I am new to firewalls, and after doing much reading here I`ve found that there are application and/or rules based firewalls. Can someone explain the difference between them,and possibly the advantages of one over the other? also ,is there someplace that lists which firewalls are application or rules based or both? Thanks for any guidance, A.J.

Hi arj1,

Some reading: http://www.wilders.org/firewalls.htm
for you while our firewall experts think about an answer. ;)

Regards,

Pieter

Thanks Pieter, I thought I had read all that Wilders had on firewalls.. Somehow had missed this one...
I`m learning...

arj1

Hi arj1

Application based firewalls will usually allow traffic based on rules permitting only those applications you approve to connect to the network/Internet. They will usually allow any traffic by these approved applications.

Rule based firewalls allow you define what traffic will be permitted to the network/Internet. With rules, you can specify the protocols, source/destination address, source/destination ports that will be allowed or denied.

Most newer software firewalls are now a combination of both. Allowing you to authorize only the applications you wish to connect , as well as being able to define specific rules for those applications or the system in general.

ZA free is the closest to being just an application based firewall. The majority of others have rules capability allowing for more control over what is permitted. Some more than others.

Regards,

CrazyM

Thanks CrazyM, Then would a combination of both be the better way to go?... for a beginner to learn more about rules.. I think I saw Sygate listed that way and Outpost..

arj1

-{ Quote: " quoting: CrazyM link=board=23;threadid=13168;start=0#msg84501 date=1062449283]
Hi arj1

Application based firewalls will usually allow traffic based on rules permitting only those applications you approve to connect to the network/Internet. They will usually allow any traffic by these approved applications.

Rule based firewalls allow you define what traffic will be permitted to the network/Internet. With rules, you can specify the protocols, source/destination address, source/destination ports that will be allowed or denied.

Most newer software firewalls are now a combination of both. Allowing you to authorize only the applications you wish to connect , as well as being able to define specific rules for those applications or the system in general.

ZA free is the closest to being just an application based firewall. The majority of others have rules capability allowing for more control over what is permitted. Some more than others.

Regards,

CrazyM
" }-

CrazyM,
If I`m reading this correctly,application based firewalls will allow any traffic as you said,by these approved applications. Isn`t IE an application that would have to be approved? In that case IE would allow any traffic through on that type of firewall. Zonealarm as you said is that type of firewall ,but I didn`t think that it would allow any traffic through.. I know I must be missing something here.. (probably my brain)...Thanks for posting.

arj1

-{ Quote: " quoting: arj1 link=board=23;threadid=13168;start=0#msg84590 date=1062468404]CrazyM,

If I`m reading this correctly,application based firewalls will allow any traffic as you said,by these approved applications. Isn`t IE an application that would have to be approved? In that case IE would allow any traffic through on that type of firewall. Zonealarm as you said is that type of firewall ,but I didn`t think that it would allow any traffic through.. I know I must be missing something here.." }-

Hi arj1,

We might just have a wording or a definition problem here... What CrazyM was saying is that with the simpler application based firewalls, you either allow a program to have Internet access or you don't. If you give them that access, then they are free to use whatever protocols and ports that they want, without the fine tuning that is possible in the more advanced firewalls.

From the way you've asked the above question, I'm wondering what exactly your concern is, especially with IE and "allow any traffic through". Can you explain that a little more so we can be sure we're all talking about the same thing?

Just as an aside, Zone Alarm Plus and Zone Alarm Pro have a full combination of application and rule based controls, so the fine tuning that is mentioned above can be done in those software firewalls.

-{ Quote: " quoting: LowWaterMark
From the way you've asked the above question, I'm wondering what exactly your concern is, especially with IE and "allow any traffic through". Can you explain that a little more so we can be sure we're all talking about the same thing?

Just as an aside, Zone Alarm Plus and Zone Alarm Pro have a full combination of application and rule based controls, so the fine tuning that is mentioned above can be done in those software firewalls.
-{ Quote: "" }-

Hi LowWaterMark,
The reason for my concern about "allow any traffic through"
was due to the statement by CrazyM"They will usually allow any traffic by these approved applications."Well, I didn`t think that was doing much good to allow anything through..Keep in mind I know nothing about this as you probably can tell.
I think you`ve helped me out on that one though with your comment about "rule based controls" along with application firewalls such as zonealarm.
Is there any particular firewall you could recommend that I could start out simple and as I learn more about it could progress to more advanced controls?

Thank You again, arj1

-{ Quote: " quoting: arj1 link=board=23;threadid=13168;start=0#msg84778 date=1062547040]The reason for my concern about "allow any traffic through" was due to the statement by CrazyM "They will usually allow any traffic by these approved applications."Well, I didn`t think that was doing much good to allow anything through..Keep in mind I know nothing about this as you probably can tell." }-

Well, in many regards I agree with you. A firewall that allows you simply to either approve an application or block it, with no ability to restrict it in certain subtle ways, does not give you a great deal of control. (Especially for those of us who are control freaks, like myself. ;) ) However, many people have no problem with this. They say that if they are going to trust an application, such as, oh a media player perhaps, then they are going to trust it completely. If they didn't trust it, they wouldn't install it or use it at all.

That's fine, too. But, I must say I do like to have more granular control. For example, I use Outlook Express for my ISP email (POP3 and SMTP). I want it to go to only a specific list of approved email servers and only on the ports required. I do not want it to be able to hit some Internet site that's linked inside an HTML based email message or do anything but email. So, in my firewall I limit the servers and ports it can use. I trust it - but only up to a point. You can see how I accomplished this using ZA+ and ZAP in this thread (http://www.wilderssecurity.com/showthread.php?t=3899).

-{ Quote: "I think you`ve helped me out on that one though with your comment about "rule based controls" along with application firewalls such as zonealarm. Is there any particular firewall you could recommend that I could start out simple and as I learn more about it could progress to more advanced controls? " }-

There are of course many firewalls available. I use Zone Alarm Pro myself, and I would recommend it (or Zone Alarm Plus) to you only because I know it and I could advise you on using it. However, Sygate is another of the same type and there are people here who can also advise you on that. And, there are others available. My advice would be to take advantage of the free trials available and try out a few different ones. (But, don't ever install more than one at a time! Install one. Try it. Deinstall it fully, and verify if needed before installing the next.)