional tools, like KDE Konsole or expect automation tool.

  • NOTE: Due to the distributed nature of the Checkpoint architecture, no single interface is used exclusively. Security, NAT and VPN configuration is always done using the proprietary GUI, however basic IP networking and routing configuration of individual firewalls could be done using SSH or the Web interface.

Firewall's other features comparison

Features: Modularity: supports third-party modules to extend functionality? IPS : Intrusion prevention system Open-Source License? supports IPv6 ? Class: Home / Professional Operating Systems on which it runs?
Juniper Networks Professional Juniper Networks (JunOS)
Check Point VPN-1 Professional Solaris, Linux (SPLAT or RHEL), Nokia IPSO, Crossbeam Systems
Crossbeam Systems
Crossbeam Systems is headquartered in Boxborough, Massachusetts and has offices in Europe, Latin America and Asia Pacific. The company makes an open, high-performance hardware and software network security platform that is designed to deploy network security applications from third-party security...

,Windows NT, 2000, 2003
Cisco IOS Professional Cisco IOS
Clavister Professional CorePlus
IPFilter , with Snort Inline, Ossec Both Solaris, IRIX, HP-UX, NetBSD and FreeBSD. Available but deprecated on Linux.
Linux iptables , with Snort Inline, Ossec Both Linux 2.4+
OpenBSD pf , with Snort Inline, Ossec Both OpenBSD
OpenBSD
OpenBSD is a Unix-like computer operating system descended from Berkeley Software Distribution , a Unix derivative developed at the University of California, Berkeley. It was forked from NetBSD by project leader Theo de Raadt in late 1995...

, FreeBSD
FreeBSD
FreeBSD is a free Unix-like operating system descended from AT&T UNIX via BSD UNIX. Although for legal reasons FreeBSD cannot be called “UNIX”, as the direct descendant of BSD UNIX , FreeBSD’s internals and system APIs are UNIX-compliant...

 6.0+, NetBSD
NetBSD
NetBSD is a freely available open source version of the Berkeley Software Distribution Unix operating system. It was the second open source BSD descendant to be formally released, after 386BSD, and continues to be actively developed. The NetBSD project is primarily focused on high quality design,...

 3.0+
Outpost Firewall Pro Professional Windows
Vyatta
Vyatta
Vyatta manufactures an open source router/firewall/VPN product for Internet Protocol networks . A free download of Vyatta has been available since March 2006. The system is a specialized Debian-based Linux distribution with networking applications such as Quagga, OpenVPN, and many others...

Professional Vyatta OS (built on Debian)
Windows 7 (and Windows 2008 R2) Firewall Both Windows 7
Windows Server 2008 R2
Windows Vista Firewall Both Windows Vista
Windows Server 2008
Windows XP Firewall Home Windows XP
Windows Server 2003
WinGate
Wingate
-Places:In New Zealand:* Wingate, New Zealand, A suburb of Lower HuttIn the United Kingdom:* Wingate, County Durham* Old Wingate, County Durham* Wingates, Bolton, Greater ManchesterIn the United States:* Wingate, Indiana...

Professional Windows 2000, Windows XP, Windows 2003, Windows Vista, Windows 2008. 32bit and 64bit.
Endian Firewall
Endian Firewall
The Endian Firewall is an open source GNU/Linux distribution that specializes on Routing/Firewalling and Unified Threat Management. It is being developed by the Italian Endian Srl and the community....

, with Snort Inline Both Endian OS (Based on Red Hat Enterprise Linux)
Zentyal Both Ubuntu Server

  • NOTE: Checkpoint support a limited range of third-party modules from certified partners. Modules are integrated with Checkpoint firewalls through a platform named OPSEC

  • NOTE: WinGate 6.x supports 3rd party modules for data scanning only (e.g. antivirus and content filtering).

Non-Firewall extra features comparison

Those features are not strictly firewall features, but are sometimes bundled with firewall software, or exist on the platform.

NOTE: Features will be marked as "yes", even if it's separate module that comes with the platform, on which firewall sits.

IDS: real-time firewall that logs/sniffs/blocks suspicious connections, that are not part of rule-set.

VPN (Virtual Private Network) Types are: PPTP, L2TP, MPLS, IPsec, SSL/SSH.

Profile selection: The user is enable to switch fast between firewall settings for at work, home or in public places.
Can: NAT (static, dynamic w/o ports, PAT) IDS (Intrusion Detection System) VPN (Virtual Private Network) AV (Anti-Virus) Sniffer Profile selection
Juniper Networks IOS (supports three NAT types) (supports wireshark, tcpdump, IOS version)
Check Point (supports four NAT types) (with wireshark, tcpdump or FW-1 kernel inside dump "fw monitor" a powerful tool to determine many aspects of the connection before and after packet enters/leaves OS routing system
Cisco IOS (supports three NAT types) (some IOS versions) (some IOS versions)
Clavister (supports three NAT types) (supports Clavister Real-Time Log/Monitor and PCAP/Wireshark)
IPFilter (supports three NAT types) (with Prelude-IDS or Snort) (Native on Solaris, HP-UX. With third-party software on IRIX, BSD, Linux.) (with clamav) (with wireshark or tcpdump)
Linux OS (supports three NAT types) (with Prelude-IDS or Snort) (with openVPN) (with clamav) (with wireshark or tcpdump)
OpenBSD pf (supports three NAT types) (with Prelude-IDS or Snort) (with clamav) (with wireshark or tcpdump. "log" option logs in pcap format)
Vyatta
Vyatta
Vyatta manufactures an open source router/firewall/VPN product for Internet Protocol networks . A free download of Vyatta has been available since March 2006. The system is a specialized Debian-based Linux distribution with networking applications such as Quagga, OpenVPN, and many others...

(supports three NAT types) (integrated Snort) (IPsec and OpenVPN) (with wireshark or tcpdump)
Windows 7 (and Windows 2008 R2) (PAT, with Internet Connection Sharing) (with SPECTER) (McAfee, Symantec, etc.) (with wireshark) (public, private, home)
Windows Vista (PAT, with Internet Connection Sharing) (with SPECTER) (Limited to 1 client) (McAfee, Symantec, etc.) (with wireshark) (public, private)
Windows XP (PAT, with Internet Connection Sharing) (with SPECTER) (Limited to 1 client) (McAfee, Symantec, etc.) (with wireshark)
WinGate
Wingate
-Places:In New Zealand:* Wingate, New Zealand, A suburb of Lower HuttIn the United Kingdom:* Wingate, County Durham* Old Wingate, County Durham* Wingates, Bolton, Greater ManchesterIn the United States:* Wingate, Indiana...

(with NetPatrol) (proprietary) (Kaspersky Labs) (filtered capturing to pcap format)
Endian Firewall
Endian Firewall
The Endian Firewall is an open source GNU/Linux distribution that specializes on Routing/Firewalling and Unified Threat Management. It is being developed by the Italian Endian Srl and the community....

(supports three NAT types) (with integrated Snort) (IPsec and openVPN) (with clamav,Sophos Antivirus (optional) ) (with wireshark or tcpdump)
Zentyal (static, PAT) (with wireshark or tcpdump)

External links

The source of this article is wikipedia, the free encyclopedia.  The text of this article is licensed under the GFDL.
 
x
OK